September 27-28, 2024
September 27-28, 2024
Attacking UNIX Systems via CUPS, Part I
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s
[3/6] CUPS PoC exploit here: https://t.co/iJ3APr8Dgi (unauth non-root RCE but requires user interaction). Expect some fun mainly with MacOS users, I guess. We'll see :)
— ☠ Román Medina-Heigl Hernández (@roman_soft) September 26, 2024
We had a short look at the buffer overflow found by fuzzing
— Thijs Alkemade (@xnyhps) September 27, 2024process_browse_data
to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak. https://t.co/pUsjYqvQXF
It's an out-of-bounds read of 1 byte past the end of a stack buffer. In various places the following condition is used to determine whether to stop processing:
— Thijs Alkemade (@xnyhps) September 27, 2024
*c != '\"' && c < endhttps://t.co/qyPSYDE17h
Thread by @xnyhps on Thread Reader App – Thread Reader App
@xnyhps: We had a short look at the buffer overflow found by fuzzing process_browse_data
to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak. It's an out-of-bounds r...…
Victory at last!
— Eduard Habsburg (@EduardHabsburg) September 26, 2024
(Our plans are measured in centuries. We have other prospects.) https://t.co/HVRtPSIBTa
BTW, one thing to remember:
— Brian in Pittsburgh (@arekfurt) September 27, 2024
The single most commonly abused technique attackers use to go from initial foothold to total domain compromise is actually just using privileges the foothold account + machine has due to direct or nested/indirect membership in highly privileged groups. https://t.co/U9F0p0QxlG
You can’t attend #RomHack2024?
— Cyber Saiyan / RomHack Conference, Training, Camp (@cybersaiyanIT) September 26, 2024
The conference will be 📡📡 live streamed 📡📡https://t.co/LSQqeuBi49
Subscribe to Cyber Saiyan YT channel and set a reminder
Eric Adams 🤝 JD Vance
— Jake Rubinstein (@Jlrube) September 26, 2024
. Loving the Ottomans
Introducing RansomGuard, an anti-ransom filter driver, capable of dealing with challenges posed by memory mapped I/O, understanding how file-systems handle file deletions and more! Shoutout @Mattiwatti1 & @jonasLyk for their respective contributions🙂https://t.co/6BN0V68rq3
— 0mWindyBug (@0xwindybug) September 3, 2024
New writeup from @specters and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate.
— Sam Curry (@samwcyo) September 26, 2024
Full disclosure:https://t.co/e2EwvUMgqw pic.twitter.com/yMk4ihliFT
[Browser Exploitation] Insightful little analysis of v8 CVE-2024-7965: https://t.co/YE3ZZjoxzj
— VR|XD Community (@zerodaylinks) September 26, 2024
PoC: https://t.co/0dZk7VdrTb
Logic bug in Turbofan's "sea of nodes" IR implementation allows for OOB array access!
Exploit in-the-wild reported by Google & CISA on 26th August 2024
The final part of @chudyPB's look at #Exchange bugs in a post-ProxyNotShell world covers the no aurgument constructor. It allowed him to find 3 more vulns, even after Exchange PowerShell had been hardened by switching to a strict allow list of types. https://t.co/bygQxat9Op
— Zero Day Initiative (@thezdi) September 26, 2024
🚨 NEW: Boris Johnson planned for the British military to 'invade' Holland and seize 5 million doses of the AstraZeneca vaccine 'kidnapped' by the EU during Covid
— Politics UK (@PolitlcsUK) September 27, 2024
[@DailyMailUK]
This woulda been amazing. Boris invading Europe.