tmp.0ut Volume 4 is happening! Our call for papers is now open, and we're excited to see what you've been working on 👀 read the full announcement here: https://tmpout.sh/blog/vol4-cfp.html

It was weird that I couldn't find in this Sophos report *what* was actually exploited aside of CVEs and codenames... then CVE info showed they were Sophos devices :P

https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/

Recently, I tried running TinyInst against a target written in Objective C and... the performance was ... not great. Let's analyze why that was and how to fix it:

Firstly, technical background: TinyInst marks the code sections of instrumented modules non-executable. Then (being a debugger), it catches exceptions raised while attempting to execute the original code and redirects execution to the rewritten code instead.

Exception handling is not very fast, but it only happens when non-instrumented code calls into an instrumented module. All callls from instrumented into instrumented code get optimized. This is why TinyInst works best when instrumented modules are selected so that they form a whole and calls into their group happen rarely. A handful is fine, but you'll notice if there are thousands.

How does Objective C mess this up? Because method calls in Objective C happen through objc_msgsend, which is a part of libobjc module. So even if you have calls from module abc to the same module, What you end up with is abc->libobjc->abc.

If libobjc is not instrumented, then libobjc->abc transitions will cause slowdowns. On the other hand, if you do instrument libobjc, then any Objective C calls from any non-instrumented module will cause slowdowns. So, no good solution, right?

But what if we instrument libobjc ins such a way that it only runs instrumented if it's called from other instrumented code? This is surprisingly simple to implement, we just skip marking its code non-executable during instrumentation, but it will still runs instrumented code when called from other instrumented code due to optimization mentioned earlier.

The effect: an order of magnitude better performance and we get libobjc instrumented "for free" (it doesn't cause any additional entries)

This is now implemented in TinyInst in the form of -instrument_transitive, which will instrument a module only for calls from other instrumented modules.

tl;dr if you run Objective C code under TinyInst and are experiencing slowdownsm, try -instrument_transitive libobjc.A.dylib. But it will no doubt improve performance in other scenarios as well.

QNAP NAS Zero-Day Vulnerabilities (CERT-EU Security Advisory 2024-115)

On October 29 and 30, 2024, QNAP released patches for two critical zero-day vulnerabilities, CVE-2024-50387 and CVE-2024-50388, affecting NAS devices. These vulnerabilities allow remote attackers to gain root access and execute arbitrary commands on compromised devices.

https://www.cert.europa.eu/publications/security-advisories/2024-115/

[Dailydave] Old Infosec Talks: Metlstorm's Take on Hacky Hacking

https://seclists.org/dailydave/2024/q4/1

🧙‍♀️

[RSS] Using AFL++ on bug bounty programs: an example with Gnome libsoup (2024.10.30)

https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html

[RSS] Give Me the Green Light Part 2: Dirty Little Secrets

https://www.redthreatsec.com/blog/give-me-the-green-light-part2-dirty-little-secrets

[RSS] Paranoids' Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.

https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-netiq-imanager-security-alerts

[RSS] Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024

https://www.synacktiv.com/en/publications/exploiting-a-blind-format-string-vulnerability-in-modern-binaries-a-case-study-from

e-voting fail including a "hidden" tab in an Excel file.
My bingo card for this year is getting full.

The Colorado Secretary of State’s Office inadvertently posted a spreadsheet to its website with a hidden tab that included voting system passwords.
https://apnews.com/article/colorado-election-voting-system-passwords-0a71d0c1fe85fc9712d895280fd519a2

Smashing the limits: Installing Windows XP in DOSBox-X

A couple of months ago, I tried to install (the unsupported) Windows XP in DOSBox-X. Well, it was not easy.

https://fabulous.systems/posts/2023/07/installing-windows-xp-in-dosbox-x/

#retrocomputing

Special Authority Data Mart created to allow me to see which profiles have special authorities, and to capture the information over time into a file.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2024/10/special-authority-data-mart.html

Put up the slides for my Bluehat 2024 presentation on improvements to OleView.NET https://github.com/tyranid/infosec-presentations/blob/master/Bluehat/2024/DCOM%20Research%20for%20Everyone!.pdf You can also grab v1.15 of OleView.NET from the PS Gallery which has the new features to generate proxy clients on the fly.

Outstanding. I am glad that more folks are picking on what I have been saying for quite some time. Confidential Computing is something we should continue pursuing and developing, but the tech, currently, is not there yet. Excellent work on formalizing a quite important (and hard) aspect of the discussion (remote attestation).

https://bird.makeup/@gabrielkerneis/1851664264895123736

mpg123 buffer overflow in versions before 1.32.8

https://seclists.org/oss-sec/2024/q4/45

#NoCVE yet - Edit: Got assigned CVE-2024-10573

Our security researchers @cod_rse@twitter.com and @inode conducted a security assessment on #Keycloak, identifying significant vulnerabilities impacting this open-source #IAM solution.

Read the full article at https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system

The Vanishing Culture report arrives today at a critical moment: While Internet Archive recovers from a cyberattack, it’s a reminder of how fragile our access to knowledge can be. Preserving culture & history requires resilience—and collective action.

🔗 https://blog.archive.org/2024/10/30/vanishing-culture-a-report-on-our-fragile-cultural-record/

Another Masto Instance going down. But not because moderation or something but because running bigger instances on Mastodon gets really expensive.

I think this is an issue that we need to put more work into: Not just finding better ways to sustainably fund the operation of instances but also the technical means to make running it on smaller hardware easier. This includes mechanisms to maybe push certain data into "archives" as to not have it in the live database/asset store.

(Original title: RIP botsin.space)

https://muffinlabs.com/posts/2024/10/29/10-29-rip-botsin-space/