exploits.club Weekly Newsletter 01

Dec 24th, 2023 - Dec 31st, 2023

Hello and welcome to the first entry of our Vulnerability Research Newsletter. We intend this to be a weekly round-up of interesting blogs, talks, and jobs postings related to vulnerability research and
exploit development. Let's get into it:

The 37th Chaos Communication Congress (37c3):

If you have been anywhere near X this week, you've probably come across some chatter about the talks presented at 37c3 over the past few days. Kaspersky's breakdown of Operation Triangulation certainly stole the show, with it's details of a zero-click iOS attack chain. One of the slides in particular has been making the rounds, which details the level of sophistication (and, according to LiveOverflow, "bureaucracy") of the attack.

Other talks we enjoyed here at exploits.club:

• Nintendo hacking 2023: 2008 - It wouldn't be a C3 without a console hacking talk, and this breakdown on jailbreaking the Nintendo DSi certainly fills that role. Lots of interesting tidbits in this talk, ranging from advanced hardware hacking to binary exploitation to self-rolled crypto (yikes).
• Fuzz Everything, Everywhere, All at Once - This talk walks through how to fuzz binary-only targets with LibAFL and QEMU. It then introduces a new library for LibAFL which offers "APIs to hook the target using Rust". It includes a demo against an Android Library, as well as a demo showing off some built-in detections for non-memory corruption bugs, such as command injection and SQLi. If this talk sparks your interest in LibAFL like it did for us, Artedis released a LibAFL workshop earlier this month which can help bring you up to speed.

There are plenty of other talks in our backlog at the moment, including stacksmashing's iPhone USB-C antics and a breakdown of spyware discovered during the Predator Files investigation.

Other Resources We Have Been Enjoying This Week:

• Achieving Remote Code Execution in Steam: a journey into the Remote Play protocol - An interesting adventure in reversing, fuzzing and exploiting Steam's remote play protocol
• Trail Of Bits Add's CodeQL To Testing Handbook - A few months ago, Trail of Bits introduced their teseting handbook with it's first chapter on Semgrep. This month, they have gone ahead and added a second chapter detailing CodeQL. This is a perfect place to get started with CodeQL or sharpen your skills if you have already had it in your toolkit for a while now.
• Nintendo Switch Game Hacking Resources - A GitHub repo to get you up to speed on security research for Nintendo Switch games. With some interesting recent reports coming out of the Nintendo's bug bounty program, this could serve as a good primer to get you into a potentially under-researched targets.

Interesting Job Postings:

• Vulnerability Researcher @ Praetorian
• Vulnerability Researcher @ Apple
• Lead Security Researcher @ Rapid7
• On-Site Vulnerability Researcher @ RTX
• On-Site Lead Vulnerability Researcher @ Two-Six Technologies
• Senior N-Day Researcher / Developer @ Horizon3 AI

Wrapping up...

We are in the process of setting up our closed Discord community for researchers. Interested in joining the club? Fill out our interest form here: https://forms.gle/2qYrq8w3TLgDDVQx5

Follow us on X!