Newly disclosed (and dismissed) #curl vulnerability reports

"HTTP headers eat all memory:"
https://hackerone.com/reports/2552192

"Incorrect conversion in hostname"
https://hackerone.com/reports/2552179

"Unicode-to-ASCII conversion in cmdlines on Windows lead to argument injection"
https://hackerone.com/reports/2550951

Transparency baby.

[RSS] SSD Advisory – TP-Link ViGi onvif_discovery Overflow

https://ssd-disclosure.com/ssd-advisory-tp-link-vigi-onvif_discovery-overflow/

The new Intel Skymont architecture details, as presented brilliantly by Chips & Cheese¹ (strongly recommended) have a very "inspiring" paragraph:

"Skymont duplicates microcode for the most common complex instructions across all three clusters, letting them handle those instructions without blocking each other. Intel gave gather instructions as an example, which can load from multiple non-contiguous memory locations."

Intel is calling this nanocode, I am calling this a new playground...

__
¹ https://chipsandcheese.com/2024/06/15/intel-details-skymont/

API Monitoring Under Windows 10

https://www.hexacorn.com/blog/2020/04/04/api-monitoring-under-windows-10/

An older article by @hexacorn - I wonder if anyone made progress in this area? I guess ETW is a game changer, but can't find ready to use utils built around it :(

You open up a Commodore 64, and the box says "welcome to the world of friendly computing."

You turn on a modern PC, and it immediately threatens your data unless you agree to save your data to *their* cloud service.

That right there is why we talk about vintage computers. Folks need to be reminded of what's possible.

#Commodore64 #VintageComputing

TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution

https://arxiv.org/abs/2406.08719

Today's fun find: a conference talk entitled “Non-Euclidean Doom: what happens to a game when pi != 3.14159…”

/cc @Viss

https://www.youtube.com/watch?v=_ZSFRWJCUY4

Cook’s “How complex systems fail” is the most personally impactful paper I have ever read, and yet I’m convinced that it would never have been accepted for publication in a peer-reviewed journal.

https://www.adaptivecapacitylabs.com/HowComplexSystemsFail.pdf

I’m trying to approach the speed of light by integrating The Debugger Pedal with #vim and I hit this problem of vim reacting to Esc pathetically slowly: https://vi.stackexchange.com/questions/16148/slow-vim-escape-from-insert-mode

📢 Next week is #TROOPERS24 week! We will celebrate 15 years of making the world a safer place and are looking forward to all of you. See you in #Heidelberg. 🥳

A few years ago, a kid mourning his dad handed me over 300 DVDs his dad had made of local bands in his London Suburb in the 2010s before passing on. He didn't know what do with them. I did. All of them are up at Internet Archive, hundreds of hours of cover bands playing in a bar, and now, thanks to a volunteer, Ducky, we have them all with dates and descriptions, where known. Enjoy.

https://archive.org/details/hamiltonpubperformances

It's been 4 years since I started working as a penetration tester so I'm barely a medior but I realized a hard truth (actually @buherator made me realize this, haha) during this journey. You can be a pentester without any special programming knowledge, knowing only some bash/python scripting will get you somewhere but if you
really wanna advance in this field you gotta learn programming properly.

This is why i'm dipping my toes in C2 client/server development as im progressing through the book "Advanced Penetration Testing" by Wil Allsopp. I'm probably not gonna use these practice tools in a real engagement but I think it'll be profitable to see how these kind of tools are built from the ground up.

In the last week I've posted some tutorials intended for beginners regarding the exercises in the book:

https://cygnus.mataroa.blog/blog/apt-insights-part-1-vba-and-vbs/
https://cygnus.mataroa.blog/blog/apt-insights-part-2-command-and-control/
https://cygnus.mataroa.blog/blog/apt-insights-part-21-cc-dev-environment-with-visual-studio-and-vcpkg/

https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689

Our Program Analysis for Vulnerability Research class is filling up, if you were planning on attending Recon in a few weeks and were hoping to grab one of the last seats, you move quickly!

https://recon.cx/2024/trainingprogramanalysisforvulnerabilityresearch.html

Maybe I haven't upgraded since a while, but did @binaryninja drop support for stable Debian's glibc (2.31)?

Fuzzing can do more than find memory corruption vulnerabilities. With the right invariants, it can catch runtime errors and logical issues, as demonstrated by our custom testing harness for Fuel Labs. https://blog.trailofbits.com/2024/06/17/finding-mispriced-opcodes-with-fuzzing/

ASUS Releases Firmware Update for Critical Remote Authentication Bypass Affecting Seven Routers https://mobile.slashdot.org/story/24/06/17/0237229/asus-releases-firmware-update-for-critical-remote-authentication-bypass-affecting-seven-routers?utm_source=rss1.0mainlinkanon

https://streetartutopia.com/2024/06/17/yarn-bombing-guerrilla-crochet-a-collection/

IBM vs LzLabs. On reverse engineering zOS / mainframe software and big corpo lawsuits https://mainframeupdate.blogspot.com/2024/06/ibm-versus-lzlabs.html

Abusing title reporting and tmux integration in iTerm2 for code execution (CVE-2024-38396) https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html