What's going on ladies and gents, hope everyone is having a better week than the Chinese government and Lockbit. You'd think that if you continuously compromised companies due to poor patch management practices, you'd remember to keep your highly illegal and targeted operation running with an updated version of PHP...guess not. Annnnyways 👇

In Case You Missed It...

• BlackHat USA CFP Is Open - The deadline for submission is April 10th, and submitters will be notified in mid-June.
• cve-rs - Now you can introduce memory corruptions into your projects with 100% "safe" Rust code.
• CVE-2024-21413 PoC - In last week's newsletter, we went over some of the patches from Microsoft's most recent Patch Tuesday. Shortly thereafter, a PoC for the Outlook vuln was released by @xaitax.

Resources And Write-Ups From This Week:

• Fuzzer Development: Sandboxing Syscalls - @hombre put out his second part of the "Fuzzer Development" series he is running on his blog. The fuzzer sandboxes a Bochs emulator for easy system emulation and snapshot fuzzing. This post details the implementation of the "Bochs-to-fuzzer context switch", which takes place in order to handle syscalls.
• Oracle VM VirtualBox 7.0.10 r158379 Escape (CVE-2023-22098 PoC) - @theFlow0 put out a tweet this week detailing his research into virto-net for VirtualBox last year. He released a "100% reliable escape using an out-of-bounds-write (with ASLR defeat)". The exploit was posted on the Google Security Research Github repo.
• XNU Image Fuzzer - @h02332 released a XNU Image Fuzzer this week in Objective-C.
• Say Friend and Enter: Digitally lockpicking an advanced smart lock - Aleph Research put out part-1 of their security research into a smart-door lock. The post details the attack surface of the lock, and goes through the team's approach to hacking on it. This includes all the fun IoT-isms, such as decompiling the Android app, reversing the device firmware, doing a little bit of bluetooth analysis, and more. A great primer for anyone looking to get started with prodding at IoT targets.
• A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass - Huntress did a deep dive into the recent ScreenConnect CVEs. This included an authentication bypass and a path traversal, which ConnectWise published in an advisory earlier this week. The post goes through the process of analyzing the patch, identifying the root cause of each vulnerability, and writing exploits for each. It also puts out some potential IOCs, for those of you blue team folks out there.
• iMessage with PQ3: The new state of the art in quantum-secure messaging at scale - I've read it twice...still can't say I really understand all the big-brain things that are going on here, but "the new PQ3 cryptographic protocol for iMessage combines post-quantum initial key establishment with three ongoing ratchets for self-healing against key compromise, defining the global state of the art for protecting messages against Harvest Now, Decrypt Later attacks and future quantum computers"...obviously

Interesting Job Postings:

• Software Exploit Developer Junior @ Valiant Integrated Services (On-Site: Alexandria, VA)
• Sr Exploitation Software Developer @ Aperio Global (Hybrid: Fort Belvoir, VA)
• Vulnerability Research Security Engineer @ Viasat (On-Site: Carlsbad, CA)
• Post Quantum Cryptography Scientist @ Booz Allen Hamilton (Hybrid: Washington DC)
• Principal Software Reverse Engineer & Vulnerability Researcher @ Two Six Technologies (On-Site: Arlington, VA)
• Senior N-Day Researcher/Developer @ Horizon3.ai (Remote)

Wrapping Up...

As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).

We are opening up the exploits.club Discord to the public. Feel free to join us here 👉 https://discord.gg/2dxN2Gtgpx

Want to support us? You can now sponsor a coffee for the club.

Same time next week? See you then 🏴‍☠️