Hi all - Happy New Year 🎉! Welcome back to this week's Vuln Research Newsletter. We here at exploits.club hope everyone's 2024 is full of successful research projects and exploitable memory corruptions.

The good news? You probably have at least another year til the LLMs come for your job. Lets jump into this week's content.

Interesting Resources From The Week:

• 2023 CTF Challenge And Write-Up Database - @r3kapig put together a Notion site hosting a collection of challenges from all the most popular CTFs in 2023. Most of them even include an associated write-up!
• 2023 Firmware Security Thread - Sticking with the "2023 collections" theme, @prome put together a great list of his favorite firmware security research released over the last year.
• Qualcomm's January Security Advisory - Qualcomm published their January security advisory on New Years Day. A couple interesting bugs in here, most notably CVE-2023-33025, a buffer-overflow in the Data Modem which can be triggered via a VOLTE call. @xvonfers put together an interesting Twitter thread with links to the patch commits for some of the bugs in open source components.
• Strengthening the Shield: MTE in Heap Allocators - Want to worry about your 2024 job security? Check out this write-up which takes an in-depth look at MTE in various heap allocators.
• 30 Years of Decompilation and the Unsolved Structuring Problem: Part 1 - This is an excellent blog post discussing the origins of decompilation, the rise of decompilers in hacker communities, the subsequent pick-up in academia. It also touches on how the field has evolved, and the technical challenges associated with control flow structuring.
• kfd write-ups - In the wake of the Operation Triangulation craze of last week, some people stumbled across the smith write-up from the kfd Github repo, which details one of the vulns used for priv-esc in the now infamous attack chain. While this post was originally authored 6 months ago, on Jan 1st the researcher released another write-up and PoC detailing CVE-2023-41974, a use-after-free affecting the kernel.

New BlackHat Talks Released:

BlackHat has continued to slow-roll out their talks onto YouTube, dropping a few per week. Here are 2 notable recent releases:

• Jailbreaking an Electric Vehicle in 2023 - This talk overviews research on hardware attacks against Tesla's AMD-based infotainment centers. The researchers were able to bypass secure boot and unseal arbitrary TPM objects via voltage glitching.
• Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers - You may have come across the whitepaper associated with this talk back in August of last year. The corresponding talk has now been released on YouTube, and it is filled with reverse-engineering fun. As the abstract mentions, "Ultimately, we will show how these devices can be compromised, allowing us to cheat in a live poker game". Who wouldn't want to see that?

Interesting Job Postings:

• Senior Vuln Researcher @ Lucid
• iOS Reverse Engineer @ Correllium
• Reverse Engineer and Vulnerability Researcher @ MIT Lincoln Lab
• Vulnerability Researcher @ Dataflow Security - they have doubled their headcount in just the last year
• Vulnerability Researcher @ Interrupt Labs
• Embedded Hardware Hacker @ Kudu Dynamics

Wrapping Up...

We have been blown away by the support exploits.club has received in just the last week. If you have any comments on how we could improve or if you want to get involved, shoot us an email: jack@exploits.club.

The private discord community is launching sometime next week and we are super excited about it. Want to join? 👇

https://docs.google.com/forms/d/e/1FAIpQLSdircDMWaqS1CCLPZA9lcivZlBgY3C2q35CJQCQTdLrhys0Rw/viewform?usp=sf_link - Note we updated the form so can now just provide your Discord username instead of needing an email.

We are also on X, where we post daily about VR, RE, exploit dev... and memes (of course). Give us a follow

If you enjoy what we do, consider sharing the newsletter with a friend. See you next week 🏴‍☠️