Happy Thursday! Hope everyone enjoyed laying down their hot programming and assembly takes on Twitter when a 3 year-old interview clip of famous rapper Geohot surfaced this week. Annnnyways 👇

In Case You Missed It...

• GenesisOS: Publishing my micro-kernel - @0x_shaq released an OS dev project he has been working. He included a little development journal as well - super cool and inspiring for any of you kernel dev folks.
• Introducing the nanoMIPS Architecture Plugin for Binary Ninja - Binja just released an official nanoMIPs plugin. The post goes over the feature set and small CrackMe. Unfortunately, Vector35 will be selling it separately, but cool to see nonetheless.

Resources And Write-Ups From This Week:

• The Windows Registry Adventure - Google Project Zero, aka the hackers you're probably jealous of, are back and better than ever. The first post in this new series outlines the premise of the research, which focused on fuzzing the Window's registry. The campaign resulted in just a measly 44 CVEs. The follow-up post goes into the history of the registry explaining it's original intention, implementation, and short comings. We are eagerly awaiting the next installment!
• Hacking Exchange from the Outside In - Sticking with the Microsoft Theme, Atredis released a blog post this week digging into Oracle's "Outside in" libraries. These libraries were used in Microsoft Exchange 2019 up until a few months ago, and were used to parse specific file types if an attachment inspection mail flow had been enabled. The write-up digs into the fuzzing set-up using AFL and Jackalope, before providing a crash-dump of the teams 3 finds (UAF, OOB read, OOB write)
• Accessory Authentication - In this 3 part blog series, IOActive does a deep dive into the security processors on a consumer product vs an unlicensed clone. The goal of the series is to understand the similarities and differences between the two devices, and deduce how the clone is able to "extract the necessary IP to make a compatible solution".
• Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials - Microsoft Threat Intelligence released their research into a long running campaign from Russian Threat Actor, Forrest Blizzard. The post dives into one of their tools, referred to as "GooseEgg", which takes advantage of a Windows Print Spooler N-day to escalate privileges on a client machine. The write-up does walks through the stages of compromise, before giving some IOCs and advice.
• CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon - These days, it feels like the newsletter wouldn't be complete if there wasn't at-least one unauthenticated command injection. Luckily, Rhino Security Labs has us covered this week, coming in hot with a URL which will pop Flowman from the login page.
• CVE-2024-3832: Object corruption on wasm functions installation - @buptdsb put together some quick notes on CVE-2024-3832. The document digs into some former research and related bugs, and includes links out to a handful of useful sources.

Interesting Job Postings:

• Web Browser Vulnerability Researcher @ Exodus Intelligence (Remote)
• Security Researcher @ Microsoft (Remote: UK)
• Exploit Developer @ SIXGEN (On-Site: Annapolis Junction, MD)
• Malware Reverse Engineer @ Meta (Remote Or Bellevue, WA | Burlingame, CA)
• Senior Android Vulnerability Researcher @ Raytheon (On-Site: Aurora, CO)
• Vulnerability Researcher @ Flashpoint (Remote)

Wrapping Up...

As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).

Feel free to join the exploits.club Discord server here 👉 https://discord.gg/2dxN2Gtgpx

Want to support us? You can now sponsor a coffee for the club.

Same time next week? See you then 🏴‍☠️