#OpenSSH 9.9 has been released: https://www.openssh.com/txt/release-9.9

The significant new feature is support for post-quantum mlkem768x25519-sha256 KEX as specified in https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03

#pqcrypto #postquantumcryptography

gaining access to anyones browser without them even visiting a website

https://kibty.town/blog/arc/

Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

https://github.com/0xdea/tactical-exploitation

"The Other Way to Pen-Test" -- @hdm & @Valsmith

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.

Crowdstrike is telling Falcon users not to install macOS Sequoia.

Apple's New macOS Sequoia Update Breaking Major Security Tools https://it.slashdot.org/story/24/09/19/1851232/apples-new-macos-sequoia-update-breaking-major-security-tools?utm_source=rss1.0mainlinkanon

Couldn't let #talklikeapirateday happen without a little bit of #pc #ansi #art to commemorate.
Here's a little sketch of perhaps my number one fave pirate, Guybrush Threepwood :) arrrr! /piratevoice

In part 3 of his series on exploiting #Exchange #Powershell after ProxyNotShell, ZDI researcher @chudypb chains 3 bugs that lead to RCE, mainly by abusing the single-argument constructor conversions. Read the details at https://www.zerodayinitiative.com/blog/2024/9/18/exploiting-exchange-powershell-after-proxynotshell-part-3-dll-loading-chain-for-rce

Someone asked me to explain the whole supply chain, shell company, pager scenario to them in simple, anyone terms. I said in a nutshell, the coyote and rest of us watching learned that the roadrunner owned the Acme company.

Ruby-SAML pwned by XML signature wrapping attacks - https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/ #ruby #rails #sso #saml

A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data.

https://www.bleepingcomputer.com/news/technology/ftc-exposes-massive-surveillance-of-kids-teens-by-social-media-giants/

CISA: CISA Adds One Known Exploited Vulnerability to Catalog (link updated)
HOT OFF THE PRESS! CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability.

#cisa #kev #knownexploitedvulnerability #zeroday #vulnerability #CVE_2024_8963 #activeexploitation #eitw #ivanti #ivanticsa

WHO Cybersecurity Operations Engineer position available:

https://careers.who.int/careersection/ex/jobdetail.ftl?job=2406981&tz=GMT%2B02%3A00&tzname=Europe%2FZurich

It's in Budapest

#fedijob #fedijobs #position #blueteam

Cat's out of the bag: I am pursuing a native FIPS 140-3 validation for the Go standard library.

Trying to do it right, making it seamless and without compromising on security.

First time a Go module is validated. Wish me well. And consider sponsoring!

https://go.dev/issue/69536

Want to move to Real World Binary Exploitation? Grab this last opportunity of the year and register to my Windows Exploit Engineering Foundation training at #hexacon https://www.hexacon.fr/trainer/halbronn/

https://2024.issta.org/details/issta-2024-papers/89/Better-Not-Together-Staged-Solving-for-Context-Free-Language-Reachability

This is a super interesting approach to figuring out how to nagivate paths through parsers written to accept context free languages, when the grammar of the parser is known: break up the grammar into parts and do different complimentary stages of CFG exploration based on those parts of the original grammar

Our latest blog post 📜 shows application developers effective steps they can take to 🛑prevent attacks in a world of rich media client interactions. 👀 Check it out now to learn how to protect your apps!

https://blog.doyensec.com/2024/09/19/phishing-case-study.html

#doyensec #appsec #security #DevOps #developers