udunadan @infosec.pub An open-eyed man falling into the well of weird warring state machines. I mostly speak on (offensive) cybersecurity issues.
https://twitter.com/udunadan
https://infosec.exchange/@udunadan
No More Speculation: Exploiting CPU Side-Channels for Real
CPU vulnerabilities are a widespread problem, yet they are not well understood and are generally hard to mitigate. Some of these vulnerabilities affect nearly all modern processors, regardless of running software. This blog explores their impact on real-life systems.
iOS 17: New Version, New Acronyms
Our goal at DFF is to reveal any threats on mobile devices, and that requires us to keep up to date with every single version of Android and iOS, including the beta and "Developer Preview" phases. Often, these are the under-the-hood, undocumented changes which have the real impact on opera
Glad to be of use!
CVE-2023-2033
Contribute to mistymntncop/CVE-2023-2033 development by creating an account on GitHub.
Earlier this year I was invited to give a talk at University of California San Diego (UCSD) for Nadia Heninger's CSE 127 ("Intro to Computer Security"). I chose to talk about modern exploit development, stepping through the process of finding and exploiting some of the memory corruption bugs that th...
Unpack the remote code execution vulnerability impacting the Microsoft Message Queueing service — CVE-2023-21554, a.k.a. QueueJumper.
By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specifi...
CVE-2023-3389 - Exploiting a vulnerability in the io_uring subsystem of the Linux kernel
Exploiting a vulnerability in the io_uring subsystem of the Linux kernel.
IntroductionI’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real bug that was exploited in kCTF. io_ring has be...
Introduction Every so often a piece of security research will generate a level of excitement and buzz that's palpable. Dan Kaminsky's DNS bug, Barnaby Jack's ATM Jackpotting, Chris Valasek and Charlie Miller's Jeep hacking escapades. There's something special about the overheard conversations, the ...
Absolutely no problem, happy if you liked it!
The issue had been made public only on July 25. The point of sharing the bug isn't notifying users to patch their browsers but to inform browser vulnerability researchers of a valuable data point.
TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84 bytes. The object can be easily allocated a...
CVE-2023-35086 POC - ASUS routers format string vulnerability
POC of CVE-2023-35086 only DoS. Contribute to tin-z/CVE-2023-35086-POC development by creating an account on GitHub.
Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE-2022-3910. After successfully writing an exploit which made use of DirtyCred to gain local privilege escalation, my mentor Billy asked me if it was possible to tweak my code to facilitate a container...
It was an ITW 0-day at the moment of reporting and has probably retained the issue header from back then which I had copied.
A bunch of other Foxit vulns here: https://talosintelligence.com/vulnerability_reports
The content is really bounded by tech stuff, but I guess that's due to migration being important for tech-savvy users. It is true that appending "reddit" to search queries and following the results is still inevitable (but hey, libreddit and teddit still work). But vibe is completely different, very organic, very active, I like it a lot. I think there is a lot of potential in this feeling of authentic communication. Let's hope it grows.
Lemmy is much better replacement for Reddit than Mastodon is for Twitter.
Well, the malicious actors can setup their own instances as well and exploit the inherent trust between the participants by design. P2P sold as security property in the scenario where participants are unknown and multiple in numbers is misconception. It does not square well with basic security mindfulness, and shouldn't be taken as improvement in that regard.
I think that federation and all this stuff is not about improving security, it is a form of grassroots communication based on certain principles. If you need security, you use other tools, and treat these things as public, hostile spaces.
Such guides should probably warn that instances run by volunteers do not have dedicated security teams and that OPSEC has to be adjusted accordingly. Not that centralized services are essentially safer (they are juicier targets), but nevertheless it is still important to remember.
I plan to spend time solely on this instance. I'm not interested in anything else in terms of anything involving both r/w or just w kind of access (for general questions requiring googling I still go to reddit). I don't think there is a need in other instances if your interests are niche (like infosec). I'm more than satisfied with what I see here and I hope to keep it this way. It is a viable alternative to /r/netsec, but maybe as an aggregator, not a platform for feedback.