CVE-2021-3156 heap overflow in sudo command line / environment argument handling can be exploited on MacOS Big Sur (currently unpatched) by creating a symlink to sudo, additionally I have observed that t_delete() exploitation on Solaris has been updated to prevent negative chunk size overwrites but because you can write NULL's it is possible to reliably exploit this flaw on Solaris 10/11. You should patch Solaris if you use sudo as the repo has an update - https://www.opencsw.org/package/sudo/
I was trying to exploit the heap allocator on Solaris via the sudo bug, it appears that since Solaris 10 the libc now checks for a negative chunk size to prevent creating the tree structure that is used as a primitive against the Sys V heap allocator since 2001. You can still corrupt the chunk with large size but it would seem that a fix was added to prevent t_delete() method of exploitation first described in 2001 in "once upon a free()" article.
I've been enjoying exploring glibc and heap internals over the past few days thanks to the sudo vulnerability. It's rare for null writes and capability to smash entire heap space with a single vulnerability. All the public exploits so far just corrupt the heap structs and don't misuse the allocator via unlink or free() etc. I noticed that the overflow on libmuslc leads to an arbitrary write which is used by Alpine Linux. Writing some heap exploration tools for experiments, this is great fun!
Writing glibc heap overflow exploits for sudo. These were some very insightful resources & gdb extensions for inspecting the heap layout.
APT group (who maybe based in China or speak native Chinese), working at request of North Korea DPRK, used Chrome 0day exploit and backdoor'd visual studio projects to hack security researchers and steal their warez. Be careful when clicking on blog links or security research related materials, ideally use a VM or separate host for social interactions. The attackers were active in the community for almost a year before they were detected and hacked prominent researchers.
uHF is a virtual hacker-space, topics range from cybersecurity, ethical hacking, bug bounties, exploitation, reverse engineering and privacy. We will be holding bi-monthly online only meetups with occasional workshops on cybersecurity topics. We are using the US fraternity model to create an environment for people who enjoy computers and beer to network with and have fun, it is also a personal project of mine - you can find our virtual space & Matrix chatroom here https://hackerfraternity.org/
ShadowSocks decreasing in effectiveness for stealth communication tunnels over the last few months has given rise to alternative solutions, one of them "shadowtunnel" has been broken during a CTF, write-up here https://blog.cryptohack.org/cracking-chinese-proxy-realworldctf - I have been using ShadowSocks for years and will continue to use it until a more suitable alternative becomes available. I am in need of something that is like ShadowSocks but implements Steganographic traffic.
ShadowSocks, my preferred SOCKS proxy of choice due to it's absolutely awesome design & cross-platform support - it's even the tech which underpins Outline (Alphabet soup's communication tool for journalists) - is now being detected and blocked by the GFW in China according to reports. These blocks are performed with some manual oversight, but this reduces the effectiveness of this tool for those who bounce communications through ASIAPAC region. Report here - https://gfw.report/blog/gfw_shadowsocks/
Co-Founder https://hacker.house - cyber security assurance services & hacker training, author ISBN9781119561453, a book about professional hacking. Sysop of UNIX Hacker's Fraternity (uHF) BBS ~ https://hackerfraternity.org
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!