We're both close to half a mil total downloads and to finalizing Issue #5 (if you want to get your article in, you have literally a few more days left to submit! there's still time, but not a lot)

https://bird.makeup/@pagedout_zine/1841396794602737794

Today, I'm feeling generous and giving away 2 free tickets for #r2con2024. What do you have to do?

You have to reply to this tweet saying what you like most about #radare and what you use it for. The most original comment will be the winner! @radareorg @pancake https://rada.re/con/2024/

"After decades of searching for photo-realism and performance, the soon to be over myth of perpetual growth is leaving the stage to more computationally minimal aesthetics and dispositives to refocus on the power of concept, interaction, stories and subjectivity in a scarce real-world."

From the European Permacomputing Gamejam Site:
https://itch.io/jam/europermajam

Another cool blog post by @sploutchy (Compass Security)

"COM Cross-Session Activation"

Quick read, and straight to the point. This article provides a real-life example (Google Updater service here) showing one way to exploit a COM class for local privilege escalation on Windows. 👌

👉 https://blog.compass-security.com/2024/10/com-cross-session-activation/

#windows #vulnerability #privesc #cve #CVE_2024_7023

Now this is interesting, Windows 11 24H2 allows you to connect to an SMB server with an arbitrary TCP port. Could come in handy ;-)
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509

This was a fun podcast with @aionescu discussing all things kernel: https://podcasts.apple.com/us/podcast/adversary-universe-podcast/id1694819239?i=1000671431945

I love this part also. The #CSAM regulation proposal is full of how it is all great for privacy, and then it hits you with this. Apparently this is scanning of all OUR photos, not of theirs: https://www.patrick-breyer.de/wp-content/uploads/2024/10/2024-10-01-conseil-hu-csam-proposition-approche-generale-24-septembre.pdf

The second article in our new series on #Windows #kernel #driver #vulnerability research and #exploitation is out!

Exploiting #AMD atdcm64a.sys arbitrary pointer dereference - Part 2:
https://security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-2/

This time, @ale98 covers how to craft PoCs for the arbitrary MSR read and arbitrary pointer dereference vulnerabilities described in his previous article, with step-by-step advice for debugging with #IDAPro.

Enjoy... and stay tuned for the third and last article next week.

My TamaGo talk at the recent @osfc_io is now online, if you are interested check it out!

https://www.osfc.io/2024/talks/tamago-bare-metal-go-for-arm-risc-v-socs/

dedicated to the brave reverse engineers

If you're using @zimbra, mass-exploitation of CVE-2024-45519 has begun. Patch yesterday.

Malicious emails are coming from 79.124.49[.]86 and attempting to curl a file from that IP.

A friend of mine (@GabrielGonzalez) has written a book about "Attacking and Securing U-Boot".
https://www.amazon.com/Attacking-Securing-U-Boot-Gabriel-Gonzalez/dp/B0DJ7M2JNN