New vulnerability report from Talos:

Asus Armoury Crate AsIO3.sys stack-based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2144

CVE-2025-1533

"Hey Bill should we push this API quota update globally?"

"They said push it man."

"But the new quotas are 'none' and 'noner'. There's not even any numbers."

"Fuck it, send it."

https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW

oh my god i was right.

"This policy data contained unintended blank fields. Service Control, then regionally exercised quota checks on policies in each regional datastore. This pulled in blank fields for this respective policy change and exercised the code path that hit the null pointer causing the binaries to go into a crash loop. This occurred globally given each regional deployment."

https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW

https://github.com/ubuntu/authd/security/advisories/GHSA-g8qw-mgjx-rwjr

When a user who hasn't logged in to the system before (i.e. doesn't exist in the authd user database) logs in via SSH, the user is considered a member of the root group in the context of the SSH session. That leads to a local privilege escalation if the user should not have root privileges.

radare2 is now shipping extra panel layouts in the default installation. Do you have custom layouts you enjoy in panels mode? https://github.com/radareorg/radare2/pull/24296 #reverseengineering #tui

From "All About Computers", published in 1984.

Adapting an Old Rotary Dial for Digital Applications

https://hackaday.com/2025/06/13/adapting-an-old-rotary-dial-for-digital-applications/

[RSS] Offline Extraction of Symantec Account Connectivity Credentials (ACCs)

https://itm4n.github.io/offline-extraction-of-symantec-account-connectivity-credentials/

It's great to have everything-as-code because of reproducibility, etc., except now the cloud infra you are targeting can and will randomly fail in unpredictable ways.

Today's the deadline to submit to Phrack 72:

https://bird.makeup/@phrack/1901633924532408680

GIMP Heap Overflow Re-Discovery and Exploitation (CVE-2025–6035) by @craigtweets

https://medium.com/@cy1337/malloc-overflow-deep-dive-9357eeef416b

Another #Rust adventure for the weekend:

Signed/unsigned (two's complement) command-line integer converter based on num_bigint:

https://github.com/v-p-b/twos

Designing the interface was surprisingly tricky, no wonder most online converters aren't great...

Recently, I've been looking into the inner workings of Digital Signature Enforcement:

https://erawlam.cc/articles/threat-hunting/driver-signature-enforcement-internals/

#windows #reverseengineering

I also tried to do a diff on CLFS.sys to track down CVE-2025-32713 but #Ghidra fails to decompile multiple functions so the output is not as clean as I wished it to be:

https://gist.github.com/v-p-b/b180fa1b0e2b391153a0c7fca265a104

This #PatchTuesday sparked no joy :(

Unfortunately this #PatchTuesday introduced another Lua script to Defenders signature DB that breaks loadlibrary even with trivial scan targets :( I started to track the issue in my fork:

https://github.com/v-p-b/loadlibrary/issues/2

The good news is I fixed the cert store so Authenticode with PCA 2024 will work. and you should still be able to experiment with e.g. the unpackers by disabling the Lua VM, as described here:

https://scrapco.de/blog/fuzzing-windows-defender-with-loadlibrary-in-2025.html#fuzzing

[RSS] CVE-2025-26685 - Spoofing to Elevate Privileges with Microsoft Defender for Identity

https://www.netspi.com/blog/technical-blog/network-pentesting/microsoft-defender-for-identity-spoofing-cve-2025-26685/

A lot of companies seem to misunderstand the role of pay in hiring and retaining smart people. In my first year at Microsoft Research I listened to a (normally sensible) member of the lab’s leadership team explain that the bonus structure was there to incentivise good research. I looked around the room and wondered who had ever thought ‘well, I was going to do some mediocre research, but for 20% more money this year I will do something world leading!’ My guess: no one.

If you want to hire the best people, you are looking for the people who, if money didn’t matter, would do the job for free because they believe it’s important and care about the outcome. You don’t pay them well to persuade them to work. You pay them well so that they can afford to work on the things that they think are important. If smart people don’t think the things you’re doing are important then you should consider why you’re doing them.

This is especially true for executive compensation. The best CEOs are ones that care about the company’s products and want everyone to use them, not the ones that want to make the most money. This is especially true for non profits where your pool should start with people who care a lot about the organisation’s mission. Paying more (above a certain level) won’t find more of those people it will simply dilute the pool with people who are there for the money, not the mission.

EDIT: A lot of people seem to be misunderstanding this and think this is an argument to pay people badly. It absolutely isn't. If you pay people badly, they will spend a lot if time thinking about money. Your job as a manager is to remove problems. Money removes a lot of problems. But a lot of problems cannot be removed by applying money. If someone competent is being told to do nonsense work that they know will cause problems in the long run, no amount of money will make them motivated. The problems that can be solved with money are the easy ones.

[RSS] NTLM reflection is dead, long live NTLM reflection! - An in-depth analysis of CVE-2025-33073

https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025

[RSS] Exploring Kernel Address Leakage via WARN()

https://u1f383.github.io/linux/2025/06/14/exploring-kernel-address-leakage-via-WARN.html

[RSS] exploits.club Weekly Newsletter 75 - Speaker Hacking, Old Video Game Bugs, SecureBoot Bypasses, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-75-speaker-hacking-old-video-game-bugs-secureboot-bypasses-and-more/