buherator
Posts
2521Following
646Followers
1460
buherator
repeated
repeated
radare 
radareorg@infosec.exchange
Work in progress JNI helper plugin for #radare2 https://github.com/evilpan/jni_helper/tree/master/r2 #android #java #reverseengineering
0
3
0
buherator
buherator
Edited 3 months ago
(CVE-2025-3155) Arbitrary file read by abusing ghelp scheme
https://gitlab.gnome.org/GNOME/yelp/-/issues/221
"Yelp, the GNOME user help application, allows help documents to execute
arbitrary JavaScript. A malicious help document may exfiltrate user files
to a remote server. A malicious website may download a help document
without user intervention, then trick the user into opening a ghelp URL
that references the help document. This notably requires the attacker to
guess the filesystem path of the downloaded help document."
And we just discussed old-school .HLP exploits the other day...
#EnoughEyeballs
https://gitlab.gnome.org/GNOME/yelp/-/issues/221
"Yelp, the GNOME user help application, allows help documents to execute
arbitrary JavaScript. A malicious help document may exfiltrate user files
to a remote server. A malicious website may download a help document
without user intervention, then trick the user into opening a ghelp URL
that references the help document. This notably requires the attacker to
guess the filesystem path of the downloaded help document."
And we just discussed old-school .HLP exploits the other day...
#EnoughEyeballs
0
0
2
buherator
buherator# ./mpclient_x64 ../eicar.com 2>&1 | fgrep EngineScanCallback
EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified.
happy dance
1
2
7
buherator
buherator
Here's me face talking about low-level #IBMi security:
@recon 2024 - Control Flow Intergrity on IBM i
https://www.youtube.com/watch?v=0uBbklP9BSE
The video also has some '90s VHS vibes to it, the writeup is still available here (minus the last temporal safety stuff):
https://silentsignal.github.io/BelowMI/
@recon 2024 - Control Flow Intergrity on IBM i
https://www.youtube.com/watch?v=0uBbklP9BSE
The video also has some '90s VHS vibes to it, the writeup is still available here (minus the last temporal safety stuff):
https://silentsignal.github.io/BelowMI/
0
2
8
buherator
repeated
repeated
buherator
buherator
#uspol
Show content
@haroonmeer It's not that strange if you consider they speak to the low-class workers. Again, a great summary: https://www.youtube.com/watch?v=1CP9Peipxzk (note that B4B is strictily against the alt-right, yet I think they capture the core problems that the current USgov successfully capitalized)
0
0
2
buherator
buherator
re: #music
Show content
Look at that warpaint (among other things) @joxeankoret! :D
1
0
1
buherator
buherator
#music
Show content
https://ripplemusic.bandcamp.com/album/satanic-panic-attack
Perfect music for this #Saturday, and a strong contender for Album Cover of the Year!
Perfect music for this #Saturday, and a strong contender for Album Cover of the Year!
1
1
2
buherator
buherator
pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946
https://www.openwall.com/lists/oss-security/2025/04/04/3
* Issue #8602 - Fixed an XSS vulnerability issue in the Query Tool and View/Edit Data (CVE-2025-2946).
* Issue #8603 - Fixed a remote code execution issue in the Query Tool and Cloud Deployment (CVE-2025-2945).
https://www.openwall.com/lists/oss-security/2025/04/04/3
* Issue #8602 - Fixed an XSS vulnerability issue in the Query Tool and View/Edit Data (CVE-2025-2946).
* Issue #8603 - Fixed a remote code execution issue in the Query Tool and Cloud Deployment (CVE-2025-2945).
0
0
2
buherator
repeated
repeated
Project Zero Bot
p0bot
New Project Zero issue:
Firefox: inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access
https://project-zero.issues.chromium.org/issues/392850860
CVE-2025-1932
Firefox: inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access
https://project-zero.issues.chromium.org/issues/392850860
CVE-2025-1932
0
1
1
buherator
buherator
[RSS] We emulated iOS 14 in QEMU. Here's how we did it.
https://eshard.com/posts/emulating-ios-14-with-qemu
https://eshard.com/posts/emulating-ios-14-with-qemu
0
5
13
buherator
buherator
This is CVE-2025-22871 and Go issue
https://go.dev/issue/71988.
net/http: request smuggling through invalid chunked data
https://go.dev/issue/71988.
net/http: request smuggling through invalid chunked data
0
2
6
buherator
buherator
@Newk @mrclark I think you should not attack the problem from the angle of who is being targeted: it's pretty easy to see it's everyone. IME you can get to an actual victim with one handshake, maybe two if you don't work in infosec.
It's more important to make people realize that they have shit to loose: enumerate critical assets, create estimations what damage can be done (which is what banks do as part of their compliance process). Many businesses (manufacturing is a typical example) don't realize how much they rely on IT these days.
It's more important to make people realize that they have shit to loose: enumerate critical assets, create estimations what damage can be done (which is what banks do as part of their compliance process). Many businesses (manufacturing is a typical example) don't realize how much they rely on IT these days.
1
1
1
buherator
buherator
@wdormann Yes, and this makes me think that bad guys had this exploit well before the patch:
1) APTx runs its dumbest fuzzer and writes an exploit
2) ???
3) Ivanti releases a patch
4) APTx notices their bug is burned
5) APTx goes for a aggressive campaign (or passes the exploit to low-end peers) to cash in on the patch gap.
6) Threat intel picks up ItW exploitation
With my previous comment I wanted to express my worry that we are probably in stage 2) with God knows how many Ivanti 0-days right this moment.
1) APTx runs its dumbest fuzzer and writes an exploit
2) ???
3) Ivanti releases a patch
4) APTx notices their bug is burned
5) APTx goes for a aggressive campaign (or passes the exploit to low-end peers) to cash in on the patch gap.
6) Threat intel picks up ItW exploitation
With my previous comment I wanted to express my worry that we are probably in stage 2) with God knows how many Ivanti 0-days right this moment.
2
1
6
buherator
repeated
repeated
Hey #infosec,
what's your best answer to people telling you "But we're not a Bank!" whenever you plan to introduce any measure to lower a risk?
1
4
0
buherator
buherator
@mrclark @Newk This can be a reasonable risk assessment though: take a worst case scenario, if you can recover from that with acceptable loss, do nothing. I think the hard part is get people to do the math properly, e.g. what if you have to do recovery two weeks in a row, what is the likelihood of that happening...
1
0
1
buherator
repeated
repeated
CFG Bot 🤖
cfgbot@mastodon.socialProject: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00926180
__multf3
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00926180.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00926180.json&colors=light
0
1
0