Chrome 0day has been in the wild for a day and is still not patched on all versions, requires pairing with a Sandbox escape to be a fully weaponized exploit. PoC code can be used to execute code on multiple latest updated Chrome across several platforms when run with --no-sandbox to simulate the sandbox escape component. Impressive work. github.com/r4j0x00/exploits/tr

I'm really pleased to see that the BBS networks have stayed strong. There's still 1000's of boards online and plenty of interesting mods and doors. I am attempting something new with MysticBBS. I am adding Torrent support to the BBS so that it will function as a Torrent tracker to allow file sharing directly amongst HPVC enthusiasts through the board.

The website git.rip connected to the Verkada hacker is displaying a US DoJ seized notice. The website previously hosted large numbers of leaked source code repositories, which were obtained through default credentials and misconfigurations of gitlab & sonarqube instances.

CVE-2021-3156 heap overflow in sudo command line / environment argument handling can be exploited on MacOS Big Sur (currently unpatched) by creating a symlink to sudo, additionally I have observed that t_delete() exploitation on Solaris has been updated to prevent negative chunk size overwrites but because you can write NULL's it is possible to reliably exploit this flaw on Solaris 10/11. You should patch Solaris if you use sudo as the repo has an update - opencsw.org/package/sudo/

I was trying to exploit the heap allocator on Solaris via the sudo bug, it appears that since Solaris 10 the libc now checks for a negative chunk size to prevent creating the tree structure that is used as a primitive against the Sys V heap allocator since 2001. You can still corrupt the chunk with large size but it would seem that a fix was added to prevent t_delete() method of exploitation first described in 2001 in "once upon a free()" article.

I've been enjoying exploring glibc and heap internals over the past few days thanks to the sudo vulnerability. It's rare for null writes and capability to smash entire heap space with a single vulnerability. All the public exploits so far just corrupt the heap structs and don't misuse the allocator via unlink or free() etc. I noticed that the overflow on libmuslc leads to an arbitrary write which is used by Alpine Linux. Writing some heap exploration tools for experiments, this is great fun!

APT group (who maybe based in China or speak native Chinese), working at request of North Korea DPRK, used Chrome 0day exploit and backdoor'd visual studio projects to hack security researchers and steal their warez. Be careful when clicking on blog links or security research related materials, ideally use a VM or separate host for social interactions. The attackers were active in the community for almost a year before they were detected and hacked prominent researchers.

Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!