vArmor

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

https://github.com/bytedance/vArmor

[RSS] Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight

https://workos.com/blog/ruby-saml-cve-2024-45409

I will present about file formats at the CCC (ten years after 31c3's "Funky file formats").
https://speakerdeck.com/ange/funky-file-formats-31c3

#China has officially unveiled its new 5th-generation stealth fighter, the J-35A, at the Zhuhai Air Show

Images show a comparison with the US F-35.

The J-35A is a customized copy of the F-35. China hacked a British defence company and stole the F-35 blueprints a number of years ago. This is the result of that.

We've just released our 2024-Q3 edition of ThinkstScapes: https://thinkst.com/ts

For this issue, we went through ~5000 info-sec research talks, papers, presentations & blogs.

The website includes PDF & ePub links (and a brief audio summary).

As always: completely free...

Amazon has confirmed a data breach impacting employee data.

The confirmation comes after a hacker claimed to leak data from a bunch of major organizations, including Amazon, which they say is linked to last year's MOVEit mass-hacks

https://techcrunch.com/2024/11/11/amazon-confirms-employee-data-stolen-after-hacker-claims-moveit-breach/

Exploiting KsecDD through Server Silos – SCRT Team Blog
https://blog.scrt.ch/2024/11/11/exploiting-ksecdd-through-server-silos/

SBFT'25 Fuzzing Competition

https://sbft25.github.io/tools/fuzzing

"Unlike previous years, we will favour fuzzers which are better at discovering novel edges and will accept existing fuzzers as submissions"

/by @addison

Happy to announce the SBFT'25 fuzzing competition! Unlike previous years, we will favour fuzzers which are better at discovering novel edges and will accept existing fuzzers as submissions, so there is no excuse to not join in :^)

Register and find details here: https://sbft25.github.io/tools/fuzzing

Just Windows things: https://devblogs.microsoft.com/oldnewthing/20050715-14/?p=34923

Here’s the recording of my Bluehat talk Pointer Problems - Why we’re refactoring the windows kernel https://youtu.be/-3jxVIFGuQw?si=3Q30ziJBBVv4ZbAU

[RSS] The case of a program that crashed on its first instruction

https://devblogs.microsoft.com/oldnewthing/20241108-00/?p=110490

[RSS] Pishi: Coverage guided macOS KEXT fuzzing.

https://r00tkitsmm.github.io/fuzzing/2024/11/08/Pishi.html

IBM's EGA graphics (Enhanced Graphics Adapter) celebrates it's 40th anniversary this year, so here's some classic EGA games:

One tiny goal: learn to pronounce kurwa fluently before next Warcon

For anyone looking to adjust their media diet, now’s a great time to consider escaping The Algorithms with RSS. Here are some of the blogs, newsletters, and independent news sites I follow: https://www.mollywhite.net/blogroll/

For feed readers,  I use Inoreader, but there are many other good options.

#RSS #IndependentMedia #blogging

Support the people who make the stuff you like. There's a good chance that without that, the stuff you like won't get made.

The offensive industry loves making shit up: the new rumor making the rounds is that my girlfriend works at NSO. As a matter of fact, my girlfriend is currently unemployed and looking for work as an event manager in Europe, so let me know if you come across interesting openings. Her only experience in the security industry is coming with me to a few conferences over the past year to look for work and learn more about this niche.

Here is another #NameThatWare

Can you deduct or guess which device this is?
As always, hide your answer behind a CW to not spoil others.

#directoryTraversalMemes seem to become a classic, but I wonder if anyone has a list of specific payloads that trigger the different vulnerabilities of recent memory?

/cc @reverseics @cR0w