February 27, 2024
February 27, 2024
It’s interesting that many developers have high faith in their compilers and it’s moderately rare to come across bugs as a dev. However, once you start to write code to specifically attack the compiler/interpreter, say JavaScript bugs in browsers. It’s an entirely different game
— Silvio Cesare (@silviocesare) February 26, 2024
On the other hand, there have been bugs introduced by the compiler that don't exist in the code, but is extremely obvious when looking at the generated assembly.
— Faith (@farazsth98) February 26, 2024
My favourite is Felix Wilhelm's Xen double fetch bug: https://t.co/u4NtdQi9Ey pic.twitter.com/TLgiJqMnSC
IP spoofing made easy
https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet/blob/master/tools/ghostip.sh
We need to be more aware of the spies in our midst – POLITICO
Knowing about the massive amounts of spying taking place can make one paranoid. But the best antidote to widespread espionage isn’t fear — it’s awareness.
🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥
— Sonar Research (@Sonar_Research) February 23, 2024
PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability:https://t.co/9JVMjj5FO9 https://t.co/VohgBSG6GI pic.twitter.com/k8s28WDD7f
⚠️ Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) ⚠️
— Sonar Research (@Sonar_Research) February 20, 2024
Attackers could trick administrators into clicking on a malicious link and gain RCE:https://t.co/9JVMjj6dDH#appsec #security #vulnerability #joomla
Privilege escalation through Chrome extension (CVE-2023-4369)
— 0xor0ne (@0xor0ne) February 27, 2024
Credits Derin Eryılmaz (@deryilz)https://t.co/6ow4vsiW8o#chrome #infosec pic.twitter.com/FrjpKdIC33
Ever wondered whether fuzzer-generated PoCs that work for Linux upstream can actually be reproduced (with or w/o root) in real-world Linux distributions, e.g., Ubuntu? Check out our paper. Bonus: open sourced solution to automatically answer the question given a PoC. https://t.co/T46IbcQ4zb
— Zhiyun Qian (@pkqzy888) February 26, 2024
I’ll be presenting my recent exploit assessment paper at NDSS, looking forward to see you all.
— ETenal (@ETenal7) February 26, 2024
In this paper, we investigate the problem of why upstream PoCs can’t trigger bugs on downstream and how to adapt the PoC accordingly.https://t.co/IqsJnrJfJ2 https://t.co/3afcA4zZdN
The #NDSSsymposium2024 Program is Live!
— NDSS Symposium (@NDSSSymposium) February 8, 2024
Start circling which of the 3 tracks and 8 co-located events you'll be sitting in on over the five days. https://t.co/FBVe6r9cp9 pic.twitter.com/8CHkxktToC
Today we released a report calling on the technical community to adopt memory safe programming languages. We have the ability & responsibility to reduce the cyber attack surface & prevent entire classes of security bugs from entering the digital ecosystem https://t.co/munVsA1Be8 pic.twitter.com/YP9Al7KQ1d
— Office of the National Cyber Director (@ONCD) February 26, 2024
“per my last email” = fuck you
— Brooklin Nash (@realBrookNash) February 26, 2024
“apologies for the delay” = fuck me
“cc’ing for visibility” = you’re fucked
“checking in in this” = i’m fucked
“let’s revisit in Q4” = fuck this
“i’m not sure that’s aligned” = fuck that
“respectfully yours” = fuck all y’all