Really great breakdown of exploitation of cache poisoning.

https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/

Further reminder that HTTP is the weakest link.  Exploitation example of HTTP Request Smuggling.

https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/

Extraodinarily hard to exploit but really fascinating to look at RCE bug in the Android Bluetooth stack.

https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/

A lot of people have put their online training up for free (for a limited time) like PluralSight.  Here's another one, by Kontra.  I haven't done it yet but it comes highly recommended.

https://blogs.akamai.com/sitr/2020/04/a-brief-history-of-a-rootable-docker-image.html

That's it for the news of the week. Everyone stay safe and healthy!

S

I Forgot To Post On Easter Because I Was Cooking Edition

There is a really need VMWare bug that has some solid analysis already.  Thanks to John from a client of mine for tuning me into it.

https://www.vmware.com/security/advisories/VMSA-2020-0006.html

https://threatpost.com/critical-vmware-bug-corporate-treasure-hackers/154682/

You need to reboot Boeing 787s every couple months or they crash. No big deal. 

https://www.theregister.co.uk/2020/04/02/boeing_787_power_cycle_51_days_stale_data/

From the archives (because I just used it on a test): a Command Injection Cheatsheet:

https://hackersonlineclub.com/command-injection-cheatsheet/

I was blindingly honored to judge the CBusStudentHack competition this year.  Clearly it was weird, and we had to do it remotely.  Way easier when you can talk to the young women and men on the teams, but we got it done via video. Here are the five finalists - worth a watch if you want to feel god about the next generation of hackers.

https://www.youtube.com/playlist?list=PLXpk4w_SsmmTJgYwm9OLgVlPkl-aQK_kc

Please stay safe and healthy.

I'm hoping everyone is safe and healthy. This whole thing is weird. But security news marches on.

There was a vulnerability discovered in Pi-hole.  If you don't know what it is, don't worry, but if you do, you need to patch right meow.  Either way, neat application security lessons. Good writeup here:

https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/

Along those lines, there is a vulnerability in OpenWRT. Again, if you aren't using it don't sweat it but cool writeup about the vulnerability:

https://nakedsecurity.sophos.com/2020/03/31/patch-now-critical-flaw-found-in-openwrt-router-software/

HTML 6 is coming! See what's new here:

https://morioh.com/p/6d422fc49bd2

The incredible Binni Shah tuned me in to two some really interesting new C# memory injection tools:

https://github.com/coffeegist/changeling

https://github.com/pwndizzle/c-sharp-memory-injection

That's the news. Stay safe, everyone.