Application Security This Week for June 28

I was tempted to start making up dates. Like Junuary 54th.  But dark humor doesn't belong here.  Or does it.

 

Lots of talk recently about using Frida to hook methods in binary application, like native mobile apps and even windows apps. Here's an easy way to get started.

https://github.com/leonjza/frida-boot

 

Taking advantage of Bitdefender FROM A WEBSITE.  No I am not kidding.  I haven't tried this yet but wow.

https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/

 

This is a twitter thread I wish I had written.  The basics of application vulnerability analysis.

https://threadreaderapp.com/thread/1273052843012841472.html

 

We are back on the encryption discussion.  Let me make my own, personal, not endorsed by anyone, position very clear.  Anyone - ANYONE - can encrypt anything with two coins, a pencil, and a piece of paper.  These laws do NOTHING. Nothing at all. Please tell everyone.  If you have questions, please ask. If I don't know the answer, I know people who do.

https://news.bitcoin.com/lawful-access-to-encrypted-data-act-backdoor/

 

And finally: an amazing exploit getting RCE from PostgreSQL with only a little magic juice.

https://srcincite.io/blog/2020/06/26/sql-injection-double-uppercut-how-to-achieve-remote-code-execution-against-postgresql.html

 

Have a great week, everyone.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList