A Formal Analysis of SCTP: Attack Synthesis and Patch Verification

RE: https://infosec.exchange/@kaoudis/112966710334172131

https://www.usenix.org/conference/usenixsecurity24/presentation/schilling this looks like if viable for real world use, something that could make binary-only target thread sanitization checks possible. I love how accessible sanitizers are; they’re the gateway drug of llvm instrumentation. I am also looking forward to reading this~

https://www.usenix.org/conference/usenixsecurity24/presentation/feng-siyue taint analysis across traces to see how well patches did at fixing vulns, but with a fancy Bloom filter to see if a particular code path has been hit before (I look forward to reading this)

https://www.usenix.org/conference/usenixsecurity24/presentation/bulekov this hypervisor emulation and fuzzing tool also looks really interesting and I’m looking forward to trying it out

https://www.usenix.org/conference/usenixsecurity24/presentation/qi System-level emulation and instrumentation is generally slow, but there’s a neat insight into when instrumentation *isn’t* necessary and what basic blocks to not instrument for QEMU-based system-level concolic execution in this work!

https://www.usenix.org/conference/usenixsecurity24/presentation/schl%C3%BCter the threat model (not the written out one in the paper, which is seemingly to me at least somewhat disjoint from what I understand from what I am hearing) that underlies this work is interesting; it points out that blindly trusting the hypervisor as part of trusting the cloud provider may not be in the best interest of operators of a VM (or a confidential VM using a TEE)

Tired of using your own tongue to test 9V batteries???
👅👅👅🔋🔋🔋 ouch!

Honored and humbled to announce my latest product:

[RSS] Instead of putting a hash in the Portable Executable timestamp field, why not create a separate field for the hash?

https://devblogs.microsoft.com/oldnewthing/20240815-00/?p=110131

MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://jjensn.com/at-home-in-your-firmware

@cinimodev @stevelord We have exactly this discussion internally rn about one of our users.

The most likely issues seem to be:
- Anti-virus software
- Note that this will mostly show up as I/O load, but ppl tend to misdiagnose the problem and keep buying RAM. Wrong diagnosis of other perf sinks/bottlenecks also likely result in RAM expansion (and placebo effect).
- Quantitly and quality of browser tabs and extensions, e.g. Slack is known to consume insane resources
- Other Windows bloatware

@north run? more seriously: learn how things *work*, don't just use tools. have a home lab, run services, write code.

Enjoy the old sch00l lulz:
Fuck You Ilfak - A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader

https://github.com/gdbinit/fuckyouilfak

@osxreverser love the nfo <3

Nice to see this "I can't use 20% of all websites" level bug getting fixed after *checks notes* 6 years in Chromium:

https://issues.chromium.org/issues/41314367

Microsoft fixed CVE-2024-38213 last Tuesday. It was discovered in the wild by ZDI threat hunter @gothburz. Today, he makes the details of the vulnerability and how it's being used by threat actors. https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections

H/T to exploits.club for the previous BH posts, their newsletter is pretty cool!

Bugs of Yore: A Bug Hunting Journey on VMware's Hypervisor

https://i.blackhat.com/BH-US-24/Presentations/US24-Sialveras-Bugs-Of-Yore-Wednesday.pdf

#BHUSA2024 #BHUSA24

PageJack: A Powerful Exploit Technique With Page-Level UAF

https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf

#BHUSA2024 #BHUSA24

Super Hat Trick: Exploit Chrome and Firefox Four Times

Slides: https://i.blackhat.com/BH-US-24/Presentations/US24-Xiao-Super-Hat-Trick-Exploit-Chrome-and-Firefox.pdf
Whitepaper: https://i.blackhat.com/BH-US-24/Presentations/US24-Xiao-Super-Hat-Trick-Exploit-Chrome-and-Firefox-Four-Times-wp.pdf

#BHUSA2024 #BHUSA24

Two days ago, NIST finalized three post-quantum cryptography standards. Today, we are announcing an open-source Rust implementation of one of these standards, SLH-DSA, now available in RustCrypto! https://blog.trailofbits.com/2024/08/15/we-wrote-the-code-and-the-code-won/