Feb 8, 2024 3 min read

exploits.club Weekly Newsletter 07

Hey, hey - thanks for crawling out of your debugger for this week's vuln research newsletter. Remember, you just need to find one more bug. Let's get into it 👇

Resources and Write-Ups From This Week:

Exploring AMD Platform Secure Boot - IOActive Labs put together a detailed write-up of the AMD PSB. The post first delves into the technical details of the architecture and boot process, before discussing the way the PSB is configured. The team also discloses misconfiguration issues by popular vendors they came across during their research.
DJI - The ART of obfuscation - Quarkslab makes yet another appearance in the newsletter this week for their new post on an "Android Runtime hijacking mechanism for bytecode injection". This post takes a look at the DJI Pilot application, and breaks down how it uses a packer to obfuscate its code. Well written and highly-detailed, this is worth the read for anyone reversing Android apps.
Breaking Bitlocker - Bypassing the Windows Disk Encryption - In his newest video, @ghidraninja yet again brings hardware hacking and vuln research to the masses. This time he details his research on stealing the Bitlocker Key from a modern Windows laptop using his regular weapon of choice, a Raspberry Pi Pico.
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability - "Siri play 'Kick You When You're Down' by AC/DC" is probably what someone at Ivanti muttered to their iPhone this week. Following the two critical vulnerabilities we reported on a few weeks ago, a third vulnerability in Ivanti's VPN app started to see mass exploitation over the weekend. And then, as if that wasn't enough, ZDI released this write-up detailing a recently patched RCE in Ivanti's Avalanche enterprise mobility management software program. Yikes.
Review of the SAILR paper - rev.ng released an interesting blog post detailing their thoughts on the recent SAILR paper. The post highlights points made in the paper and presents counter-arguments or alternate thoughts. Apparently the whole thing was originally supposed to be a thread of tweets, so the format is super easy to follow. Each point from the original paper is screenshotted and the rev team presents their thoughts on the point in just a few short sentences.
A Chrome Collection:
- @tchght released a PoC for CVE-2023-4427, an OOB Memory Access in V8
- CW Research Lab released a write-up on exploiting Issue-1472121. This one is in Korean (which we don't read sadly), but the included images and diagrams are all in English.
- @r3tr074 disclosed a buffer-overflow in Skia, and hinted that a write-up on a novel cross-cache exploit technique may be coming soon.
- @__suto, @lanleft_ and @trichimtrich disclosed a number of Chrome bugs, the details of which will be documented in an upcoming post on Qrious's blog.

Interesting Job Postings:

Vulnerability Researcher @ Apple (On-Site: Cupertino, CA)
Exploit Developer @ Parsons (On-Site: Fort Belvoir, VA)
Vulnerability Research Engineer - Android @ REDLattice (On-Site: Chantilly, VA)
Vulnerability Research Engineer - iOS @ REDLattice (On-Site: Chantilly, VA)
Reverse Engineer II @ Blitz App (Hybrid: Los Angeles, CA)
Exploit Developer @ SIXGEN (On-Site: Annapolis, MD)

Wrapping Up...

As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).

The exploits.club Discord is live. It's been a bit quiet and we are always looking for new members! Feel free to show your interest in joining by filling out the form.

Want to support us? You can now sponsor a coffee for the club.

Same time next week? See you then 🏴‍☠️

In Case You Missed It...

Resources and Write-Ups From This Week:

Interesting Job Postings:

Wrapping Up...