March 15, 2023
-
-
Hi. Guy who worked in MSRC & shipped the MS17-010 patch here.
*Preview pane* RCE was like the holy grail of non-OS vulns. This is so cool (the vuln, not the target because I will always #StandWithUkraine).
But goddamn y’all better install this one. Trust me. I know.
Ryan Naraine @ryanaraine
We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: mdsec.co.uk/2023/03/exploi… by @domchell
Well, I'd argue the Outlook 0day has its limitations, although it seems to be a nation state 0day attack (see who reported it). It doesn't allow RCE but NTLM leaking. What I want to say is if ur org still allows outbound 139/445 connection, well, you already got bigger problems.
-
-
Today is a sad day:
Apparently, my favourite HTML element, <marquee />
Has been deprecated ⚠️
My first ever website used it everywhere.
Thanks for all the great memories. We will miss ya.
-
GPT-4 can take a picture of napkin mockup as an input and output a fully functional website (HTML/CSS/JS) 🤯🤯🤯
-
The oldest privesc: injecting careless administrators' terminals using TTY pushback
https://www.errno.fr/TTYPushback.html-
-
Don't miss what's next. Subscribe to the grugq's newsletter: