Unfortunately, Sina Kheirkhah (@SinSinology) and Enrique Castillo (@hyprdude) of Summoning Team (@SummoningTeam) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.

Exception Junction - Where All Exceptions Meet Their Handler

https://bruteratel.com/research/2024/10/20/Exception-Junction/

"to understand why the ‘ntdll!NtProtectVirtualMemory’ is being called, I decided to reverse the entirety of the ntdll!RtlAddVectoredExceptionHandler’ API call"

#Windows #ReverseEngineering

We're ready for Day Three of #Pwn2Own Ireland! We’ve already awarded $874,875, & we have 15 attempts left to go. Will we hit the $1,000,000 mark or will all remaining attempts end up in bug collisions? Follow along with the results here and on our blog: https://www.zerodayinitiative.com/blog/2024/10/24/pwn2own-ireland-2024-day-three-results

[RSS] Windows User Space Emulator

https://github.com/momo5502/emulator

[RSS] Multiple vulnerabilities in the Realtek card reader driver. Affects Dell, Lenovo, etc

https://zwclose.github.io/2024/10/14/rtsper1.html

"CVE-2022-25476 wasn%27t fully patched until the July-August fix, which also addressed CVE-2024-40431 and CVE-2024-40432"

One of our final attempts of Day 2 ends in a collision. The InfoSect (@infosectcbr) group successfully got a shell on the Lorex camera, but they used a bug previously seen in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIrelandv

❗ Fortinet has issued an advisory for FortiManager confirming CVE-2024-47575 is being actively exploited in the wild. This extremely critical vulnerability has a CVSS score of 9.8.

⚠️ This vulnerability can enable RCE upon connecting to a FortiManager instance with a valid Fortinet device certificate and could lead to total compromise of the vulnerable system.

⏱️ Shoutout to @rk for the quick work on this Rapid Response!

👉 Launch runZero now to pinpoint assets that could be affected -- no rescanning or credentials required:

https://www.runzero.com/blog/how-to-find-fortimanager-instances-on-your-network/

TIL: H. P. Lovecraft, on the 'proper' pronunciation of 'Cthulhu':

The name of the hellish entity was invented by beings whose vocal organs were not like man's, hence it has no relation to the human speech equipment. The syllables were determined by a physiological equipment wholly unlike ours, hence could never be uttered perfectly by human throats ... The actual sound -- as nearly as any human organs could imitate it or human letters record it -- may be taken as something like Khlûl'-hloo, with the first syllable pronounced gutturally and very thickly. The u is about like that in full; and the first syllable is not unlike klul in sound, hence the h represents the guttural thickness.

(Not your usual pronunciation note -- the equivalent of "you kinda can't get there from here, but if you have to try, here's now")

More video highlights from #PwnOwn Ireland Day 2, the InfoSect (@infosectcbr) group exploits the Sonos. https://youtube.com/shorts/UGp-HVRP5mU?feature=share

More video highlights from #Pwn2Own Ireland Day 2. This one has Corentin Bayet (@OnlyTheDuck) going from the QNAP QHora-322 to the QNAP TS-464 in a SOHO Smashup. https://youtube.com/shorts/LhHk03l4vm8?feature=share

How we program multicores - Joe Armstrong

https://www.youtube.com/watch?v=bo5WL5IQAd0

Compass Security (@compasssecurity) ran into a collision in their attempt against the Ubiquiti AI bullet. Their exploit still wins them $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland

Critical 0-day Vulnerability in Fortinet FortiManager (CERT-EU Security Advisory 2024-113)

On October 23, 2024, Fortinet released a security advisory addressing a critical 0-day vulnerability in its FortiManager product. If exploited, a remote unauthenticated attacker could execute arbitrary code or commands on the affected device.
It is strongly recommended to apply the update. When not possible, it is recommended to apply the workarounds. In all cases, it is recommended to search for evidence of a potential compromise.

https://www.cert.europa.eu/publications/security-advisories/2024-113/

In another video highlight from Day 2 of #Pwn2Own, team Viettel takes on the Sonos speaker: https://youtube.com/shorts/DUWfgz1Mm6w?feature=share

Blog status: 2595 words, 5 more to a Blue Box...

Using Nix to Fuzz Test a PDF Parser https://mtlynch.io/nix-fuzz-testing-1/

Around 100 new games were added to the program reconstruction section of the Decompilation Wiki:
https://decompilation.wiki/applications/program-reconstruction/

On that note, the Wiki is always looking for more writers who want to contribute tutorials, explanations, or categorizations of any topic in the Wiki :).

New vulnerability report from Talos:

NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1955

CVE-2024-0121

New vulnerability report from Talos:

NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2012

CVE-2024-0117