#vulndev — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vulndev, aggregated by home.social.
-
TCache exploitation primer video: https://www.youtube.com/watch?v=PK-0EENLF_Y #vulndev
-
Save $400 on our summer courses this week, covering subjects including #reversing, #vulndev #malware, and more. Just use the code DD24MEMDAY at the checkout. https://ringzer0.training/ringzer0-doubledown24-training-lineup/
-
Nice Windows Kernel #vulndev exploitation tutorial series: https://rootkits.xyz/blog/2017/06/kernel-setting-up/
-
Complete free university course materials on program analysis, featuring symbolic execution. Includes lecture notes, slides, exercises, solutions and videos: https://software-lab.org/teaching/winter2020/pa/ #reversing #vulndev
-
Using symbolic execution in crash triage by @jordan9001 https://www.atredis.com/blog/2022/10/29/symbolic-triage-making-the-best-of-a-good-situation #vulndev #reversing
-
I’m really proud of the @hnsec blog!
We published articles about #web and #mobile #appsec, #IoT, #redteaming, #vulndev, #codereview…
In a bit more than a couple of years of activity that’s a lot in my opinion. And we have more to come soon!
Well done, #hnsecurity team 💚
-
Did you know that #Diaphora detects patch diffing sessions and tries to help finding where vulnerabilities were fixed? Here are some examples for CVE-2020-1350 and CVE-2023-28231.
#patchdiffing #binarydiffing #bindiffing #vulnerabilityresearch #vulndev
-
I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.
#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations -
I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.
#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations -
I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.
#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations -
I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.
#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations -
I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.
#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations -
Talos discovered four #vulnerabilities in Ichitaro, a popular word processing software in Japan, that could lead to code execution. Details on the patch and a breakdown of the potential exploits here https://blog.talosintelligence.com/vuln-spotlight-justsystems-ichitaro/
-
Two vulnerabilities I disclosed to @msftsecresponse got patched today. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416. Both are are RCE and given critical severity. The first is a pre-auth vuln in ICMP.
From the bulletin:
How could an attacker exploit this vulnerability?
An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.
-
A privilege elevation bug I reported to #msrc just got fixed: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688
Will give a few more details once people have enough time to patch, but it allows LPE from any process. #cve202321688 #patchtuesday #vulndev
-
AIX rather helpfully sticks all your function parameters into registers so I've just ported grace.sh to AIX for better bug hunting. Writing up my notes as I go, but hoping to drop a write up of CVE-2022-36768 out this evening, fingers crossed.
-
Holy crap this is going to be easier to script up than I thought https://github.com/compiler-explorer/compiler-explorer/blob/main/docs/API.md! #VulnDev
-
ok. I think function definition details have been fully captured (excluding C++ templates for now) in https://gitlab.com/wirepair/src2bin/-/blob/main/src/visitor.rs.
Now it's time to capture some details about the function bodies. I'm thinking:
- Any data xrefs (e.g. refs to strings/constants)
- Maybe number of conditionals? Or loops? this is probably a bad idea due to compiler optimizations such as loop unrolling etc.I need to script up using godbolt to analyze various compiler outputs for the same code. #VulnDev
-
Google Project Zero discloses 5 exploitable vulns in Androids Mali GPU driver leading to LPE and mitigation bypasses found by @jann. Most phones with Mali GPU including Pixel, Samsung, etc still vuln ..
Current issue seems to be that most phone vendors have not shipped drivers AMD patched months ago. Hopefully the public exposure will pressure the vendors to ship updates since any attackers/spyware shops monitoring AMD patches would already have knowledge of these vulnerabilities.
For researchers, this is a nice way to get full system access for further #vulndev
https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html
-
re: mastodon tags .. I use the term #vulndev as an all encompassing label for vuln research, exploit dev, offsec tool dev, reverse engineering, etc.
For those unfamiliar, this is short for "Vulnerability Development" comes from the old vuln-dev mailing list.
Give this post a like if you also use or would use #vulndev or comment if there are preferred alternatives.