»Suffice it to say, if you work someplace with enough machines, there's probably some way for you to get root on all of them if you can hit them with a handful of packets. I've seen it happen far too many times at enough companies to expect things to stay secure. I'm not talking about buffer overflows and stuff like that, although those exist too. I mean just straight up asking a service to please run a command for you (as root), and it gladly complies.«
The PAM Duress is a module designed to allow users to generate 'duress' passwords that will execute arbitrary scripts when used in place of their regular password.
Glowworm Attack: recovering sound by analyzing optical emanations from a device's power indicator LED.
This post explains how attackers can abuse middleboxes and censorship infrastructure for DoS amplification attacks over TCP.
An empirical study of vulnerabilities in cryptographic libraries.
»While cynics are probably correct (for now) that we probably can't shut down every avenue for compromise, there's good reason to believe we can close down a vector for 0-interaction compromise. And we should try to do that.«
MITRE 2021 Common Weakness Enumeration (CWE) Top 25 list.
Ghidra is a software reverse engineering (SRE) framework by the NSA.
Among other improvements, mitmproxy now supports TLS-over-TLS, HTTP/2 - HTTP/1 interopatibility, and host header-based proxying.
»A massive REvil ransomware attack affects multiple managed service providers and over a thousand of their customers through a reported Kaseya supply-chain attack.«
Google announced »a simple, unified schema for describing vulnerabilities precisely. «
what
is a python-based identification tool for text and files.
»VPNs are entirely based on trust. «
»ALPACA is an Application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session.«
Post on how the integration of password managers into other applications, especially web browsers, increases the attack surface significantly.
A vCenter pre-auth remote code execution vulnerability with a severity rating of 9.8 out of 10 is under active exploitation.
This post introduces the isolation feature in Firefox and describes how to enable it in the different Firefox versions before the official release later this year.
OpenSCAP is a popular implementation of the Security Content Automation Protocol (SCAP) for automated vulnerability management and compliance evaluation.
Vulnerabilities found in the file-sharing tool croc.
The FBI actively removes backdoors from the hacked Microsoft Exchange servers.
In this post, the author shows that replacing C/C++ with safer languages is not an all-or-nothing task and suggests prioritizing systematically.
»BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.«
According to a source, Ubiquiti's breach in January 2021 was much severe than what the company communicated.
This post explains the issue of DoS against regular expressions. The authors also introduce their tool regexploit
, which helps analyze regular expressions against such vulnerabilities.
The author shares his interesting findings in buying and utilizing 14 domains that are 1-bitflip away from windows.com.
This post introduces sigstore, a Linux Foundation project that aims to improve open-source software supply chain integrity and verification.
In this document, Apple explains the different security aspects of its platform.
»The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consumers of open source software accurately identify if they are impacted and then make security fixes as quickly as possible.«
dog
is a command-line DNS client with support for DNS-over-TLS and DNS-over-HTTPS protocols.
This post's authors provide insight into Mozilla's fuzzing-pipeline, including links to the open-source tools in use.
The Threat Modeling Manifesto provides guidelines with values and principles in threat modeling.
»Seven new vulnerabilities are being disclosed in common DNS software dnsmasq, reminiscent of 2008 weaknesses in Internet DNS Architecture.«