[RSS] An SSRF to LFI Payload for PDF Generators (CVE-2024-34112 and beyond)

https://www.hoyahaxa.com/2025/01/an-ssrf-to-lfi-payload-for-pdf.html

Does anybody know how to prevent #clang from issuing calls to libc functions like `memset` in this case when compiling C programs? I have tried I don't know how many command line arguments to try to disable it but none worked at all.

Here you have an example program in #godbolt: https://godbolt.org/z/jheYoPWzj

These are the command line arguments I've tried to disable it:

-ffreestanding -disable-simplify-libcalls -fno-builtin -nostdinc -nostdlib -fno-builtin-memset -nostdlib++ -nostdinc++

Any idea?

Added the overlay-note-region-name-pending feature to the demo behind a feature-flag.

You can play with them at https://tmr232.github.io/function-graph-overview/?showRegions

Use `cfg-overlay-start: message` and `cfg-overlay-end` comments to denote the start and end of a region.

In one of the most "on brand" things I could write, here's an interview with Dan Keyworth, Director of Business Technology at McLaren Racing on how how the 2024 F1 World Constructor's Champions keep vast amounts of data and tech secured against cyber threats.

“We’ve got 200 people travelling around the world at any one time to 24 different races who, when they try to do something genuine, may look like they’re a threat to our organization,” says Keyworth.

“We’ve got to learn the different network behaviors they’re using when they’re on the road, for our business to recognize it as normal behavior when typically for other businesses, that’s abnormal behavior."

#cybersecurity #F1

https://darktrace.com/the-inference/in-conversation-with-dan-keyworth-mclaren-racing

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab34cc8

GetVbaInfoAtom

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab34cc8.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab34cc8.json&colors=light

mitmproxy 11.1 is out! 🥳

We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.

On Linux, this is done using eBPF and https://aya-rs.dev/, more details are at https://mitmproxy.org/posts/local-capture/linux/. Super proud of this team effort. 😃

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a38b270

MemScanEnumProcesses

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a38b270.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a38b270.json&colors=light

"Even if I wanted to improve the app, I really didn't understand how to achieve the increasingly difficult goal I was aiming for. So, rather than writing an automation script that helped me skip over /the hard details/ I focused on learning the science I was trying to ignore."

https://seclists.org/dailydave/2025/q1/3

#fuzzing #llm

CONFIRMED: Facebook has *banned* anyone from linking to Pixelfed. #MetaBlockingPixelfed I just tried posting a message on Facebook that reads: "Anyone here using Pixelfed?" with a link to Pixelfed.Social Within *seconds* I got a post saying my post was banned. Screenshots below.

@adamshostack Or you are very strong

@cfgbot looks like a well behaving function, classmates must hate him

"He burned our libraries. Why did he do that? It's so destructive. Can you think of anything more evil?"
"I can, child. There is something worse than burning a library."
"How!"
"It happened long ago, this was a time when books were not rare as they are today. Everyone had hundereds of books."
"Hundreds! No!"
"Thousands."
"Oh!"
"So, the new kings realized they couldn't possibly destroy all of the books. They would always miss a few."
"What did they do?"

1/

[RSS] Why does inadvertently passing a std::string instead of a char const* to a variadic function crash on x86-32 but not x86-64?

https://devblogs.microsoft.com/oldnewthing/20250110-00/?p=110744

"There were changes made to file name rules in Windows 11 24H2 that have caused IFS access problems for customers" #IBMi

https://www.ibm.com/support/pages/node/7180720?myns=swgother&mynp=OCSWG60&mync=A&cm_sp=swgother-_-OCSWG60-_-A

I wonder if this has to do with DEVCORE's Worst Fit vulnerabilities: https://devco.re/blog/2025/01/09/worstfit-unveiling-hidden-transformers-in-windows-ansi/

[RSS] Windows 11 24H2 update causes issues connecting to IBM i

https://www.ibm.com/support/pages/node/7180720?myns=swgother&mynp=OCSWG60&mync=A&cm_sp=swgother-_-OCSWG60-_-A

"IBM ACS Application Package *WINLOGON support [...] is incompatible with LSA Protection." what the Hell is ACS doing in my LSASS?! #IBMi

[RSS] Static Keys, Shattered Security Dreams: A CVE-2024-5764 Story

https://medium.com/maverislabs/static-keys-shattered-security-dreams-a-cve-2024-5764-story-c76ee594adc2?source

(Sonatype Nexus Repository 3 exploitation walkthrough)

@Tesseks I guess you can get pretty precise model data from EXIF metadata too?

Great article from @stargirl describing VCOs and digitally-controlled oscillators (DCO) and why you may choose a DCO to avoid temperature-related frequency drift
https://blog.thea.codes/the-design-of-the-juno-dco
#synthesizers #synthdiy #electronics