What's going on fellow hackers - we hope everyone's first day of February is going better than Steven's. May this new month bring you easy-to-triage fuzzer crashes and READMEs with build instructions that work on the first try. Let's get into it 👇

In Case You Missed It...

• Recon Call for Papers is Open! - The conference is accepting 30 or 60 minute talk submissions. The first round closes March 29th, and last call will be April 26.
• Off By One Upcoming Stream Schedule - Stephen Sims (@Steph3nSims) took to X this week to announce the upcoming stream schedule for his popular RE and VR YouTube channel, Off By One Security.
• The Synacktiv Team is Once Again "Masters of Pwn" - Pwn2Own Automotive concluded last week, with over $1.3 million in bounties and 49 unique 0-days. Synacktiv took the crown for the third time, raking in $450k in prize money and 50 Master of Pwn points. Maybe it's time exploits.club starts working on a subscription-based automotive security tool...just saying...

Resources and Write-Ups From This Week:

• Qualys Releases Two glibc Bugs - Qualys released advisories for two vulnerabilities they identified in glibc. The first was an OOB read and write in qsort() due to a missing bounds check. The second was a heap-based buffer overflow affecting syslog()
• nix libX11: Uncovering and Exploiting a 35-year-old Vulnerability - JFrog released Part Two of their two-part blog series covering CVE-2023-43786 and CVE-2023-43787. These posts discuss the discovery and subsequent exploitation of two vulnerabilities in popular graphics library X.Org libX11 - one of which resulted in RCE via a heap-overflow.
• Inside the LogoFAIL PoC: From Integer Overflow to Arbitrary Code Execution - In early December, Binarly.io presented the technical details on LogoFAIL, a vulnerability class resulting from custom images being parsed during boot. This week, the team released a detailed write-up on creating a PoC for one-such vulnerability. The blog post walks through identifying an integer overflow via fuzzing and escalating that primitive to a heap-overflow resulting in code execution.
• OSS-Fuzz Gen - If you're like us, you have probably thought about how LLMs and fuzzing may play nicely together. Google wrote about some ideas in the space back in August of last year, and this week they announced the open-sourcing of their LLM powered fuzzing framework.
• Relution Remote Code Execution via Java Deserialization Vulnerability - Praetorian released a post this week detailing CVE-2023-48178, a Java deserialization vulnerability in a Relution. The post is extremely detailed, and walks through the software architecture, the vulnerability, and the methodology for hunting deserialization gadget chains.
• ZDI Discloses Lexmark Pwn2Own Bugs - ZDI published disclosures this week for the Lexmark Printer bugs used in Pwn2Own IoT/Mobile back in November of 2023. While the disclosures themselves only give a small insight into the bugs used, we should hopefully see contestants releasing write-ups in the near future.
• Missing signs: how several brands forgot to secure a key piece of Android - Following up their most recent post from late 2023 about how GCC's stack-protection just...didn't work on ARM, Meta's Red Team dropped their first post of 2024. This one covers a vulnerability affecting a number different Android vendors in which default test keys from AOSP are used to sign APEX modules.

Interesting Job Postings:

• Vulnerability Researcher @ Research Innovations Incorporated (On-site: St Pete Beach, FL)
• Offensive Security Engineer, GPU System Software @ NVIDIA (Remote)
• Reverse Engineering/Vulnerability Research Intern (Fall 2024) @ Battelle (On-site: Columbus, OH)
• Vulnerability Researcher @ Dell (On-site: Austin, TX)
• Security Researcher @ Aptiv (Hybrid: Troy, MI)
• Malware Reverse Engineer @ Meta (On-site: Bellevue, WA | Burlingame, CA)
• Senior Windows Vulnerability Researcher and Exploit Developer @ Crowdfence (On-site: Abu Dhabi)

Wrapping Up...

As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).

The exploits.club Discord is live. Its been a bit quiet and we are always looking for new members! Feel free to show your interest in joining by filling out the form.

Want to support us? You can now sponsor a coffee for the club.

Same time next week? See you then 🏴‍☠️