exploits.club Weekly Newsletter 12
What's going on you fellow code breakers. Hope everyone is finding more bugs than Claude. We are dropping our new fake bugs for a "non-expert audience" soon too (kidding...kind of).
In Case You Missed It...
- Phrack 71 CFP Still Open - The call ends April 1st, so make sure you get your submissions in!
- New Method Of Disclosure Just Dropped - @dustriorg has coined the term Carrot Disclosure, and we are here for it. Not sure what "dangling a metaphorical carrot in front of the vendor to incentives change" means? Don't worry - he provides an example. Unrelated, but RaspAP is suddenly very interested in improving their eyesight.
Resources And Write-Ups From This Week:
- Robots Dream of Root Shells - After a brief break, @benhawkes is back with a new blog. This time, he explores ideas around the upcoming AIxCC DARPA competition, specifically keying in on his thoughts about the feasibility of using LLMs to find software bugs. The post has some interesting tidbits that discuss the fundamental limitations of our current tech, and potential issues to be on the lookout for in the future.
- Ghostrace: Exploiting and Mitigating Speculative Race Conditions - VUSec released a blog post with the key takeaways from their recently released paper . The research they conducted centered around synchronization primitives, and their behavior in speculatively executed code paths. The team found that "primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a Spectre-v1 attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target software."
- ARLO: I'm Watching You - In this new Synacktiv blog post, the team details how to get started doing vulnerability research on an Arlo Camera. The write-up servers as a primer, looking to better understand the software and hardware of the camera, and start digging into hacking on it. More generally though, it's a great primer for anyone looking to improve their IoT hacking methodology, as it walks through each aspect of the attack surface and explains how to understand it in the context of VR.
- Mali GPU Kernel LPE - Babe, wake up - two new Mali GPU bugs just dropped. @simo36 dropped a tweet on Wednesday, mentioning that he reported over 10 kernel bugs to Google and he was releasing his first exploit. The exploit takes advantage of an integer overflow and an info leak, and the post does an excellent job walking through each vulnerability before diving into exploitation.
- Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2) - A few weeks ago, we covered part 1 of this series, in which Aleph Security began analysis on a smart lock, taking a look at the Android app, firmware, BLE, and other potential attack vectors. In the follow up to that post, the team details a metric ton of vulnerabilities they identified during the next phase of their research. This ranges from things like protocol downgrade to "unauthenticated update leading to complete takeover." The biggest takeaway? Don't put a Kontrol Lux Lock on your front door...or any door for that matter.
- CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability - ZDI's new blog post walks through an RCE vuln in Microsoft's .NET Framework and Visual Studio. The command injection vulnerability stems from "insufficient validation of FTP command parameters". In particular, the framework implements an abstraction for interacting with FTP control connections, but fails to validate if user supplied parameters contain CRLF characters.
Interesting Job Postings:
- Integrated Cyber Exploitation Researcher @ MIT Lincoln Laboratory (On-Site: Fort Meade, MD)
- Vulnerability Researcher @ ARSIEM (On-Site: Fort Meade, MD)
- Vulnerability Researcher @ Dell (On-Site: Austin, TX)
- Reverse Engineer @ Red Arch Solutions (On-Site: Annapolis, MD)
- Android Reverse Engineer @ Piper Companies (On-Site: Austin, TX | Seattle, WA | San Francisco, CA)
Wrapping Up...
As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).
Feel free to join the exploits.club Discord server here 👉 https://discord.gg/2dxN2Gtgpx
Want to support us? You can now sponsor a coffee for the club.
Same time next week? See you then 🏴☠️