Posts
4263
Following
738
Followers
1632
"I'm interested in all kinds of astronomy."
[CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings

https://github.com/turistu/odds-n-ends/blob/main/CVE-2025-14282.md
0
0
3
It's 2025, and I have to prompt an LLM no less than 5 times to figure out how to add a new keyboard layout to Windows Server 2025, becase 1) the UI turned absolutely shit 2) the built-in search is optimized for ads instead of discovering functionality.

Also, Disk Management is gone, and you get no meaningful results for "disk" in the Start Menu. But when you *right click* the Start icon it's there. Why would it be so hard to make this discoverable by search (or leaving a shortcut with the original name)??
2
0
3
repeated
Rust is is not a "silver bullet" that can solve all security problems, but it sure helps out a lot and will cut out huge swatches of Linux kernel vulnerabilities as it gets used more widely in our codebase.

That being said, we just assigned our first CVE for some Rust code in the kernel: https://lore.kernel.org/all/2025121614-CVE-2025-68260-558d@gregkh/ where the offending issue just causes a crash, not the ability to take advantage of the memory corruption, a much better thing overall.

Note the other 159 kernel CVEs issued today for fixes in the C portion of the codebase, so as always, everyone should be upgrading to newer kernels to remain secure overall.
0
9
1
repeated

With H2HC on hiatus this year, the security community stepped up to create the 307 Temporary Security Conference—and we were proud to be part of it!

We presented our research on vulnerabilities in the CAN BCM protocol in the Linux kernel.

Thank you to everyone who watched!

The slides and exploit demos are now available.

Slides
https://allelesecurity.com/wp-content/uploads/2025/12/Presentation_307.pdf

Demo 1: Exploit for UAF read (CAN BCM) to dump shadow file & MySQL root hash.
https://www.youtube.com/watch?v=znTLHc2mXIs

Demo 2: Exploit for UAF read in CAN BCM (CVE-2023-52922) that leaks encoded freelist pointer and slab object addresses
https://www.youtube.com/watch?v=XQ3QlXqn6pI

0
3
0
repeated

Memory bugs, such as use-after-free and buffer overflows, are the most exploited vulnerability class; however, AddressSanitizer's 2-4x performance overhead makes it unusable in production.

So, we recommend GWP-ASan, which uses sampling and guard pages to detect memory safety bugs at scale. Learn the technique and how to implement it in your C++ projects using LLVM's scudo allocator:
https://blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/

0
3
0
repeated
repeated

My second blog post regaling tales from my weekend of bugs:

https://wirepair.org/2025/12/16/netcode-bugs/

0
3
0
To the person who thought displaying questionnaires on first browser startup is a good idea:

You are dumb and literally everyone hates you.
1
0
3
repeated

The Cryptax Award H2 2025 is out! (lol)

Best talks, papers, CTF challenges, tools I encountered in the second half of 2025:

https://cryptax.github.io/nomination-2025-h2/

It's a difficult selection, as always, and it is very personal opinion!

Congratulations to those who are listed, and kudos to others :)

@pancake @UYBHYS @rootme_org

0
3
0
repeated
Edited 7 months ago

THC Release 💥: The world’s largest IP<>Domain database: https://ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl https://ip.thc.org/1.1.1.1

Raw data: https://ip.thc.org/docs/bulk-data-access

(The fine work of messede 👌)

What does everyone think? Need feedback before release tomorrow :)

6
15
0
repeated

If you need to get your mood down a few notches, there are some new slop entries to torment yourself with here:

https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

3
2
0
repeated

Training Ticket Shop for is now open.

The content of our 2026 trainings is unique and exclusive to OffensiveCon, so don’t miss out.

🔥 New this year: Get your training + conference ticket bundle - you have the opportunity to secure a conference ticket before the conference ticket shop opens!
You can also get a training ticket only...

Training tickets: https://www.offensivecon.org/register.html

And the conference ticket shop? Oh, it’ll open… sometime in the next 5 months. Stay tuned.👀

0
3
0
repeated

There's another researcher, Zhengyu Liu, who's been finding CPython crashes (mostly use-after-free) at breakneck speed (19 in 5 days!): https://github.com/python/cpython/issues?q=is%3Aissue%20author%3Ajackfromeast

Not sure about what technique they're using, but their site states they they favor "leveraging program analysis approaches to detect/exploit/patch vulnerabilities in real-world complex applications and systems".

Their reports are comprehensive, with great presentation and details.

https://jackfromeast.github.io/

0
1
0
repeated

There's a researcher, Jiang Yuancheng, who's doing a great work finding CPython crashes and memory leaks: https://github.com/python/cpython/issues?q=is%3Aissue%20author%3AYuanchengJiang

They've come up with a very clever idea for a new way of fuzzing, made a fine tool out of it, and are reaping great results.

Fuzzing can be a diminishing returns endeavor: you only have so many bugs to find. Their approach has shown itself to cover different areas and kinds of issues well, as shown by their track record.

3
3
0
repeated

now at @link@js.meowingwo.men

5
19
1
repeated
repeated

CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center https://cymulate.com/blog/cve-2025-64669-windows-admin-center/

0
3
0
repeated

Bellingcat’s Kolina Koltai uncovers the Hungarian national behind two deepfake porn websites. The key figure rakes in profits and vacations in luxury hotels in Dubai and Bali, whilst website visitors create sexually explicit images and videos.
Find out how we uncovered the administrator behind the deepfakes by reading the full investigation here: https://www.bellingcat.com/news/2025/12/15/mark-resan-reface-deepfake-porn/?utm_source=mastodon

0
6
0
repeated
Edited 7 months ago

just released liboprf-0.9.3

liboprf is a library implementing the OPRF from https://www.rfc-editor.org/rfc/rfc9497.html and in addition it also provides a threshold variant (tOPRF) and a distributed key generation (DKG) protocol for the tOPRF shared secret, as well as a key update protocol for the tOPRF shared secret. it comes with a high level python frontend that supports servers on TLS, USB and Bluetooth LE

see: https://github.com/stef/liboprf

0
1
0
repeated

We need to normalize declaring software as finished. Not everything needs continouos updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.

11
15
2
Show older