[RSS] Everyday #Ghidra: Symbols -- Automatic Symbol Acquisition with Ghidra -- Part 2

https://clearbluejar.github.io/posts/everyday-ghidra-symbols-automatic-symbol-acquisition-with-ghidra-part-2/

@DerFetzer Thank you, thiserror is actually part of the material I'm working on, but comparing alternatives has been on my TODO list!

[RSS] An Initial Analysis of Adobe ColdFusion CVE-2024-53961

https://www.hoyahaxa.com/2024/12/an-initial-analysis-of-cve-2024-53961.html

[RSS] ghidralib - A Pythonic Ghidra standard library

https://github.com/msm-code/ghidralib

#Ghidra

[RSS] Exploiting Second Order SQL Injection with Stored Procedures

https://www.netspi.com/blog/technical-blog/web-application-pentesting/second-order-sql-injection-with-stored-procedures-dns-based-egress/

[RSS] A functionally complete decompilation of LEGO Island (1997)

https://github.com/isledecomp/isle

[RSS] Starship, Star Fox 64 recompilation project

https://github.com/HarbourMasters/Starship

OK, this is my summary for today

#Rust

Hewlett Packard report that they are spotting AI-generated malware in the wild, not through complex analysis or watermarking, but because… it is weirdly well-commented. https://threatresearch.ext.hp.com/wp-content/uploads/2024/09/HP_Wolf_Security_Threat_Insights_Report_September_2024.pdf

I'm at about third of the 100 #Rust exercises and I think we just got to the "Draw the rest of the fucking owl" part 🖊

I find CVE-2024-40896 (Raptor/libxml2 XXE) very educational:

Based on the analysis[1] it's a nice example of Chesterton’s Fence[2], while its discovery[3] underlines the importance of automated testing for regressions and known dangerous behavior.

[1] https://www.openwall.com/lists/oss-security/2024/12/25/2 (thx @alexandreborges for sharing!)
[2] https://fs.blog/chestertons-fence/
[3] https://gitlab.gnome.org/GNOME/libxml2/-/issues/761

CVE-2024-40896 Analysis: libxml2 XXE due to type confusion

https://www.openwall.com/lists/oss-security/2024/12/25/2

#cve #linux #libxml2 #xxe #vulnerability #exploitation #bug #typeconfusion

@malwarejake duh?

7/ Finland has visually confirmed that the ship Eagle S had it's anchor down and is now missing it's anchor.

6/ Finnish Police have boarded the Eagle S oil tanker and a 3km no-fly zone has been announced in the area.

Finland suspects that the oil tanker caused the damage to the Estlink 2 cable and other cables.

https://yle.fi/a/74-20133526

3/ Finnish police said on Thursday they are investigating whether a foreign ship was involved in the damage of an undersea power cable connecting #Finland and #Estonia following a sudden outage on Wednesday.

https://www.reuters.com/world/europe/finland-police-investigate-role-foreign-ship-after-power-cable-outage-2024-12-26/

#Ukraine #Russia

Safe #Rust AIN'T SAFE!? (cve-rs explainer)

https://youtu.be/vfMpIsJwpjU

@raptor I'm working myself through https://rust-exercises.com/100-exercises/ right now :)

Can't wait for your recommendations!

🤣🤣🤣
[CVE-2024-40896][libxml2] XXE protection broken in downstream code
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6

"...bug should occur if you compile libraptor with the commit above and libxml2 2.11 or greater."

PoC:
https://git.libreoffice.org/core/+/cdda6533b44333b18d3dc6306dfd0f7058e40b32/unoxml/qa/unit/data/cve_2012_0037.rdf

🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄
As always, we at @starlabs_sg are sharing what we learnt. This time, it's brought to you by Cherie-Anne Lee

https://starlabs.sg/blog/2024/all-i-want-for-christmas-is-a-cve-2024-30085-exploit/