Hacker Fantastic @hackerfantastic@social.hackerfraternity.org

Exploiting Solaris 10 -11.0 SunSSH via libpam on x86 - a blog post from Hacker House https://hacker.house/lab/cve-2020-18471/

uHF is a virtual hacker-space, topics range from cybersecurity, ethical hacking, bug bounties, exploitation, reverse engineering and privacy. We will be holding bi-monthly online only meetups with occasional workshops on cybersecurity topics. We are using the US fraternity model to create an environment for people who enjoy computers and beer to network with and have fun, it is also a personal project of mine - you can find our virtual space & Matrix chatroom here https://hackerfraternity.org/

cool-retro-term is ace.

ShadowSocks decreasing in effectiveness for stealth communication tunnels over the last few months has given rise to alternative solutions, one of them "shadowtunnel" has been broken during a CTF, write-up here https://blog.cryptohack.org/cracking-chinese-proxy-realworldctf - I have been using ShadowSocks for years and will continue to use it until a more suitable alternative becomes available. I am in need of something that is like ShadowSocks but implements Steganographic traffic.

ShadowSocks, my preferred SOCKS proxy of choice due to it's absolutely awesome design & cross-platform support - it's even the tech which underpins Outline (Alphabet soup's communication tool for journalists) - is now being detected and blocked by the GFW in China according to reports. These blocks are performed with some manual oversight, but this reduces the effectiveness of this tool for those who bounce communications through ASIAPAC region. Report here - https://gfw.report/blog/gfw_shadowsocks/

Built Ghidra with the new debugging feature, keen to try it out on something practical. It won't build on aarch64 annoyingly so couldn't compile it on my pinebook pro as the debugger component uses protoc that supports only x86/x86, hope they add arrch64. However, ImHex compiled perfectly on the pbp and I discovered that if you enable OpenGL 3.3 extensions, it works!

Removing the US president from social media sends a powerful message about the censorship companies like Facebook and Twitter can enforce. We give them control over data and public debates that require discussion on opposing views to engage with one another to resolve conflicts. Our world has never been as divided as it is today and it is through division that we as people are conquered. You cannot have a revolution without unity. The world needs to have access to information free of censorship.

St. Maximilian Maria Kolbe - the patron saint of Amateur Radio. He volunteered himself to die in place of another man at Auschwitz and is celebrated on August 14th. A friar, he is pictured here using his radio rig. During World War II his radio transmissions under the callsign SP3RN helped foreign allies learn of the atrocities in Poland.

Chaos Computer Club Congress this year is a browser based MMORPG https://rc3.world/rc3 (requires ticket).

Missed out on ticket? You can live-stream the talks and join Matrix chats:
DE: #rc3:fairydust.space
EN: #rc3-en:fairydust.space
Fahrplan: https://rc3.world/rc3/public_fahrplan
Live stream: https://streaming.media.ccc.de/rc3

Send your cyber friends a post card from the event! #rc3 https://rc3.c3post.de

36C3 Android app works with rC3 schedule - APK https://f-droid.org/en/packages/info.metadude.android.congress.schedule/
URL setup - https://fahrplan.events.ccc.de/rc3/2020/Fahrplan/schedule.xml

SunOS kernel mode payload, this neat little trick will form the basis of my LPE exploit's for the OS, a very short payload stub that will locate and overwrite a process privilege structure to obtain root privileges. This is the basis of how a kernel read/write exploit primitive could be used to gain root.

Using Android anbox on the pinephone, you can virtualize an Android 7.1.2 image (API 25) in an LXC container, as you can run it is as root you can use it to dynamic instrument and mitmproxy the communication on-device. It's linux so all the usual Linux dm-crypt & LUKS applies. An interesting thing I learned https://linux-sunxi.org/JTAG - this has to be the most interesting place to hack the CPU :-) insert a magic MicroSD card to get root or pop a hidden secret file system.

privacypwn pinephone

I built pmOS edge onto my pinephone and have ditched all my smartphones. After I figured out how to setup the flatpak / appstream for gnome-software, I got a Linux smartphone experience with numerous apps. I wasn't able to go fully into pinephone until I solved needing a couple of communication apps found on traditional smartphones. Then I discovered Anbox and it's AMAZING. I have Android 7.1.2 running in a container and my phone is really a computer in my pocket with me as root not vendor

If only this worked on the latest kernel for pinebook pro, the GPU/VGA output in QEmu under KVM doesn't load post 5.5 kernels. It's the only thing so far that seems to run under QEmu that is worth hacking around on. I definitely need to find a nice virtual Win10 aarch64 platform, it's going to become more widespread and even with the x64 translation layer it's going to cause headaches for testing tools.

Nice list of currently effective exploits that were being utilized by FireEye’s red team stolen in a recent breach. You should have these in your toolbox https://github.com/fireeye/red_team_tool_countermeasures/blob/master/CVEs_red_team_tools.md