The full schedule for #Pwn2Own Vancouver 2023 is now available! We have 19 entries targeting 9 targets, including 2 #Tesla attempts and a SharePoint RCE. Read the details at https://www.zerodayinitiative.com/blog/2023/3/21/pwn2own-vancouver-schedule-2023
Success! AbdulAziz Hariri of Haboob SA completed his attack against Adobe Reader using a 6-bug logic chain exploiting multiple failed patches which escaped the sandbox and bypassed a banned API list. He earns $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OVancouver
scare - Simple Configurable Assembly REPL && Emulator
I wrote this for people who want to write/test/play with various assembly architectures on the command line. Currently supports x86, x64, arm32, arm64 with plans for more architectures and modes.
New blogpost by @FuzzySec
and I! Patch Tuesday -> Exploit Wednesday: Pwning Windows afd.sys in 24 Hours. We reverse engineer a bug + write an exploit using a cool new primitive. We also find out that it's been exploited in the wild (previously unknown).
Our story from last week, on the GRU agent caught in the Netherlands in 2018 who's now leading Sandworm, stirred up the years-old question of why the Dutch released him at the time:
https://www.wired.com/story/russia-gru-sandworm-serebriakov/
I spoke to a former Dutch official close to intelligence and updated the story with an answer.
It's amusing to me that star trek imagined a world where an AI faces social rejection because he's rational, fact based, literal, fiercely/dogmatically moral, and struggles with social nuance. But here in reality we invented AIs that have no concept of truth, give zero fucks about accuracy, have no rationality, and can't do math, but match vibes and tone nearly perfectly.
The first artificial person will not be an autistic science officer. It'll be an extremely allistic salesbro or politician.
Outstanding work by @doyensec as usual 👏
#Windows Installer EOP (CVE-2023-21800)
https://blog.doyensec.com//2023/03/21/windows-installer.html
My latest: a deep dive on why no, Bitcoin isn't pumping because it's a "safe haven" from banks. Please for the love of god stop printing nonsense.
https://newsletter.mollywhite.net/p/no-bitcoin-isnt-pumping-because-its
My new book "Arm Assembly Internals & Reverse Engineering" is up for pre-order!
Save the date for the official launch: May 9th.
Can't wait for you to dive into the world of Arm Assembly!
Check out the official book page for more info:
https://arm-assembly.com
Very surprised to see that there are no browser entries (on ANY browser) at Pwn2Own this year.
The perfect blog post doesn’t ex… https://newsletter.mollywhite.net/p/the-venture-capitalists-dilemma
@GossiTheDog Did you see over at the bird site the discussion regarding Acropalypse? Looks like the Snip tool in Windows has the same issue as the Google Pixel. Snip something with it, then crop the resulting file with the Snip tool. You should see as I did that the file size stays exactly the same. The original data of the file isn’t removed when it’s overwritten. Hard to believe how long it takes to find these issues. I tested on Windows 11 latest insider beta release.
Another #interview dropped! With @maxpl0it, a Senior Vulnerability Researcher at Interrupt Labs.
"So my first actual CVE was probably in 2017/2018...It was a format string bug in a restricted CLI of a router."
https://medium.com/@xnomas/maxpl0it-interview-with-a-security-researcher-fe75969010e7
We talk about #VulnerabilityResearch, max's journey and some good advice on #MentalHealth.
Liked the #article? Share it, it helps a lot!
We are excited to share a #PluginFocus blog post from Chris Eagle – the author of the IDA Pro Book! In this article, he introduces his #SK3wldbg plugin. It is worthwhile reading it 🌐 https://hex-rays.com/blog/plugin-focus-sk3wldbg/?utm_source=Social-Media-Post&utm_medium=Mastodon&utm_campaign=Plugin-Focus-SK3wldbg
Even though JMX exploitation is generally perceived to be comprehensively understood, we were able to find new universal exploitation techniques & one of them allows to gain instant Remote Code Execution using TemplatesImpl. Read all about @mwulftange's and @qtc's recent discoveries, which have already been implemented in #beanshooter: https://codewhitesec.blogspot.com/2023/03/jmx-exploitation-revisited.html
Nice #hypervisor #vulnerability!
#Parallels Desktop Toolgate Vulnerability (CVE-2023-27326)
https://blog.impalabs.com/2303_advisory_parallels-desktop_toolgate.html
Full #exploit is here: https://github.com/Impalabs/CVE-2023-27326
CVE-2023–26604: #systemd before 247 does not adequately block local privilege escalation for some #Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because #less executes as root when the terminal size is too small to show the complete systemctl output.
https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7