Since I literally have to watch the paint dry, here's a bot for Project Zero issues too:

@p0bot

That’s no moon – it’s the Moon 🌗

The first colour images from ESA JUICE’s close lunar encounter last night are out.

Taken by the monitoring cameras, both show sunlit craters & shadows on the surface with parts of the spacecraft in the foreground.

At the top of the second image, you can just make out Earth as a small dark circle, surrounded by the ring of its backlit atmosphere.

We arrive (t)here tonight 🛰️🌏

Kudos to @stim3on for the magical processing 🙇‍♂️

#JUICELEGA

#LazyFedi What is the easiest way to generate a (machine-readable) function call graph from an NPM package?

Alternatively, what is the easiest way to generate a function call graph for packages of any package manager?

#Programming #StaticAnalysis

The Insane Engineering of the Gameboy

https://www.youtube.com/watch?v=BKm45Az02YE

UPDATE: Palo Alto Cortex XSOAR CommonScripts Critical Vulnerability (CERT-EU Security Advisory 2024-083)

On August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.

https://www.cert.europa.eu/publications/security-advisories/2024-083/

Linux: landlock can be disabled thanks to missing cred_transfer hook; and Smack looks dodgy too

https://bugs.chromium.org/p/project-zero/issues/detail?id=2566

This is CVE-2024-42318

Object file exporter extension for #Ghidra

https://github.com/boricj/ghidra-delinker-extension

There's an article written by me in Phrack Magazine: http://www.phrack.org/issues/71/11.html#article.
Very proud to be in that historic hacking magazine! For me, this is a major achievement :)

Bonus: the source code and binaries are here https://github.com/cryptax/talks/tree/master/Phrack-71

Enjoy! And if you really like it, I'd appreciate you nominate it here https://www.virusbulletin.com/conference/peter-szor-award/

Anybody with a paper edition to send me? This offer still stands: https://mastodon.social/@cryptax/112775284733028530

#phrack #dart #reverse #flutter

OpenBSD crond / crontab set_range() heap underflow - CVE-2024-43688

https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt

https://vulnerability.circl.lu/cve/CVE-2024-43688

#vulnerability #cron #crontab #infosec #crond #openbsd #unix

Along with the release of the latest Phrack, today in #Hungary we celebrate the founding of our nation by Saint Istvan

http://phrack.org/issues/71/1.html new Phrack is out!

it you would like to read ~10k words about going from "a 12kb binary that fell off a truck" to "a disassembler that knows the whole instruction set except like five opcodes", all without running a single instruction, phrack 71 is up and has a treat from me to you: http://phrack.org/issues/71/3.html#article

The Minuteman III missile (1970) is America's land-based nuclear deterrent, with 400 missiles ready to launch. The missile used a complex guidance system with over 17,000 electronic and mechanical parts that cost $4.5 million in current dollars. Let's take a look at the guidance system and computer. 1/N

ProTip: the moment you'd put the first debug print in your supposedly long-running Python program is the right time to import logging instead.

thanks to @gsuberland's excellent work, we now have an in-depth dive into the technical details of the #GlasgowInterfaceExplorer hardware published on the website!

you can read them at https://glasgow-embedded.org/latest/revisions/revC3.html

Recently, a Dutch hacker found a vulnerability allowing him to shut down 4 million solar power installations. A handful of mostly non-European places manage perhaps 100 GW of solar power in the EU. Any mishap there, or heaven forbid, a compromise, could easily shut down so much power that the European electricity grid would collapse. Shockingly, we regulate these massive control panels as if they are online birthday calendars. And that must change. https://berthub.eu/articles/posts/the-gigantic-unregulated-power-plants-in-the-cloud/

Although Talos was an *automaton*, it's a PITA to fetch vulnerability reports from @TalosSecurity automatically so I created a Fediverse bot:

@talosvulns

You can follow it or subscribe to its Atom feed of course.

(Currently parsing data from 2016, so will be a bit noisy for a little while)

r2 script to symbolicate #ios kernels using the json files generated by the IPSW tool from @blacktop https://github.com/radareorg/radare2/blob/master/scripts/ipsw-kernel-symbolicate.r2.js

Palo Alto Networks Cortex XSOAR Critical Vulnerability (CERT-EU Security Advisory 2024-083)

On August 15, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.

https://www.cert.europa.eu/publications/security-advisories/2024-083/

I feel like if Google was in charge of Bell Labs, they would have cancelled the transistor project because it wouldn’t make as much money in six months as punch card machines