by Bill Sempf
26. April 2020 11:02
Really great breakdown of exploitation of cache poisoning.
https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/
Further reminder that HTTP is the weakest link. Exploitation example of HTTP Request Smuggling.
https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/
Extraodinarily hard to exploit but really fascinating to look at RCE bug in the Android Bluetooth stack.
https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/
A lot of people have put their online training up for free (for a limited time) like PluralSight. Here's another one, by Kontra. I haven't done it yet but it comes highly recommended.
https://blogs.akamai.com/sitr/2020/04/a-brief-history-of-a-rootable-docker-image.html
That's it for the news of the week. Everyone stay safe and healthy!
S
b2b42d45-6e78-4fbc-a191-8b9d6a49fa44|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
19. April 2020 15:27
I Forgot To Post On Easter Because I Was Cooking Edition
There is a really need VMWare bug that has some solid analysis already. Thanks to John from a client of mine for tuning me into it.
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
https://threatpost.com/critical-vmware-bug-corporate-treasure-hackers/154682/
You need to reboot Boeing 787s every couple months or they crash. No big deal.
https://www.theregister.co.uk/2020/04/02/boeing_787_power_cycle_51_days_stale_data/
From the archives (because I just used it on a test): a Command Injection Cheatsheet:
https://hackersonlineclub.com/command-injection-cheatsheet/
I was blindingly honored to judge the CBusStudentHack competition this year. Clearly it was weird, and we had to do it remotely. Way easier when you can talk to the young women and men on the teams, but we got it done via video. Here are the five finalists - worth a watch if you want to feel god about the next generation of hackers.
https://www.youtube.com/playlist?list=PLXpk4w_SsmmTJgYwm9OLgVlPkl-aQK_kc
Please stay safe and healthy.
4a6e9f74-28b0-48c9-ad74-4c0e687e7f6c|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
5. April 2020 08:38
I'm hoping everyone is safe and healthy. This whole thing is weird. But security news marches on.
There was a vulnerability discovered in Pi-hole. If you don't know what it is, don't worry, but if you do, you need to patch right meow. Either way, neat application security lessons. Good writeup here:
https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
Along those lines, there is a vulnerability in OpenWRT. Again, if you aren't using it don't sweat it but cool writeup about the vulnerability:
https://nakedsecurity.sophos.com/2020/03/31/patch-now-critical-flaw-found-in-openwrt-router-software/
HTML 6 is coming! See what's new here:
https://morioh.com/p/6d422fc49bd2
The incredible Binni Shah tuned me in to two some really interesting new C# memory injection tools:
https://github.com/coffeegist/changeling
https://github.com/pwndizzle/c-sharp-memory-injection
That's the news. Stay safe, everyone.
327d7f98-4aac-468c-a516-5543d1348db4|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: