exploits.club Weekly Newsletter 08
Hey hackers, happy love week - hope everyone enjoyed their Valentines Day. We decided to treat our girlfriend (Binja) to something nice (Ninja Dark Theme) 💕💻. Let's get into this week's content:
In Case You Missed It...
- Getting Started With Binary Ninja Stream - Last week, Off By One Security hosted a conversation with Vector 35 Co-founder Jordan Wiens. Jordan gave a bit of background into himself and Binary Ninja as a product, before demonstrating some of its features in an effort to help new or converting users get started.
- The Kernel Becomes Its Own CNA - Linux Kernel is now its own CNA. Lots of conversation on X about this one.
- kCTF Disables nf_tables - In an announcement over discord, the kCTF team noted "We've already got 38 submissions for nftables during the last ~8 months and we've lost confidence that fixing the vulns one-by-one".
Resources and Write-Ups From This Week:
- Puckungfu 2: Another NETGEAR WAN Command Injection - NCC Group released a follow up to their original Puckungfu post, detailing a different command injection bug they were able to use in Pwn2Own 2022 after Netgear patched their original one just days before the competition. For this bug, the cron job which served as the entry to the buggy code path only triggered randomly between 1:00AM-4:00AM. For Pwn2Own, the team devised a strategy to trigger the job by remotely altering the device's time zone and accurately predicting the cron job's 'random' timing within a minute.
- Underutilized Fuzzing Strategies for Modern Software Testing - Trail Of Bits posted a great talk by @AddisonCrump_vr on their YouTube channel. The slides if that is more your thing. The talk goes through the basic methodology of fuzzing, how it has changed overtime, and you can use LibAFL to approach the problem differently.
- February Patch Tuesday - ZDI released its normal Patch Tuesday round-up this month, detailing the most important aspects from both Microsoft and Adobe's advisory. Per usual, on the Adobe side a number of critical bugs in Acrobat and Reader were patched. Microsoft released patches for 70+ bugs, 5 of which are critical and 2 of which are ITW 0-days. The Outlook bug also looks interesting.
- "Tianfu Cup 2023" Chrome use-after-free - A PoC for the Web Audio bug used in the Tianfu Cup was released this week.
- LLVM's 'RFC: C++ Buffer Hardening' at Google - This is an interesting post out of Google discussing how the team approaches proposed memory safety mitigations and their potential trade-offs in shipped products. In particular, it discusses LLVM's introduction of C++ Buffer Hardening , and how the RFC was evaluated and eventually adopted into Andromeda, GCP's Network Virtualization Stack.
- Keynote | Rust in the Linux kernel - Alice Ryhl gave the Keynote at RustLab Conference on writing a complex Linux kernel driver in Rust. The premise of the talk details Alice's journey in rewriting Android's Binder driver, and has a number of great takeaways.
Interesting Job Postings:
- Principal Security Researcher @ Microsoft (Remote)
- Android Malware Analyst @ Google (On-Site: Bangalore, Karnataka, India)
- Vulnerability Researcher Intern @ Raytheon (On-Site: Anthem Parkway, TX)
- Vulnerability Researcher - Web Browser @ REDLattice (On-Site: Chantilly, VA)
- Mobile Vulnerability Researcher @ interclypse (On-Site: Annapolis Junction, MD | San Antonio, TX)
- New Grad Reverse Engineer @ Johns Hopkins Applied Physics Lab (On-Site: Laurel, Maryland)
Wrapping Up...
As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).
We are opening up the exploits.club Discord to the public. Feel free to join us here 👉 https://discord.gg/2dxN2Gtgpx
Want to support us? You can now sponsor a coffee for the club.
Same time next week? See you then 🏴☠️