[RSS] A design flaw in the Windows 3D Pipes screen saver pointed out by a customer

https://devblogs.microsoft.com/oldnewthing/20241224-00/?p=110675

[RSS] Everyday #Ghidra: Symbols -- Automatic Symbol Acquisition with Ghidra -- Part 2

https://clearbluejar.github.io/posts/everyday-ghidra-symbols-automatic-symbol-acquisition-with-ghidra-part-2/

@DerFetzer Thank you, thiserror is actually part of the material I'm working on, but comparing alternatives has been on my TODO list!

[RSS] An Initial Analysis of Adobe ColdFusion CVE-2024-53961

https://www.hoyahaxa.com/2024/12/an-initial-analysis-of-cve-2024-53961.html

[RSS] ghidralib - A Pythonic Ghidra standard library

https://github.com/msm-code/ghidralib

#Ghidra

[RSS] Exploiting Second Order SQL Injection with Stored Procedures

https://www.netspi.com/blog/technical-blog/web-application-pentesting/second-order-sql-injection-with-stored-procedures-dns-based-egress/

[RSS] A functionally complete decompilation of LEGO Island (1997)

https://github.com/isledecomp/isle

[RSS] Starship, Star Fox 64 recompilation project

https://github.com/HarbourMasters/Starship

OK, this is my summary for today

#Rust

Hewlett Packard report that they are spotting AI-generated malware in the wild, not through complex analysis or watermarking, but because… it is weirdly well-commented. https://threatresearch.ext.hp.com/wp-content/uploads/2024/09/HP_Wolf_Security_Threat_Insights_Report_September_2024.pdf

I'm at about third of the 100 #Rust exercises and I think we just got to the "Draw the rest of the fucking owl" part 🖊

I find CVE-2024-40896 (Raptor/libxml2 XXE) very educational:

Based on the analysis[1] it's a nice example of Chesterton’s Fence[2], while its discovery[3] underlines the importance of automated testing for regressions and known dangerous behavior.

[1] https://www.openwall.com/lists/oss-security/2024/12/25/2 (thx @alexandreborges for sharing!)
[2] https://fs.blog/chestertons-fence/
[3] https://gitlab.gnome.org/GNOME/libxml2/-/issues/761

CVE-2024-40896 Analysis: libxml2 XXE due to type confusion

https://www.openwall.com/lists/oss-security/2024/12/25/2

#cve #linux #libxml2 #xxe #vulnerability #exploitation #bug #typeconfusion

@malwarejake duh?

7/ Finland has visually confirmed that the ship Eagle S had it's anchor down and is now missing it's anchor.

6/ Finnish Police have boarded the Eagle S oil tanker and a 3km no-fly zone has been announced in the area.

Finland suspects that the oil tanker caused the damage to the Estlink 2 cable and other cables.

https://yle.fi/a/74-20133526

3/ Finnish police said on Thursday they are investigating whether a foreign ship was involved in the damage of an undersea power cable connecting #Finland and #Estonia following a sudden outage on Wednesday.

https://www.reuters.com/world/europe/finland-police-investigate-role-foreign-ship-after-power-cable-outage-2024-12-26/

#Ukraine #Russia

Find your first zero-day vulnerability!

In this article, we want to share a step-by-step guide on how to run American Fuzzy Lop ++ (AFL++) to fuzz an open source target.
https://www.hackers-arise.com/post/exploit-development-fuzzing-with-american-fuzzy-lop-afl-to-find-zero-day-vulnerabilities
#AFL #Fuzzing #Hacking #ZeroDay

Safe #Rust AIN'T SAFE!? (cve-rs explainer)

https://youtu.be/vfMpIsJwpjU

@raptor I'm working myself through https://rust-exercises.com/100-exercises/ right now :)

Can't wait for your recommendations!