Sign in Subscribe
4 min read

exploits.club Weekly Newsletter 54 - ksmbd bugs, InternetCTF, Stream Deck Reversing, And More

exploits.club Weekly Newsletter 54 - ksmbd bugs, InternetCTF, Stream Deck Reversing, And More

Good morning, afternoon and evening you kernel cowboys. We hope everyone's back-to-work experience hasn't been too scary. Maybe next year AI will have it covered and you won't have to go back at all...annnnnnnyways 👇

In Case You Missed It...

Resources And Write-Ups From This Week:

  • ksmbd vulnerability research - @Doyensec blessed us this week with some ksmbd research to jumpstart our 2025s. The post starts with a brief overview of Ksmbd and what it intends to do. From there, it takes a look at some of the previous research conducted in the area, specifically calling out blogs from Thalium and pwning.tech. Doyensec built off the syzkaller fuzzing done by pwning.tech, leveraging their blog post as a starting point and extending the grammar to be more comprehensive. After a brief overview of the relevant code for communication with the service, the post the goes into the three vulnerabilities the fuzzing campaign found, all of which can be exploited during the set-up phase (pre-auth). The post looks at each of these, starting with the two UAFs and wrapping up with an OOM bug.
  • Capturing the Flags of the Internet: Find 0-days in OSS and write scanners to detect them - Looking to ring in the first month of 2025 with some additional cash funds? Well Google might be able to hook you up. This week, the company announced the InternetCTF. The format follows closely along with some of their other VRPs such as kCTF and v8CTF. This one, however, focuses specifically on popular open source libraries. If you pop the hosted instance with a bug of yours and provide a Tsunami patch to detect the vulnerability, you will be awarded $10k.
  • ZDI Threat Hunting 2024: Highlights, Trends, & Challenges - A bit on the threat intel side of the house, ZDI wrapped up 2025 by reviewing some of the trends they identified this year. The post first goes through the 4 bugs the team found ITW. From there, it looks at a handful of variants identified during hunts inspired by ITW trends and vendor patches. It then speculates on whats in store for 2025, talking through phishing with LLMs, patch gaps, 0-days in EOL products, and the continuing challenges with vendor disclosure.
  • CVE-2024-54527: MediaLibraryService Full TCC Bypass, Dive Deep into AMFI - Who doesn't love a good TCC bypass? This week @patch1t released a write-up on a recently patched bug he found, CVE-2024-54527. The logic bug resided in MediaServiceLibrary XPC service, which has the permissions to modify the TCC database directly. Specifically, this XPC service will load plugins from an insecure location, which is not protected by SIP or TCC and readable / writeable by non-root users . Therefore, a malicious user can put a payload into this directory, and then force it to be loaded via an XPC client. The post then switches gears a bit, and deep dives into AMFI, specifically continuing the investigation of a question posed in a previous blog post. This part of the post reverse engineers the AppleMobileFileIntegrity.kext to better understand how it works under the hood.
  • Overview of WebAssembly Type Confusion in JavaScript Engines Exploitation - Interested in looking for WASM type confusion bugs in 2025, but not sure where to start? xia0o0o0o has got you covered with his most recent blog post. The write-up stands to serve as an entry point for getting spun up on the topic. It first covers the basic WASM types as well as the slightly more complex ones included with WebAssembly Garbage Collection (WASMGC). From there, it goes into a case study of 3 bugs that were identified in 2024, reviewing the patches, understanding the vulnerability, and providing proof-of-concepts (for 2 of the 3 studies). It ends with the references used to craft the post, which would be interesting further reading for anyone looking to build on the foundational knowledge laid by the post.
  • Windows Kernel Resources: Development, Exploitation, and Analysis - Windows beginners rejoice. This week, Mr C and Assembly himself, @7etsuo, put out a massive collection of Windows Kernel Exploitation and development resources. The post includes a handful of tried and true educational materials (specific OST2 courses, Off By One Security Windows streams) as well as a collection of relevant content creators. It also includes a round-up of unsorted articles and blogs all related to Windows kernel exploitation, and specific kernel dev materials, such as the Windows Internals Book Series and open source sample drivers.
  • Reverse Engineering The Stream Deck Plus - There are few causes more noble than reverse engineering in the name of user privacy and security. And @den.dev knows just that. After being fed up with the software on Elgatos stream deck, he decided to build on a previous project to release an open source alternative to interact with the hardware directly. What follows is a post walking through how he turned this into a reality by inspecting USB traffic, doing a bit of binary analysis, and writing his wrapper for the system. If you are interested in packet analysis, hardware comms, and freedom...well then this one will be right up your alley.

Interesting Job Postings:

Wrapping Up...


As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us an email - info@exploits.club.

Follow us on X - we occasionally Tweet poor attempts at memes

Don't forget to check out https://bug.directory!

Your second brain - strictly for bugs

We sell mugs, and personally we have seen a drastic uptick in bugs since using ours. Get yours on at https://shop.exploits.club.

Feel free to join the exploits.club Discord server here 👉 https://discord.gg/2dxN2Gtgpx

Same time next week? See you then 🏴‍☠️

Published by:

exploits.club