Posts
2437
Following
589
Followers
1307
A drunken debugger

Heretek of Silent Signal
repeated

CVE-2024-41660: A Critical Vulnerability in OpenBMC https://tetrelsec.com/posts/cve-2024-41660-slpd-lite/

0
1
0
repeated

MIFARE Classic: exposing the static encrypted nonce variant https://eprint.iacr.org/2024/1275.pdf

0
2
0
repeated
New assessment for topic: CVE-2024-38063

Topic description: "Windows TCP/IP Remote Code Execution Vulnerability ..."

"On August 13, 2024, Microsoft disclosed CVE-2024-38063, an integer underflow vulnerability ([CWE-191](https://cwe.mitre.org/data/definitions/191.html)) affecting the IPv6 component of the Windows TCP/IP networking stack ..."

Link: https://attackerkb.com/assessments/92c8c4df-81fd-426e-bf53-60a08563d643
0
1
1
repeated

Wired was manipulated into spreading misinformation to market Palantir and iVerify by misrepresenting a vulnerability in a disabled demo app as being a serious problem which could be exploited in the real world. They should retract the article but won't.

https://wired.com/story/google-android-pixel-showcase-vulnerability/

3
9
0
[Dailydave] "You have to assume that, having learned from the Russian attacks against their electrical infrastructure, the Ukrainian Army is traveling not just with a screen of FPV drones but with a few USB keys containing implants for the specialized equipment that runs a gas network.

It's hard to disconnect OT networks that are presumed to be segmented physically, and temporary physical control can easily translate to permanent cyber control."

https://seclists.org/dailydave/2024/q3/8
0
0
0
repeated

For I'm porting Micropython to the SensorWatch SAML22J18 that fits in the classic Casio FT-91W. https://www.sensorwatch.net/

1
2
1
repeated

It's the Freya's day today so let's run another why don't we.

Today I got a classic form 1983, one of the very first chip cards. The micromodule is a very characteristic shape of those designed by Bull.

On the die itself, the EEPROM array is in the very center, with the address counter to the right, drivers above and the data multiplexer below.

Note the designer initials, C.B. and Y.G.

Hi-res: https://siliconpr0n.org/archive/doku.php?id=infosecdj:bull:et1001

0
1
0
repeated

ClamAV Antivirus 1.4 ends 32-bit Linux support, introduces ARM64 packages for Windows, improves ALZ and LHA archive handling, and more.
https://linuxiac.com/clamav-antivirus-1-4-ends-32-bit-linux-support/

1
1
0
#music #deathmetal #brutal #nsfw
Show content
This album is finally out, and it rips your head straight off <3

https://monumentofmisanthropydm.bandcamp.com/album/vile-postmortem-irrumatio
0
0
1
repeated

Zabbix Server Critical Arbitrary Code Execution Vulnerability (CERT-EU Security Advisory 2024-082)

On August 13, 2024, a critical vulnerability, CVE-2024-22116, was disclosed in Zabbix Server, allowing attackers with restricted administrative permissions to execute arbitrary code. The flaw, identified in the Ping script execution within the Monitoring Hosts section, can compromise the entire infrastructure. The vulnerability carries a CVSS score of 9.9.

https://www.cert.europa.eu/publications/security-advisories/2024-082/

0
1
0
repeated

Has anyone else looked at CVE-2024-38063? I could use a sanity check here. From what I can see, the vulnerable code path can only be triggered with IPv6 Jumbograms (packets larger than 65535 bytes). Not only would the target system need to have Jumbograms enabled, but every link in the path between the attacker and target would have to both support Jumbograms and have them enabled. I can't imagine any real world scenario in which this would occur, so unless I'm missing something, this vulnerability could only be exploited on very few real world systems.

4
3
0
repeated

Cartoon Network's Website Was Deleted. That Should Scare You All
L: https://slate.com/technology/2024/08/david-zaslav-warner-bros-discovery-culture-deleting-movies-tv-shows.html
C: https://news.ycombinator.com/item?id=41262878
posted on 2024.08.15 at 23:25:16 (c=0, p=5)

1
2
0
repeated

When I got started with hardware hacking etc @travisgoodspeed was (and is) one of my heroes.

Now thereโ€™s a chapter in his new (awesome) book on a vuln I found. Feels awesome.

Thanks Travis for all your contributions to our community.

Also, you should buy his book!

0
4
2
A Formal Analysis of SCTP: Attack Synthesis and Patch Verification

RE: https://infosec.exchange/@kaoudis/112966710334172131
0
0
2
repeated

https://www.usenix.org/conference/usenixsecurity24/presentation/qi System-level emulation and instrumentation is generally slow, but thereโ€™s a neat insight into when instrumentation *isnโ€™t* necessary and what basic blocks to not instrument for QEMU-based system-level concolic execution in this work!

1
1
0
repeated

Tired of using your own tongue to test 9V batteries???
๐Ÿ‘…๐Ÿ‘…๐Ÿ‘…๐Ÿ”‹๐Ÿ”‹๐Ÿ”‹ ouch!

Honored and humbled to announce my latest product:

5
22
1
[RSS] Instead of putting a hash in the Portable Executable timestamp field, why not create a separate field for the hash?

https://devblogs.microsoft.com/oldnewthing/20240815-00/?p=110131
0
1
2
repeated

MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://jjensn.com/at-home-in-your-firmware

0
1
0
repeated

Enjoy the old sch00l lulz:
Fuck You Ilfak - A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader

https://github.com/gdbinit/fuckyouilfak

2
1
0
Show older