So this PoC for CVE-2024-49113 is indeed a thing.
https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/

Their writeup is confusingly worded in that it uses both the phrases "victim DC" and "any unpatched Windows Server (not just DCs)", in the same sentence nonetheless.

While the vul can be triggered by any lookup to a malicious LDAP server by any version of Windows, this particular PoC:
- Makes a MS-NRPC Netlogon Remote Protocol to talk to Windows Server, specifically DsrGetDcNameEx2, which gets info about the specified domain.
- Windows Server checks via DNS what LDAP server to talk to to get this info.
- Windows Server talks to the (malicious) LDAP server to service the request.
- The malicious LDAP server sends an unexpected LDAP referral value, causing LSASS.EXE, and subsequently Windows, to fall over.

It's perhaps important to note that CVE-2024-49113 is "just" a DoS, and CVE-2024-49112 is the more juicy RCE one. SafeBreach has indicated that they're still investigating what a full RCE chain might look like.

The fact that SafeBreach called their CVE-2024-49113 exploit "LDAPNightmare" is a bit deceptive, IMO, as CVE-2024-49112 is the thing of nightmares (CVSS 9.8). But hey, whatever gets clicks, amirite?

Does someone happen to have a copy of the tangara-hw git repo and could push it to Github? The official repo is 502ing right now

https://git.sr.ht/~jacqueline/tangara-hw

The back of the laptop will not come off :( :( :( no matter what I do :(

There is a diagram on the Lenovo site. They didn't seem to think this was important to include int he video, the video was just like "use caution". It's also baffling. There are "latches" that have to be "pried up". How do you "pry" a "latch". What does that mean. Does it mean apply force. Latch 3D simply will not unlatch and I can see new little-but-distinct creases forming in the aluminum back of the unit

@mcc Been there! Good know it's not just my English skills preventing me from getting these things open without breaking them!

@Sempf

@neurovagrant @futurebird While completely agree Defender's periodic scans can badly impact systems, esp. with HDD's, just like any other AV. My impression is that vendors put the bar for acceptable disk I/O pretty high assuming SSD's and no other disk-intensive jobs on consumer PC's.

As gas transfer via UA closed I'm heating the house with Ghidra.

New Project Zero issue:

Windows Kernel False File Immutability attack on registry hives via the Cloud Filter API

https://project-zero.issues.chromium.org/issues/42451734

CVE-2024-49114

Diving into ADB protocol internals:

part 01: https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12

part 02: https://www.synacktiv.com/en/publications/diving-into-adb-protocol-internals-22

#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering

Project: python/cpython https://github.com/python/cpython
File: Lib/ntpath.py:343 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Lib/ntpath.py#L343

def expanduser(path):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fntpath.py%23L343&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fntpath.py%23L343&colors=light

Progress security advisory: WhatsUp Gold Security Bulletin December 2024
@cR0w Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:

• CVE-2024-12105 (6.5 medium) authenticated information disclosure via specially crafted HTTP request
• CVE-2024-12106 (9.4 critical) unauthenticated attacker can configure LDAP settings
• CVE-2024-12108 (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

“This button vaporises the finger of anybody who presses it!”

“Why do you always focus on the negative? You critics should talk about the benefits of the Vaporiser2000™. Every press mints $100K USD. That’s an amazing societal benefit.”

“It mints it in the offices of those who make the button! The presser doesn’t get any. They’re using bribes and pressure to force the finger vaporisation onto others!”

“There you go again, focusing on the negative. This is why nobody takes critics seriously”

[RSS] Reko #decompiler version 0.11.6 released

https://github.com/uxmal/reko/releases/tag/version-0.11.6

[RSS] Linux KASLR Entropy

https://u1f383.github.io/linux/2025/01/02/linux-kaslr-entropy.html

I think everyone who has an opinion, positive or negative, about LLMs, should read how @simon summed up what’s happened in the space this year. He’s the most credible, most independent, most honest, and most technically fluent person watching the space. https://simonwillison.net/2024/Dec/31/llms-in-2024/

@buherator Fedi version, as requested - https://mastodon.social/@cfgbot

Cost of false positives | Kellan Elliott-McCrea: Blog
https://alecmuffett.com/article/110781
#OnlineHarms #OnlineSafetyAct #classifiers #ofcom