Code signing applications is an essential part of the macOS security model. Being able to bypass signing and verification steps would be a major flaw in the system, leading to users being at risk....
The authors of this post come from Star Labs - a usual team at Pwn2Own. They detail several cool vulnerabilities that were patched a little bit before the event. They targeted a Netgear router, in...
wolfSSL is a TLS implementation written in C. The author of this post had previously written a protocol fuzzer called tlspuffin, which they decided to target wolfSSL with since several bugs had...
Zora has a module for allowing users to list any NFT for sale at a fixed price and currency. This is referred to as AsksV1 or Buy Now in the ecosystem. A potential buyer is able to fill that...
Sherlock is a blockchain auditing platform in the form of contests. They had a staking pool setup with Euler. The function balanceOf on the EulerStrategy.sol is used to determine the current value...
Gearbox is a composable leverage protocol. It allows a user to take leverage on collateral asset and use the borrowed funds through CreditAccount across DeFi. A common functionality for every...
Superfluid.sol allows for composable Superfluid agreements in a single transaction. I have no idea what this means (lolz). The important thing to note is that the main contract and the agreements...
The bug report CVE-2022-42703 by Jann Horn is a use after free on struct anon_vma in the memory management (MM) subsystem of the Linux kernel. The vulnerability is extremely complex and particular...
Django is an open source Python framework used for web applications. It is used by many organizations as the backend web server for a website. Django is an MVC (model view controller) framework....
Pwn2Own is a competition focused on finding vulnerabilities in high value targets. In this rendition of Pwn2Own for IoT devices, they choose the Netgear Router RAX30. Pwn2Own has many tough...
Cacti is an open source monitoring solution used by many different companies. They found this initially by scanning for bugs with their tool. The application is written in PHP. At the very...
Spring Boot has a pretty famous issue: when data is reflected within an error message, the Exception message uses Spring Expression Language (SpEL). For instance, $(7*7) will render 49. The...
The author had an old cable modem sitting in their closet. While browsing some forums, they learned that the device had a built in spectrum analyzer for diagnostics. So, they wondered, if a cable...
One Key has recently created an automated scanner for scripting languages and compiled binaries. To start with, they support Python and PHP scripting languages with various bug classes, such as...
This is the final part of the series. In the first two posts, an SSRF, LQL query injection leads to an arbitrary file deletion. This leads to a complete authentication bypass by racing a file for...
This post is part 2 of a chain of bugs that lead to getting code execution. In part 1, a SSRF and line feed injection bug in a query language were found. However, the LQL injection is blind. In...
Google Nest Hub is an always on smart home display. It runs a device based upon the Amlogic S905D3G SoC. The device has a hidden USB port, making it prime-time for attackers. By holding a...
Sam Curry decided to hit the auto industry. This ranges from BMW to Ferrari. First, they were looking at a platform with a custom SSO. They started with OSINT tools like gau and ffuf, to find a...
Learn how to detect malicious persistence techniques in AWS, GCP & Azure after potential initial compromise, like with the CircleCI incident
Wiz announces availability of new regional data center and adds support for Essential Eight controls.
Hear from security leaders about their plans, strategies, and priorities for the new year.
In this second blog post, we will discuss lateral movement risks from Kubernetes to the cloud. We will explain attacker TTPs, and outline best practices for security practitioners and cloud...
On December 29, 2022, CircleCI's security team were alerted to suspicious activity on one of their customer's GitHub OAuth tokens. The team then rotated all GitHub OAuth tokens on December 31,...
The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for...
Jair Santanna (from Northwave Security) in collaboration with Curated Intelligence recently shared his methodology about how to analyze the databases of cybercriminal websites that offer...
PyTorch-nightly Linux packages installed via pip between December 25th and December 30th, 2022 ran a malicious binary. The malicious binary was introduced by a dependency, torchtriton, that was...
The iPod 1G Touch was the first version in an amazing line of devices from Apple. So, the author wanted to emulate the device for future generations to enjoy. This was done via a branch of QEMU;...
While looking at Cambium, the authors found a simple SQL injection vulnerability. As always, the authors were not using parameterized queries, leading to string concatenation for a SQL injection....
Welcome to the final BushidoToken blog of 2022. Over the last year or so, an associate of mine in the UK has been targeted by a persistent Chinese-speaking scammer. The scammer often calls once or...
Google Home is a suite of products for around the house automation. While using the device, they noticed how seamless adding users was. Additionally, the set of automated routines, that can be ran...