Of course, the wisdom of James Mickens applies:

https://www.usenix.org/system/files/1401_08-12_mickens.pdf

@Viss @steely_glint it's a pretty explicit way to uncover connections too

Android Virtualization Framework - runs the "host" (Android and Linux kernel) in a VM and launches isolated envs. (= pVMs). Based on KVM but offloads complex code to the host VM. pVM firmware is in Rust
- https://www.youtube.com/watch?v=K24dmA7QGLE
- https://source.android.com/docs/core/virtualization/security
- https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/aml_con_341511080/pvmfw/

https://bird.makeup/@lauriewired/1832541105390547456

From the WTAF dept: 3 killed, > 1,000 wounded in Beirut by exploding pagers:

"BEIRUT, Sept 17 (Reuters) - At least three people were killed and more than 1,000 others including Hezbollah fighters, medics and Iran's envoy to Beirut were wounded on Tuesday when the pagers they use to communicate exploded across Lebanon, security sources told Reuters.

A Hezbollah official, speaking on condition of anonymity, said the detonation of the pagers was the "biggest security breach" the group had been subjected to in nearly a year of conflict with Israel."

https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/

via @dangoodin

@briankrebs

NYT: Lebanon's health minister, Firas al-Abyad, said in a press conference that eight people were killed by exploding paging devices and at least 2,780 were wounded, including 200 in serious condition.

https://www.nytimes.com/live/2024/09/17/world/israel-hamas-war-news/c1da8115-a99a-5962-9a47-87e3972a72bc

The web Hackvertor now has all of the tags to conduct email parser discrepancies attacks.

https://hackvertor.co.uk/

Ok, my article on porting the SBCL common #lisp implementation to the nintendo #switch is now live:

https://reader.tymoon.eu/article/437

Boosts would be much appreciated! It's been a lot of work to get this far.

#opensource #gamedev #indiedev

This is your monthly reminder that JetBrains still hasn't assigned any CVEs to their "3 security problems have been fixed" for TeamCity version 2024.07.2 released 29 August 2024. No new CVEs since 16 August 2024.

#jetbrains #teamcity #vulnerability

@joxean @raptor I never thought it was but I'm not an AI expert...

@raptor I still stand by my hypothesis that LLM's may be useful if their output is easy to verify. 1 LoC should be easy enough to verify.

I'd like to share some of my projects that are hosted on @github. Let's start with my public #exploits that span more than two decades of #pwning.

https://github.com/0xdea/exploits

"You can't argue with a root shell." -- Felix "FX" Lindner

Probably the most known is raptor_udf.c that targets #MySQL (those of you who solved the @offsec #OSCP training labs should recognize it).

My favorite is still raptor_rlogin.c, a glorious #Solaris #RCE from the early 2000s. Take your pick!

"What you think of Oracle _is even truer_ than you think it is!" - Bryan M. Cantrill[1]

Ellison Declares Oracle 'All In' On AI Mass Surveillance

https://developers.slashdot.org/story/24/09/16/213256/ellison-declares-oracle-all-in-on-ai-mass-surveillance

[1]https://youtu.be/-zRN7XLCRhc?si=FAsYQN2_Xoelkzlp&t=2048

i'm sorry, what??? https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0

[RSS] Reasons for the unreasonable success of fuzzing (Halvar Flake, Google Slides)

https://docs.google.com/presentation/d/1vw9lywrMnNojiOIu-xU5KXZz7WzE0MYNQF6V7n6vyY8/edit#slide=id.g2768ca7ef44_0_65

Following Summoning Team's accusation that Horizon3 published a vulnerability details and proof of concept for the wrong CVE, Horizon3 updated their blog post: CVE-2023-28324 Deep Dive: Ivanti Endpoint Manager AgentPortal Improper Input Validation

We initially wrote this post in reference to CVE-2024-29847, however this post actually describes CVE-2023-28324. We had incorrectly assumed that the SU5 update was comprehensive which resulted in us mistaking CVE-2023-28324 for CVE-2024-29847. The content of this blog has been updated accordingly.

h/t: @buherator cc: @cR0w

[RSS] Exploiting Microsoft Kernel Applocker Driver (CVE-2024-38041)

https://csa.limited/blog/20240916-Exploiting-Microsoft-Kernel-Applocker-Driver.html

[RSS] Mapping Mainframe Memory Made Easy

https://www.netspi.com/blog/technical-blog/mainframe-penetration-testing/mapping-mainframe-memory/

On some level I think people become stronger engineers by running their own databases for a time. Pulling back the cover and seeing the hidden complexity can breed an understanding that serves folks well.

Obviously not a requirement--but something to consider.

@joxean I only do that after the presentation is out the door, so "final" marks the doc I sent/presented/... instead of the one I _may_ present in the future.

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/