the grugq's newsletter

Subscribe
Archives
February 27, 2024

February 27, 2024

February 27, 2024

It’s interesting that many developers have high faith in their compilers and it’s moderately rare to come across bugs as a dev. However, once you start to write code to specifically attack the compiler/interpreter, say JavaScript bugs in browsers. It’s an entirely different game

— Silvio Cesare (@silviocesare) February 26, 2024

On the other hand, there have been bugs introduced by the compiler that don't exist in the code, but is extremely obvious when looking at the generated assembly.

My favourite is Felix Wilhelm's Xen double fetch bug: https://t.co/u4NtdQi9Ey pic.twitter.com/TLgiJqMnSC

— Faith (@farazsth98) February 26, 2024


IP spoofing made easy

https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet/blob/master/tools/ghostip.sh


We need to be more aware of the spies in our midst – POLITICO

Knowing about the massive amounts of spying taking place can make one paranoid. But the best antidote to widespread espionage isn’t fear — it’s awareness.


🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥

PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability:https://t.co/9JVMjj5FO9 https://t.co/VohgBSG6GI pic.twitter.com/k8s28WDD7f

— Sonar Research (@Sonar_Research) February 23, 2024

⚠️ Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) ⚠️

Attackers could trick administrators into clicking on a malicious link and gain RCE:https://t.co/9JVMjj6dDH#appsec #security #vulnerability #joomla

— Sonar Research (@Sonar_Research) February 20, 2024


Privilege escalation through Chrome extension (CVE-2023-4369)
Credits Derin Eryılmaz (@deryilz)https://t.co/6ow4vsiW8o#chrome #infosec pic.twitter.com/FrjpKdIC33

— 0xor0ne (@0xor0ne) February 27, 2024


Ever wondered whether fuzzer-generated PoCs that work for Linux upstream can actually be reproduced (with or w/o root) in real-world Linux distributions, e.g., Ubuntu? Check out our paper. Bonus: open sourced solution to automatically answer the question given a PoC. https://t.co/T46IbcQ4zb

— Zhiyun Qian (@pkqzy888) February 26, 2024

I’ll be presenting my recent exploit assessment paper at NDSS, looking forward to see you all.

In this paper, we investigate the problem of why upstream PoCs can’t trigger bugs on downstream and how to adapt the PoC accordingly.https://t.co/IqsJnrJfJ2 https://t.co/3afcA4zZdN

— ETenal (@ETenal7) February 26, 2024

The #NDSSsymposium2024 Program is Live!
Start circling which of the 3 tracks and 8 co-located events you'll be sitting in on over the five days. https://t.co/FBVe6r9cp9 pic.twitter.com/8CHkxktToC

— NDSS Symposium (@NDSSSymposium) February 8, 2024


Today we released a report calling on the technical community to adopt memory safe programming languages. We have the ability & responsibility to reduce the cyber attack surface & prevent entire classes of security bugs from entering the digital ecosystem https://t.co/munVsA1Be8 pic.twitter.com/YP9Al7KQ1d

— Office of the National Cyber Director (@ONCD) February 26, 2024


“per my last email” = fuck you

“apologies for the delay” = fuck me

“cc’ing for visibility” = you’re fucked

“checking in in this” = i’m fucked

“let’s revisit in Q4” = fuck this

“i’m not sure that’s aligned” = fuck that

“respectfully yours” = fuck all y’all

— Brooklin Nash (@realBrookNash) February 26, 2024


Don't miss what's next. Subscribe to the grugq's newsletter:
X