infosec.place

buherator

@buherator

Posts

2426

Following

584

Followers

1295

A drunken debugger

Heretek of Silent Signal

Company / Blog

https://blog.silentsignal.eu/authors/b.html

Birdsite

https://twitter.com/buherator

GitHub

https://github.com/v-p-b

Personal

https://scrapco.de

Nudes

https://infosex.exchange

buherator

repeated

Adrian Taylor

adetaylor@mastodon.online

2 months ago

Edited 2 months ago

2024 Q3 update from #googlechrome security https://www.chromium.org/Home/chromium-security/quarterly-updates/#q3-2024

buherator

repeated

Kevin Beaumont

GossiTheDog@cyberplace.social

2 months ago

Remember a few weeks ago when Okta dropped a critical auth bypass vuln they’d been aware of for weeks on a Friday at 11pm?

Well, they’re back again with another auth bypass dropped on a Friday at 11pm https://infosec.exchange/@SecureOwl/113409933398662230

buherator

repeated

Chris Merkel 🐀👨🏼‍🍳

chrismerkel@infosec.exchange

2 months ago

Not sure I want to open this. If Cobalt Strike had a scent, what would it be and why?

buherator

2 months ago

[RSS] Ghostscript wrap-up: overflowing buffers

"This is an overview of CVE-2024-29506, CVE-2024-29507, CVE-2024-29508, and CVE-2024-29509"

https://codeanlabs.com/blog/research/ghostscript-wrap-up-overflowing-buffers/

buherator

2 months ago

[RSS] Multiple Vulnerabilities found in Portainer using CodeQL

https://www.cyberark.com/resources/threat-research-blog/discovering-hidden-vulnerabilities-in-portainer-with-codeql

buherator

repeated

Wendy Nather

wendynather@infosec.exchange

3 months ago

As you know, I've been talking about the #SecurityPovertyLine for over ten years now, and I'm always learning new things that add to my thinking on it. In my work with the National Academy of Sciences committee on cyber hard problems, I got to hear a presentation from @fuzztech that really opened my eyes.

It seems that US law enforcement is also below the security poverty line. Really. They struggle with protecting their own infrastructure (which includes huge amounts of digital data that now has to be stored as evidence for, like, forever -- as innocent people are still being exonerated decades later), and they also struggle with being able to help victims of cyber-enabled crime.

This presentation (which starts at 4:20 in the video) is open to the public, and I believe it needs more attention, as this problem affects not only SMBs, but also the very fabric of society. Have a look:

https://vimeo.com/event/4576498

cc: @CyberThreatAlliance @craignewmark

buherator

repeated

K. Reid Wightman 🌻

reverseics@infosec.exchange

2 months ago

Patching?

In this economy?

buherator

2 months ago

SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)

https://seclists.org/fulldisclosure/2024/Oct/18

buherator

repeated

tmpout

tmpout@haunted.computer

2 months ago

tmp.0ut Volume 4 is happening! Our call for papers is now open, and we're excited to see what you've been working on 👀 read the full announcement here: https://tmpout.sh/blog/vol4-cfp.html

buherator

2 months ago

It was weird that I couldn't find in this Sophos report *what* was actually exploited aside of CVEs and codenames... then CVE info showed they were Sophos devices :P

https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/

buherator

repeated

Ivan Fratric

ifsecure@infosec.exchange

2 months ago

Recently, I tried running TinyInst against a target written in Objective C and... the performance was ... not great. Let's analyze why that was and how to fix it:

Firstly, technical background: TinyInst marks the code sections of instrumented modules non-executable. Then (being a debugger), it catches exceptions raised while attempting to execute the original code and redirects execution to the rewritten code instead.

Exception handling is not very fast, but it only happens when non-instrumented code calls into an instrumented module. All callls from instrumented into instrumented code get optimized. This is why TinyInst works best when instrumented modules are selected so that they form a whole and calls into their group happen rarely. A handful is fine, but you'll notice if there are thousands.

How does Objective C mess this up? Because method calls in Objective C happen through objc_msgsend, which is a part of libobjc module. So even if you have calls from module abc to the same module, What you end up with is abc->libobjc->abc.

If libobjc is not instrumented, then libobjc->abc transitions will cause slowdowns. On the other hand, if you do instrument libobjc, then any Objective C calls from any non-instrumented module will cause slowdowns. So, no good solution, right?

But what if we instrument libobjc ins such a way that it only runs instrumented if it's called from other instrumented code? This is surprisingly simple to implement, we just skip marking its code non-executable during instrumentation, but it will still runs instrumented code when called from other instrumented code due to optimization mentioned earlier.

The effect: an order of magnitude better performance and we get libobjc instrumented "for free" (it doesn't cause any additional entries)

This is now implemented in TinyInst in the form of -instrument_transitive, which will instrument a module only for calls from other instrumented modules.

tl;dr if you run Objective C code under TinyInst and are experiencing slowdownsm, try -instrument_transitive libobjc.A.dylib. But it will no doubt improve performance in other scenarios as well.

buherator

repeated

CERT-EU

cert_eu@infosec.exchange

2 months ago

QNAP NAS Zero-Day Vulnerabilities (CERT-EU Security Advisory 2024-115)

On October 29 and 30, 2024, QNAP released patches for two critical zero-day vulnerabilities, CVE-2024-50387 and CVE-2024-50388, affecting NAS devices. These vulnerabilities allow remote attackers to gain root access and execute arbitrary commands on compromised devices.

https://www.cert.europa.eu/publications/security-advisories/2024-115/