New vulnerability report from Talos:

GoCast NAT parameter OS command injection vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1961

CVE-2024-29224

New vulnerability report from Talos:

GoCast HTTP API lack of authentication vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1962

CVE-2024-21855

New vulnerability report from Talos:

MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953

CVE-2024-28025,CVE-2024-28026,CVE-2024-28027,CVE-2024-28025,CVE-2024-28026,CVE-2024-28027

Aaaand our QEMU patchset to automatically promote helpers to TCG (using LLVM) is out! 😱😱😱

It has been in the making for quite some time, we’re very proud of it. 💪

Presentation: https://www.youtube.com/watch?v=Gwz0kp7IZPE

Patchset: https://lists.gnu.org/archive/html/qemu-devel/2024-11/msg04035.html

What the absolute fuck: https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash

In short: [[ "$foo" -eq whatever ]] in bash can run arbitrary code.

That looks like something that can realistically trigger in a lot of scripts.

(also test -v, but I barely ever see that one used)

Edit: This also happens in zsh 5.9 (but the referenced variable needs to exist) and mksh

Leveling Up Fuzzing: Finding more vulnerabilities with AI:

https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html

#fuzzing #google #vulnerabilities #ai #informationsecurity #cybersecurity

It's 2024. People spend more time looking at screens than not-screens. People spend more time in limited wavelength artificial lighting than natural light. Rather than trying to describe "real life", we should just stick to RGB, as "real life" IS mostly just RGB now

My WarCon slides about Ivanti Avalanche are public!

I tried to do some mapping of the attack-surface, show the new auth mechanism and present some research ideas (things I didn't try).
It also shows my first-ever fuzzing and memory corruption experience😆

https://github.com/thezdi/presentations/blob/main/2024_WarCon/Avalanche_WarCon24.pdf

[RSS] Finding Bugs in Chrome with CodeQL

https://bughunters.google.com/blog/5085111480877056/finding-bugs-in-chrome-with-codeql

Google payed me a bugbounty for a bug I reported 8 years ago...

Safety in an Unsafe World - RustConf 2024 - How to move Rust beyond memory safety to guarantee freedom from any class of bugs

https://www.youtube.com/watch?v=Ba7fajt4l1M

Discussions: https://discu.eu/q/https://www.youtube.com/watch?v=Ba7fajt4l1M

#programming #rustlang

Naming conventions, always surprising me

Attackers are hijacking Jupyter notebooks to host illegal Champions League streams

https://cyberscoop.com/misconfigured-jupyter-notebooks-uefa-champions-league-streaming/

[RSS] Looking at the Internals of the Kenwood DMX958XR IVI

https://www.thezdi.com/blog/2024/11/18/looking-at-the-internals-of-the-kenwood-dmx958xr-ivi

[RSS] Binary Ninja version 4.2 Frogstar

https://binary.ninja/2024/11/20/4.2-frogstar.html

#ReverseEngineering

[RSS] Spelunking in Comments and Documentation for Security Footguns - Include Security Research Blog

https://blog.includesecurity.com/2024/11/spelunking-in-comments-and-documentation-for-security-footguns/

#elixir #python #go

[RSS] Relaying Kerberos over SMB using krbrelayx

https://www.synacktiv.com/en/publications/relaying-kerberos-over-smb-using-krbrelayx

My team just released a paper detailing all the security capabilites in Windows Server 2025
https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/windows-server-2025-security-book/4283981

Thank You to the guests who joined the opening of the Museum of Malware Art! The museum is now open to the public. For hours and more information, see https://MuseumofMalware.Art