Remote Unauthenticated Code Execution #Vulnerability in #OpenSSH server

Affected versions:
- OpenSSH versions earlier than 4.4p1
- Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable
- Versions from 8.5p1 up to, but not including, 9.8p1

Details:
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
- https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

For loops have many uses.

[ Text link: https://godbolt.org/z/1cso144nM ]

This week at Config I gave a talk about pixel fonts that I think turned out really well.

It’s called “In defense of an old pixel,” and I don’t think I ever worked harder on a talk before. Check it out here! (25 minutes)

https://www.youtube.com/watch?v=SDI8ubVZi7w

The good news is:

It comes in pints!

I decided to fix this really easy looking UI issue in the Carthographer #Ghidra ext, and now I'm at 1 open Issue and total confusion about how did this thing ever work with the sample that triggered me in the first place o.O

https://github.com/datalocaltmp/RECON-2024

#reconmtl #recon2024 #recon24

Really appreciated @GabrielLandau’s #recon24 talk’s callout of challenges in responsible disclosure and how vendors not making a reasonable effort to work with researchers and their timelines makes those vendors less likely to receive all the security bug reports they otherwise could

This hard target full chain analysis from discovery to exploit has been added to Full Stack Web Attack. The last training for this year is at Romhack between 24th-27th of September at https://romhack.io/training/2024/full-stack-web-attack/ Student discount codes available, PM me but I only have a few left.

Holy shit, the Hungarian Plus/4 gang strikes again at Árok Party 2024. TCFS ported Prince of Persia to the Plus/4! Runs on stock hardware (two disk sides). 😲

https://plus4world.powweb.com/software/Prince_of_Persia

#8bit #commodore #plus4

[RSS] Nuvoton / Dell iDRAC: RootBlock

https://github.com/google/security-research/security/advisories/GHSA-v9gx-jrwm-3f78

"An attacker with physical access or root-level access on a system that uses the Nuvoton BootBlock first-stage bootloader can modify the u-boot image parsed by BootBlock such that it overwrites BootBlock in SRAM"

[RSS] Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)

https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/

[RSS] Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

https://github.blog/2024-06-26-attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/

[RSS] Exploiting Steam: Usual and Unusual Ways in the CEF Framework

https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/

[RSS] An unexpected journey into Microsoft Defender's signature World

https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world

Imagine software but move slow and fix things.
With decade long stability.

"There are two ways to do great mathematics. The first is to be smarter than everybody else. The second way is to be stupider than everybody else — but persistent." — Raoul Bott

We're stoked we got to present about low-level #IBMi internals today at @recon! Here you can find our detailed writeup:

https://silentsignal.github.io/BelowMI/

We also released our @kaitai definition for the *PGM serialization format:

https://github.com/silentsignal/PGM-Kaitai

...and our #Ghidra extensions:

https://github.com/silentsignal/PowerAS

Stay tuned for slides and demos!

#REcon24 #REconmtl #REcon2024

Mission accomplished!
My keynote was ‘polarizing’:
Some were disappointed that it’s not a ‘standard’ keynote, while it resonated with others.
Well worth the risk: I didn’t want yet another self-gratifying write up or a threatintel PR deck.
https://speakerdeck.com/ange/a-question-of-time

UB or not UB: How gcc and clang handle statically known undefined behaviour. https://diekmann.uk/blog/2024-06-25-statically-known-undefined-behaviour.html

Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws https://memorycorruption.net/posts/rce-lua-factorio/

The #Windows #Registry Adventure #3: Learning resources

https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html