The recording of our @WEareTROOPERS presentation is now online, enjoy!
#TROOPERS24 - IBM i for Wintel Hackers
Analysis of CVE-2024-37084: Spring Cloud Remote Code Execution https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
Traceeshark: Deep Linux runtime visibility meets Wireshark https://github.com/aquasecurity/traceeshark
'The Dutch Data Protection Authority imposes a fine of 30.5 million euro and orders subject to a penalty for non-compliance up to more than 5 million euro on Clearview AI... Clearview has built an illegal database with billions of photos of faces, including of Dutch people. The Dutch DPA warns that using the services of Clearview is also prohibited.' https://www.autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-on-clearview-because-of-illegal-data-collection-for-facial-recognition #Netherlands #clearview #law #tech #ai #privacy #dataprotection #surveillance
Come for the #OffensiveRust content, stay for the #ThrashMetal revival 🎸 https://infosec.exchange/@hnsec/113072354880406361
My v8 jit optimization exploit for 34c3 ctf:
https://gist.github.com/itsZN/9ae6417129c6658130a898cdaba8d76c
BlazeFox firefox pwnable reference solution for BlazeCTF:
https://gist.github.com/itsZN/4dd40ff12d886e5b3984200a92c1a38a
Here is my exploit for @plaidctf V8 exploit challenge. Bug was an n-day patched in chrome 66.0.3359.117
https://gist.github.com/itsZN/73cc299b9bcff1ed585e6206d1ade58e
The state of sandbox evasion techniques in 2024 https://fudgedotdotdot.github.io/posts/sandbox-evasion-in-2024/sandboxes.html
Google Chrome security advisory: Stable Channel update for Desktop
4 security fixes, 2 externally reported by Cassidy Kim(@cassidy6564): CVE-2024-8362 (high) Use after free in WebAudio and CVE-2024-7970 (high) Out of bounds write in V8. No mention of exploitation.