[RSS] CVR: The Mines of Kakadum

https://bughunters.google.com/blog/6220757425586176/cvr-the-mines-of-kakad-m

Pretty sure I posted the OffensiveCon talk before, but it%27s always nice to have things written up

[RSS] Advisory X41-2024-003: DoS Vulnerability in Chilkat ASN.1 Decoder

https://x41-dsec.de/lab/advisories/x41-2024-003-chilkat-asn1/

[RSS] The case of the string being copied from a mysterious pointer to invalid memory, revisited

https://devblogs.microsoft.com/oldnewthing/20240911-00/?p=110247

[RSS] Avred background: Advances in Reversing Defender Signature Format

https://blog.deeb.ch/posts/avred-update/

[RSS] WordPress.org to require two-factor authentication for plugin developers

https://cyberscoop.com/wordpress-two-factor-authentication-supply-chain/

I just got my hands on @tiraniddo's Windows Security Internals book <3

I ordered it through Blackwell's, that is a UK company but ships @nostarch books to EU too, so you can avoid dealing with customs yourself. Order tracking needs improvement.

https://blackwells.co.uk/bookshop/product/Windows-Security-Internals-by-James-Forshaw/9781718501980

I really try to like Firefox, but the last 5 minutes really captures the kind of papercut that happens often:

- I open a new tab and firefox informs me it has updated itself and needs to restart and won't allow any further operations until it does so.
- Fine, I close and restart.
- I reopen Firefox to find a brand new sponsored weather widget on my otherwise blank new tab page - from a source I would never otherwise visit.

Thanks for breaking my flow and the privacy breach, I guess.

The promised writeup of how I discovered that the Feeld dating app was protecting private data by doing client-side filtering: https://mjg59.dreamwidth.org/70061.html

The recent ideas about LLM summarizers reminded me of an old joke by Woody Allen on speed reading:

“I took a course in it, learning to read straight down the middle of the page, and was able to go through ‘War and Peace’ in 20 minutes. It’s about Russia.”

https://quoteinvestigator.com/2015/12/08/speed-reading/

Archer 4 President!

https://www.youtube.com/watch?v=WpMSbKG2uZw

test

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

We've completed a comparative security assessment of authorization policy languages: Cedar, Rego, and the OpenFGA modeling language.
If you are a language designer or a software developer, our AWS-sponsored assessment also provides recommendations for improving policy language design and for securing systems that use policy languages.
https://buff.ly/4cSO63s

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

Are we not negative enough towards #ai

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/