Let's also talk about our failures!

We tried to make a consortium for a cool EU-funded project about malware analysis, but didn't manage to do it in time. 🫤

We'll try again! If you're an SME owned and controlled in the EU, feel free to get in touch 💪

https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-eccc-2024-deploy-cyber-07-keytech

Linux kernel hfsplus slab-out-of-bounds Write

Outstanding article by Attila Szasz about exploiting a slab out-of-bounds bug in the HFS+ filesystem driver.

The author discovered that Ubuntu allows local (not remote/SSH'd) non-privileged users to mount arbitrary filesystems via udisks2 due to the used polkit rules. This includes filesystems whose mounting normally requires CAP_SYS_ADMIN in the init user namespace.

The article thoroughly describes a variety of techniques used in the exploit, including a cross-cache attack, page_alloc-level memory shaping, arbitrary write via red-black trees, and modprobe_path privilege escalation.

https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

🦘🛜Compromising bastion host to gain full control over the internal infrastructure.
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:

https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-diving-into-jumpserver-attackers-gateway-to-internal-networks-250319-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #security #vulnerability

🌪️ TyphoonPWN is back for its 7th year at TyphoonCon! 💻💰
This year, we’re offering up to $70,000 for discovering and exploiting Linux Privilege Escalation vulnerabilities.
Remote participation is allowed, so grab your gear, sharpen your knowledge, and sign up: https://typhooncon.com/typhoonpwn-2025/

Useful piece. Solar panels are largely cloud managed, and now in The Netherlands alone create the same power as 50 of our nuclear power plants. If you switch this 25GW on/off remotely, the consequences could be huge. And we do not regulate these cloud platforms at all: https://www.dw.com/en/how-hackers-capture-your-solar-panels-and-cause-grid-havoc/a-71593448

It seems that our Veeam CVE-2025-23120 post is live.

I would never do this research without @SinSinology He insisted a lot, thx man. 😅

If you know CVE-2024-40711, this vuln can be patch-diffed and exploit armed in 5 minutes. Unfortunately, it's super simple at this point.

https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

Our first video from RE//verse 2025 is live! Part journey of personal discovery, part technical deep-dive, this presentation from Markus Gaasedelen was the highest rated in the feedback survey and is a must-see talk: https://youtu.be/hGlIkgmhZvc

My writeup for the KalmarCTF challenge "no sqli" is out, covering the exploitation of CVE-2024-6382, an integer overflow in the Rust's MongoDB library. A very interesting challenge, enjoy! :)

https://worty.fr/post/writeups/kalmarctf2025/

Robert De Niro on a Netflix show (Zero Day) mentioning the O.MG Cable! 😎

Shoutout to whoever did the text, you got the silent punctuation perfectly.

Perfectly reasonable reaction 🤣

There’s been a lot written about the Walkman over the years, but no one has really focused on the first ten years to show how its early evolution took shape. Here’s a sneak peek of how the article is coming together. I can’t wait for you all to check it out in Issue 2! Download Issue 1 in PDF for FREE! https://www.patreon.com/posts/get-first-issue-123662381

There have been great women in malware writing and the VX scene:

First and foremost: Gigabyte, she was a pioneer for many other women to get into VX. She was my best friend for many years, I owe so much of my VX years and introduction into cyber security because of her. She was always and inspiration and a huge reason why I encourage women to get into cyber. She went to jail for virus writing and never ratted any of us out. Also a very and capitol Fuck you Graham Cluely for being an asshole to a teenage girl and personally making sure she went to jail because you were offended by her viruses (she made fun of him after he said girls should not be writing viruses and should be doing girly things). She wrote a ton of HLL (high level language) viruses like Sharp, Parrot, Scrambler, And My favorite, Scooter (it was an inside joke for me and her). She recent got married and I wish her nothing but the best in life.

There was Nex: she was a virus author originally from Arizona who specialized in macro viruses, she wrote one of the first viruses to bypass office 97 SP1 which was made to protect against macro viruses. She got in a car accident and was hit by a police officer with no lights and no siren on and lost her ability to walk. After she sued the hell out of the police department she got out of VXing. She's currently living back in Arizona and no longer in the scene.

VxFaerie was another women in VX who was well respected. She wrote one of the first python infectors ever. She was very nice and was always kind to people in the scene.

And we have modern day women who are studying viruses and should be respected just as much as the old VXers like @nikaroxanne - she is doing legit work that would have made heralded in the scene.

Women in VX was always a thing, a few others I know never revealed they were women because of how they were feared they would be treated. If they are still around, I hope they see this and know their work was equal. Most of the VX scene never cared at all about this, we only cared that you put up or shut up. And put the fuck up they did. #respect

https://bird.makeup/@vxunderground/1902193800291709357

The lovely folk of @WEareTROOPERS are hosting @Blackhoodie_RE for another two days of training, brought to you by Cora, Anso and @Car0line_Le about malware, OSINT and reverse engineering 😊 Registration is now open https://blackhoodie.re/Troopers2025/

Building an electric vehicle simulator to research EVSEs: At #Pwn2Own Automotive, we built a custom device to let the EV chargers "charge". ZDI researcher Thanos Kaliyanakis explains how to put one together for your research. https://www.zerodayinitiative.com/blog/2025/3/14/building-an-electric-vehicle-simulator-to-research-evses