Stack Clashing is pretty neat, something you should really pay attention to in embedded spaces (its often exploitable in UEFI land as most EDK2 builds lack guard pages). I got to write some exploits for some recently,…
Bit confused on how this group got access to the rabbit codebase, as this sounds closer to backend code and not jadx'ing the APK. Are there any details on that?
I understand the issue, I have checked /dev/pts/ and seen systemd-run create a user readable pts there. I'm not adverse to that one getting chown()'d, but there really isn't any impact from it. The problem is you can…
This is not a systemd-run specific issue either. I reproduced this targeting sudo (just `cat` the parent tty), in fact able to capture my password as I type it in, and capture commands as they are being typed in.…
I put a bit further thought into this. The claim is that because the pty has user permissions its possible to hijack it, but that really hasn't been true for years which is why the two PoC do things like use reptyr…
This is not a real bug and the trick is possible with sudo if you just hijack the parent process of sudo with reptyr instead of sudo directly. Also seems a bit absurd to try and pretend there is a security boundary…
From their FAQ and blog posts, I don't believe they apply much FHE. Seems what they do is use work from a different subfield [1], which seems to be able to achieve the required speeds and still be able to work with more…
It actually does run on KVM! I spent yesterday trying to get it to work and found the trick was setting the chipset to i440FX, and putting every drive on the IDE bus. Probably not a reasonable choice for any real usage…
Far from the most qualified to answer this but it's probably a mixture of market demand, the targets, mindshare and QA. Higher value targets tend to use iOS more often so their adversaries have more interest in…
I stumbled upon a talk from GRCon18 a few weeks ago where they did this [1], though on a much more restricted testcase. Find the idea interesting, but I'm curious how resistant it is to attackers who know you are using…
I've ran some student hackathons in the UK (worth noting we have a very different culture than the US scene) and we actually tried to discourage the whole working 24 hours straight thing. Events are more just workshops…
Worth noting that it's quite common for people to not be publicly listed as part of Github organizations. The archive.org snapshot of the organization page from February [1] shows the same member count, so suspect…
The google form lists the prices in an image: * $119 for 4GB of RAM * $149 for 8GB of RAM But the early version apparently is only the 8GB variant.
I arranged everything on day I needed to move on (except in Dushanbe where I arranged the transport to Khrough via the hostel, who I just told the night before). Worked even on the Monday after Tajikistan's Independence…
I did the journey in early September, starting in Dushanbe, as part of my backpacking trip throughout Central Asia. Highlight of my trip. Surprisingly easy to travel as a lone backpacker nowadays as you can arrange…
Stack Clashing is pretty neat, something you should really pay attention to in embedded spaces (its often exploitable in UEFI land as most EDK2 builds lack guard pages). I got to write some exploits for some recently,…
Bit confused on how this group got access to the rabbit codebase, as this sounds closer to backend code and not jadx'ing the APK. Are there any details on that?
I understand the issue, I have checked /dev/pts/ and seen systemd-run create a user readable pts there. I'm not adverse to that one getting chown()'d, but there really isn't any impact from it. The problem is you can…
This is not a systemd-run specific issue either. I reproduced this targeting sudo (just `cat` the parent tty), in fact able to capture my password as I type it in, and capture commands as they are being typed in.…
I put a bit further thought into this. The claim is that because the pty has user permissions its possible to hijack it, but that really hasn't been true for years which is why the two PoC do things like use reptyr…
This is not a real bug and the trick is possible with sudo if you just hijack the parent process of sudo with reptyr instead of sudo directly. Also seems a bit absurd to try and pretend there is a security boundary…
From their FAQ and blog posts, I don't believe they apply much FHE. Seems what they do is use work from a different subfield [1], which seems to be able to achieve the required speeds and still be able to work with more…
It actually does run on KVM! I spent yesterday trying to get it to work and found the trick was setting the chipset to i440FX, and putting every drive on the IDE bus. Probably not a reasonable choice for any real usage…
Far from the most qualified to answer this but it's probably a mixture of market demand, the targets, mindshare and QA. Higher value targets tend to use iOS more often so their adversaries have more interest in…
I stumbled upon a talk from GRCon18 a few weeks ago where they did this [1], though on a much more restricted testcase. Find the idea interesting, but I'm curious how resistant it is to attackers who know you are using…
I've ran some student hackathons in the UK (worth noting we have a very different culture than the US scene) and we actually tried to discourage the whole working 24 hours straight thing. Events are more just workshops…
Worth noting that it's quite common for people to not be publicly listed as part of Github organizations. The archive.org snapshot of the organization page from February [1] shows the same member count, so suspect…
The google form lists the prices in an image: * $119 for 4GB of RAM * $149 for 8GB of RAM But the early version apparently is only the 8GB variant.
I arranged everything on day I needed to move on (except in Dushanbe where I arranged the transport to Khrough via the hostel, who I just told the night before). Worked even on the Monday after Tajikistan's Independence…
I did the journey in early September, starting in Dushanbe, as part of my backpacking trip throughout Central Asia. Highlight of my trip. Surprisingly easy to travel as a lone backpacker nowadays as you can arrange…