Elastic Response to Blog ‘EDR 0-Day Vulnerability’

https://discuss.elastic.co/t/elastic-response-to-blog-edr-0-day-vulnerability/381093

"The reports lacked evidence of reproducible exploits. Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so."

The FBI has published an evergreen advisory warning about cryptocurrency recovery scammers lurking everywhere. The minute you mention online that you might have lost money to a crypto scam, you will be flooded with come-ons from "recovery experts" who hold out the unlikely promise of recovering your funds -- for a fee.

These scammers prey on people who are understandably frantic after having just suffered a potentially life-altering financial loss, and are desperate for a quick solution. Far too many people who get burned by crypto get victimized a second time by these charlatans. I probably delete a dozen or more comments each week from my blog that are left by these dirtballs.

https://www.ic3.gov/PSA/2025/PSA250813

@bert_hubert I imagine hearings to go like this: https://www.youtube.com/watch?v=BKorP55Aqvg

In the context of the Chatcontrol attempt to get Americans to scan our photos with AI so we can be reported to Europol, the EU has even bigger plans in this direction. And they are honestly (I am told) asking for experts to advise them on these plans. You can apply until September 1st to be part of the expert group:
https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/

@loke @bagder Bug bounty absolutely has perverse incentives, and even I'm not sure if my previous idea can be realistically implemented in this context. It's just an idea and maybe something to ponder on case anyone is facing a similar dilemma.

A fascinating story about a #DoS #vulnerability in the Expat #XML parser

#Recursion kills: The story behind CVE-2024-8176 / #Expat 2.7.0 released, includes security fixes

https://blog.hartwork.org/posts/expat-2-7-0-released/

@loke @bagder As pentesters we regularly argued about whether a behavior can be considered a vulnerability or not. A resolution strategy that almost always worked is to ask ourselves what our recommended fix would be. Maybe including such a question in the report template could help prevent/resolve similar misunderstandings?

@bagder I started by tracking back line numbers, good for you to have some experience with the curl API :)

@bagder Attached fuzzer not matching with the provided ASAN report is an especially nice touch...

Meanwhile, if you abuse the API and don't comply, asan might complain but that's not a #curl security problem.

https://hackerone.com/reports/3302518

Any fool can write code that a computer can understand. Good programmers write code that humans can understand.

— Martin Fowler

#complexity

No CPU Challenge by Demostue Allst★rs

Evoke 2025 party Alternative Platforms compo winner.

An Amiga AGA demo that entirely runs on the copper. This is the same capture from real hardware, that was presented in the compo.

https://youtu.be/OXT5MrDdyB8
https://www.pouet.net/prod.php?which=104753

(Edit: updated YouTube link, due to audio sync issues)

#amiga #demoscene #evoke2025

@amarsaar The code now lives here for easier reference: https://github.com/blitz/l1tf-demo

wrote a new big blog post today that is very relevent to my interests. you may be interested in reading

IF YOU LOVE IT, DOWNLOAD IT.

https://erysdren.me/blog/2025-08-16/

And we're live with Pentium II: https://youtube.com/live/Jt4_ekA7q4M?feature=share

Preparing a post about lafleur, the CPython JIT fuzzer I develop.

It has found 4 JIT crashes so far:
#136996: "JIT: `executor->vm_data.valid` assertion failure in `unlink_executor`".
#137007: "JIT: assertion failure in _PyObject_GC_UNTRACK".
#137728: "Assertion failure or `SystemError` in `_PyEval_EvalFrameDefault` in a JIT build".
#137762: "Assertion failure in `optimize_uops` in a JIT build".

Contributions welcome!

https://github.com/search?q=repo%3Apython%2Fcpython+lafleur&type=issues

#Python #CPython #fuzzer #fuzzing #lafleur #JIT

@cR0w https://www.reddit.com/r/netsec/comments/1mryiha/elastic_edr_0day_microsoftsigned_driver_can_be/

(note that I said entertaining, not informative or useful...)

That "EDR 0-day" post on reddit is quite entertaining!

Made a little pornographic test case for the UK #OnlineSafetyAct, to see whether we can get Ofcom to ban AWS S3 from the United Kingdom.

http://ofcom.s3-website-us-east-1.amazonaws.com/

@codecolorist This hits hard after having spent many hours debugging shell escapes in cmdexec payloads... PowerShell is a harsh mistress, but it'd be even more gruesome if they had to do the same thing with cmd.exe :)