Just published a deep dive on how we have made it possible to debug the kernel with drgn, without installing any debuginfo packages, on Oracle Linux.

This is a really cool feature that we're in the middle of upstreaming, so it's not quite present in drgn's main branch. However the article has links to all the relevant code, PRs, and issues, so you can see the process in real time, and learn how to get it working on other kernels/distros.

https://blogs.oracle.com/linux/post/introducing-ctf-support-in-drgn-for-oracle-linux

#Hacking is not just #OldSchool tooling and techniques. Modern #MobileApps are a fun target for #ReverseEngineers and #Pentesters alike. A fundamental tool to properly hack mobile apps is @fridadotre by @oleavr.

We continue our tour of my @github projects with my humble contributions to this field:
https://github.com/0xdea/frida-scripts

For a well-maintained project that includes some of my #Frida scripts, check out #Brida by @apps3c and Piergiovanni Cipolloni:
https://github.com/federicodotta/Brida

And even after many years, if you search for well-crafted Frida scripts to bypass certificate pinning or root detection, there’s a very good chance that you’ll stumble upon the work of some of my colleagues… Very proud of my team at @hnsec!

https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html Finally have my public post up on the bug I found in dav1d last year.

"Best email money can buy" product Zimbra has an embarrassingly bad vulnerability: CVE-2024-45519

The vulnerable code appends the attacker-provided email address to a command line and then runs it with popen() (which uses a shell). Guess what happens when the email address has a backticks, a semicolon, $(), etc?

What year is this?

Luckily the attack vector to get there (postjournal) isn't enabled by default, as there are exploitation attempts occurring in the wild:
https://infosec.exchange/@justicerage/113231837285277188

https://blog.projectdiscovery.io/zimbra-remote-code-execution/

As I am seeing some Medium links in my timeline today, and Medium is pretty annoying (pop-overs and all). So reminder that you can just replace:

> medium.com

…with:

> scribe.rip

In any Medium link and get a wonderful simple unobtrusive reading experience instead.

#Medium #ScribeRip #AlternativeFrontends

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz

https://blog.quarkslab.com/differential-fuzzing-for-cryptography.html

To get rich in a gold rush, sell shovels.

https://www.sonarsource.com/lp/solutions/ai-assurance-codefix/

Matt Levine brought to my attention this insider trading case involving a dude who hacked into company computer systems to get nonpublic info and then traded on it.
https://www.sec.gov/enforcement-litigation/litigation-releases/lr-26141

What's funny to me is the application of insider trading law to computer hacking.

I’ve been offered free credit monitoring at least 6 times in the last few years (still using my OPM one). How many breaches does it take before we prioritize real cybersecurity over cleanup offers? What's your free credit monitoring number?

Current #curl bug-bounty stats (since April 2019).

Reports: 475
Confirmed security issues: 73 (15%)
Identified bugs (but not security problems): 92 (19%)
Invalid: 310 (65%)

So what did I find in my EV-charger wifi-card?
Basically, it is a raspberry pi.
The SD-card contains goodies, like a private ssh-key that apparently gave me access to their jumphost (no restrictions in their shell either).

The NTP was also not configured, it also contained the entire bash-history, including all the "failed commands" and apparently a password to something.

I guess I'll spend some time on the phone tomorrow

#linux #infosec #bored

lmao, the FBI is mad that the Z-Library founders are having holidays

you can check this yourself here: http://z-lib.org

I do not think these people are cybercriminals. They are the best we got to help information preservation (next to the Internet Archive) in the 21st century.

The fact they had to mention that these people are Russian also strikes me as odd. They don't even seem to be government affiliated, I'm pretty sure the FBI would've said so if there was even a slight hint of that.

While OpenAI can freely use all copyrighted material and make billions off of it, these people giving it out for free are supposed “criminals”. Aaron Schwartz didn't die for this.