A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html

Ever wanted to know what data #PowerShell or other programs send to AMSI. I wrote a C# COM server implementation that logs this data as a JSON string. Had some fun learning more about COM and .NET AOT with this little project https://github.com/jborean93/AmsiProvider

@cR0w @Sempf @screaminggoat TIL IBM QRadar is built with Solr (at least it used to):
- https://www.ibm.com/support/pages/security-bulletin-apache-solr-used-ibm-qradar-siem-and-incident-forensics-vulnerable-denial-service-cve-2014-0050
- https://ssd-disclosure.com/ssd-advisory-qradar-remote-command-execution/

#PaloAltoNetworks
has just released a PANOS update, 10.2.13, which includes this interesting little fix. Looking at the portal logs from the management console or CLI I can't see any cleartext passwords being logged in regular or debug mode.

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-13-known-and-addressed-issues/pan-os-10-2-13-addressed-issues

Here's the slides to my PoC 2024 keynote "An insider perspective on the offensive industry": https://webdl.nso.group/OffIndustry-PDF.pdf

My apologies for the delay in publishing these.

@Techmeme mild shock...

Astalavista.com - Security Community - Relaunch 2024 https://forum.astalavista.com

To understand the reality of today both in tech and society as a whole it is important to realize the *adult people can't fucking read*

https://www.oecd.org/en/publications/survey-of-adults-skills-2023-country-notes_ab4f6b8c-en/hungary_c8c395ed-en.html

(Check below for more countries)

The 7 Coolest Mathematical Discoveries of 2024
https://www.scientificamerican.com/article/the-7-coolest-mathematical-discoveries-of-2024/?utm_source=flipboard&utm_medium=activitypub

Posted into Scientific American @scientific-american-SciAm

Hear ye hear ye

The following instances will be offline briefly on Saturday, December 14 from 9am ET / 2pm UTC for approxmately 10 minutes:
infosec.exchange
infosec.town
infosec.pub
pixel.infosec.exchange
books.infosec.exchange
matrix/element.infosec.exchange
relay.infosec.exchange
meetup.infosec.exchange
video.infosec.exchange
infosec.press
infosec.place
fedia.io
fedia.social
elk,.infosec.exchange
infosec.space
convo.casa

The servers supporting these instances require a reboot. The Dell servers these instances run on take a very long time to boot, so I am estimating 10 minutes of downtime. It could be more, could be less.

We use live patches to minimize reboots needed for patching, however Ubuntu only provides livepatch support for a year, which is how long most of these systems have been running for.

In his latest blog, ZDI researcher Piotr Bazydło covers a pre-auth Arbitrary File Deletion vulnerability he discovered in the SolarWinds Access Rights Manager (ARM). It may not sound exciting, but it can lead to a local privilege escalation on domain-joined Windows machines. Read the details at https://www.zerodayinitiative.com/blog/2024/12/11/solarwinds-access-rights-manager-one-vulnerability-to-lpe-them-all

@mttaggart "Security is a Specialization" <- this 1000x

It's time for everybody's favorite: unsolicited advice!

In which I discuss the reality of the cybersecurity jobs market, and what you really should be doing to improve your chances.

https://taggart-tech.com/20241212-2025-jobs-guide/

@mainframed767 @racingmars "business-y sounding report" -> I'm sorry but I'm triggered by this... "business-y" content is wasting my time, and IMO if someone prefers that instead of an on-point, although stylisticly imperfect report, it's the reader's problem not the writer's.

Citrix Denial of Service: Analysis of CVE-2024-8534 https://www.assetnote.io/resources/research/citrix-denial-of-service-analysis-of-cve-2024-8534

@cR0w Yeah I wonder if anyone tracks the frequency and impact of its bugs when doing supply chain analysis...

Apache incubator projects have always been gold mines, but Solr stands out based on the traffic it generates on Full-Disclosure...

Fixed the OpenGraph image on Shazzer it was bugging me. Then did a normalization vector to test it!

https://shazzer.co.uk/vectors/675add23a8574986b36cc848

Forget PSEXEC: DCOM Upload & Execute Backdoor
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor

#frombsky

I can't seem to get WebView2 working in a Visual Studio extension, so I'm dropping that effort for now.

If anyone knows how to do this, or actually wants Function-Graph-Overview in Visual Studio, let me know!