A fun tool that finds weak Active Directory passwords, and then notifies the user.
https://github.com/AdrianVollmer/Crack-O-Matic
Signal pwned Cellebrite with pure Moxie.
https://signal.org/blog/cellebrite-vulnerabilities/
Sad news, Dan Kaminsky has left us. He was known for his extraordinary research into DNS cache poisoning, but most importantly, he was a great person. He will be missed.
https://en.wikipedia.org/wiki/Dan_Kaminsky
S
Pwn2Own had some interesting browser vulnerability results:
https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
Reddit (A social network) has started a bug bounty program:
https://www.reddit.com/r/redditsecurity/comments/mqse9a/announcing_reddits_public_bug_bounty_program/?sort=qa
I am user #63 on that site, and thee oldest active member who isn't an admin, so I might give it a shot.
A good person wrote a list for semgrep that searches for secrets in public repos (or really any code) using some really well written filters. Check it out:
https://r2c.dev/blog/2021/dont-leak-your-secrets/
Hope everyone has a secure week!
Surprisingly good article from the BBC about firmware attacks
https://www.bbc.com/news/business-56671419
Some really interesting code related to the Windows RPC attack
https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.html
One of my favorite topics - insecure API endpoints - presented at BSides
https://blog.assetnote.io/2021/04/05/contextual-content-discovery/
Have a secure week, everyone.
Guess who forgot to do a newsletter last week?
Cool file upload attack to get access to SSH unauthenticated.
https://blog.fadyothman.com/cve-2021-28379-gaining-rce-via-ssh-backdoor-in-vestacp/
Neat tool to MITM an iOS device. The code is worth a look.
https://github.com/doronz88/harlogger
There is a new release of a (new to me) tool to test SAML implementations.
https://blog.compass-security.com/2021/03/saml-raider-release-1-4-0/
More cool HTTP2 vulnerabilities exploited.
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
TLS 1.0 and 1.1 are formally deprecated. These become High findings on reports now.
https://datatracker.ietf.org/doc/rfc8996/
Retire.js, one of my favorite tools, has been updated.
https://retirejs.github.io/retire.js/
And finally, spend your Sunday patching OpenSSL.
https://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html
Have a secure week, everyone.
Happy pi day!
Missive on the insecurity of C as a programming language.
https://daniel.haxx.se/blog/2021/03/09/half-of-curls-vulnerabilities-are-c-mistakes/
Regex is easily exploitable for denial of service attacks.
https://blog.doyensec.com/2021/03/11/regexploit.html
It might be too late to register, but Veracode is holding a Capture The Flag competition for students.
https://www.veracode.com/events/hacker-games
Have a secure week.
This is a pop culture article about why mobile application can be insecure (from Wired) but it is well written. It might be behind a paywall for some of you, if so I'm sorry.
https://www.wired.com/story/ios-android-leaky-apps-cloud/
Good writeup on the Apache Velocity vulnerability.
https://securitylab.github.com/advisories/GHSL-2020-048-apache-velocity
Look, more supply chain problems! Yay! 3,500 pypy packages corrupt, and a tool to discover them.
https://github.com/pypa/pypi-support/issues/923
And finally, a series that begins with DLL Search Order Hijacking, something similar to what I have added to this newsletter before. Worth keeping an eye on.
https://github.com/pypa/pypi-support/issues/923
S
Microsoft has some guidance for containers using .NET
https://devblogs.microsoft.com/dotnet/staying-safe-with-dotnet-containers/
Another interesting dependency management tool, but this one if for Python!
https://github.com/visma-prodsec/confused
AWS isn't the only cloud that has blob storage permission problems.
https://github.com/cyberark/BlobHunter
Have a good week!