Writing a Frida-based VBS API monitor

https://www.hexacorn.com/blog/2024/07/07/writing-a-frida-based-vbs-api-monitor/

#DFIR #RCE

Has anyone checked if macOS is vulnerable to regreSSHion (Qualys's OpenSSH SIGALRM vulnerability, CVE-2024-6387)?

Qualys's writeup notes that glibc is vulnerable because its malloc skips locking on single threaded programs
(https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt),

macOS doesn't have this optimization: malloc always seems to take locks, and will crash in `os_unfair_lock_recursive_abort` if you try to call it during an interrupted call.

So Qualys's initial exploit strategy probably won't work.

macOS's syslog is complex, however; it has several files (https://github.com/apple-oss-distributions/syslog/tree/main/libsystem_asl.tproj/src) that uses malloc, Mach messaging, libdispatch, XPC, ObjC... would there be something non-re-entrant-safe there? If so, would the lock aborts prevent you from exploiting them?

An unexpected journey into Microsoft Defender's signature World:

https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world

#cybersecurity #windowsdefender #windows #informationsecurity #infosec #reverseengineering

Our @recon slides and demo videos are now online as well:

https://silentsignal.hu/docs/S2-REcon24-Control_Flow_Integrity_on_IBM_i.pdf

#IBMi #reconmtl #recon2024 #recon24

== Let's make a magnetophone / tape player / magnetic tape head at home! ==

Many people started following me after my DIY magnetic tape and DIY floppy disk experiments. A common request ever since was to make a DIY magnetic head, and, truth to be told, I was curious to experiment with it, too.

The task was daunting, and many people were convinced that it could not be done at all. In fact, I could not find a single mention of a successful experiment in the West, and scarce mentions of it in vintage Russian radio hobbyist magazines. But I know that it could be done; my father says he made some magnetic heads over 40 years ago.

Just two weeks ago Hackaday.com made a post claiming that a (really cool btw) hobbyist made a tape player with a DIY tape head. I was excited at first, and then outraged - it was fake news! The DIY tape head was not (and could not be) used in the tape player on the video, and in fact could only erase tape.

Now, I present you The Real DIY Magnetic/Tape Head (and a DIY microphone)

🧵~

Reverse engineering eBPF programs https://www.armosec.io/blog/ebpf-reverse-engineering-programs/

did you know that intel shipped a userspace driver that does kernel physical memory grooming (like heap grooming, but for physmem allocations) to get a contiguous memory block https://git.dpdk.org/dpdk/tree/lib/eal/linux/eal_memory.c

like... allocates a bunch of pages, checks if they're physically contiguous, frees the ones that are not, and retries it has enough that are, more or less

Ok, finally! Here wo go: #Illumos on #ARM64 via #IllumosGate.

Here, we have a basic image running which will be soon shared as a raw image (including instructions how to run it w/o patched #Qemu) and also trying to provide a #Vagrant image.

#aarch64 #solaris #openIndiana #Tribblix #OmniOS #unix

🦀 The slides for my workshop at @recon in Montreal this year, "Reversing Rust Binaries: One Step Beyond Strings", are now online!

https://github.com/cxiao/rust-reversing-workshop-recon-2024/tree/main/slides

You can find both the slides and the diagrams I used for the workshop linked there. The slides are meant to be a resource for you to use while reversing, so they have lots of clickable links in them (:

In case you lose the link, you can also find the slides linked from my page on the REcon 2024 schedule: https://cfp.recon.cx/recon2024/talk/QCA37X/

Really great to meet so many cool people, and lots of work to do for Rust RE going forward! I left the conference with a lot of great ideas and directions for new research.

#REcon2024 #reconmtl #rustlang #reverseengineering #reversing #malwareanalysis

use-after-free vulnerability due to the interaction between Unix garbage collection (GC) and the io_uring Linux kernel component

https://blogs.oracle.com/linux/post/unix-garbage-collection-and-iouring

Credits Shoily Rahman

#Linux #cybsersecurity

"Saved

MTV News Is Back (Kind Of) Thanks to the Internet Archive

After Paramount Global yanked over 20 years of music journalism, the non-profit Internet Archive created a searchable index of MTV News via its Wayback Machine"

rolling stone.

https://www.rollingstone.com/music/music-news/mtv-news-saved-internet-archive-1235051776/

Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/

Just released oletools 0.60.2: this is mostly a bugfix release, to address some dependency issues and compatibility with Python 3.12.
More details: https://github.com/decalage2/oletools/releases/tag/v0.60.2
How to upgrade:
pip install -U oletools
or:
pipx install oletools

Another release with new features should come soon!

found the problem

stupid fox walked all over my boards

Finally! The Mozilla HTTP Observatory is back. https://developer.mozilla.org/en-US/blog/mdn-http-observatory-launch/

We are planning to release new Mastodon security updates for versions 4.1, 4.2 and nightly this Thursday, Jul 04, at 15:00 UTC. It solves multiple security issues, including a major one. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.

Progress on the new C decompiler backend!
The model type system can now be imported into our MLIR dialect, Clift!
The PR: https://github.com/revng/revng-c/pull/1/files

SecureLayer7: Major Security Flaws in Mailcow: Inside the XSS and Path Traversal Exploits (CVE-2024-31204 and CVE-2024-30270)
Mailcow is an open source mail server software suite. CVE-2024-31204 (6.1 medium) XSS in the Admin Panel and CVE-2024-30270 (6.2 medium) arbitrary file overwrite were originally reported by SonarSource. SecureLayer7 performs patch diffing to provide a root cause analysis (proof of concept) for them.

#vulnerability #CVE_2024_31204 #CVE_2024_30270 #mailcow #proofofconcept #CVE

Wow, this guy setup fake free WiFi to harvest FB logins on a Plane! This is one of those always rumored, but never true attacks. Article doesn’t specify just how they figured out which guy on the plane was doing it.

https://www.infosecurity-magazine.com/news/australia-police-fake-wifi-airport/