Application Security This Week for April 26

Really great breakdown of exploitation of cache poisoning.

https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/

 

Further reminder that HTTP is the weakest link.  Exploitation example of HTTP Request Smuggling.

https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/

 

Extraodinarily hard to exploit but really fascinating to look at RCE bug in the Android Bluetooth stack.

https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/

 

A lot of people have put their online training up for free (for a limited time) like PluralSight.  Here's another one, by Kontra.  I haven't done it yet but it comes highly recommended.

https://blogs.akamai.com/sitr/2020/04/a-brief-history-of-a-rootable-docker-image.html

 

That's it for the news of the week. Everyone stay safe and healthy!

S

Application Security This Week for April 19

I Forgot To Post On Easter Because I Was Cooking Edition

 

There is a really need VMWare bug that has some solid analysis already.  Thanks to John from a client of mine for tuning me into it.

https://www.vmware.com/security/advisories/VMSA-2020-0006.html

https://threatpost.com/critical-vmware-bug-corporate-treasure-hackers/154682/

 

You need to reboot Boeing 787s every couple months or they crash. No big deal. 

https://www.theregister.co.uk/2020/04/02/boeing_787_power_cycle_51_days_stale_data/

 

From the archives (because I just used it on a test): a Command Injection Cheatsheet:

https://hackersonlineclub.com/command-injection-cheatsheet/

 

I was blindingly honored to judge the CBusStudentHack competition this year.  Clearly it was weird, and we had to do it remotely.  Way easier when you can talk to the young women and men on the teams, but we got it done via video. Here are the five finalists - worth a watch if you want to feel god about the next generation of hackers.

https://www.youtube.com/playlist?list=PLXpk4w_SsmmTJgYwm9OLgVlPkl-aQK_kc

 

Please stay safe and healthy.

 

Application Security This Week for April 5

I'm hoping everyone is safe and healthy. This whole thing is weird. But security news marches on.

 

There was a vulnerability discovered in Pi-hole.  If you don't know what it is, don't worry, but if you do, you need to patch right meow.  Either way, neat application security lessons. Good writeup here:

https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/

 

Along those lines, there is a vulnerability in OpenWRT. Again, if you aren't using it don't sweat it but cool writeup about the vulnerability:

https://nakedsecurity.sophos.com/2020/03/31/patch-now-critical-flaw-found-in-openwrt-router-software/

 

HTML 6 is coming! See what's new here:

https://morioh.com/p/6d422fc49bd2

 

The incredible Binni Shah tuned me in to two some really interesting new C# memory injection tools:

https://github.com/coffeegist/changeling

https://github.com/pwndizzle/c-sharp-memory-injection

 

That's the news. Stay safe, everyone.

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList