The first episode of Where Warlocks Stay Up Late is out!
https://www.youtube.com/watch?v=7IHKRzGQeog
>Digital Jesus/o.0, aka Matt Harrigan, turned a telecommunication product release into a 0-day, tipped off drug dealers about government surveillance, and emerged as a cybersecurity founder and CEO.
Great update from Stefan Viehböck on VxWorks’ password hashing (and 6.x EoL): https://sec-consult.com/blog/detail/a-missed-opportunity-addressing-weak-password-hashing-in-vxworks/
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel: https://samcurry.net/hacking-subaru (via @samwcyo )
runZero Hour Episode 14 (0xE) is happening now, you can find the YouTube live feed here: https://www.youtube.com/watch?v=nvkGd31s46c
The @badkeys project added the leaked and decrypted keys from the Fortinet breach: "Overall, there were around 100,000 private keys in PKCS format and 60,000 in OpenSSH format" https://blog.hboeck.de/archives/908-Private-Keys-in-the-Fortigate-Leak.html
Austin Go(phers): it's almost that time again! Tomorrow (Weds/Jan15) is the January ATX Golang Meetup. Swing by for pizza, beer, and general nerdiness around Go -- 6:30pm at the Capital Factory (Antones):
Orange Tsai & splitline's "WorstFit" research into Windows unicode "BestFit" encoding is 🔥 🔥 🔥 (and mostly unpatched)!
https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
This work brings back memories of IIS and ASP (classic) unicode exploit-dev. For example, the letter "h" having alternate encodings of %c4%a4, %c4%a5, %c4%a6, %c4%a7, %d1%88, %d1%a8, %d4%a4, %d4%a5, %d4%a6, %d4%a7, %e2%84%8b, %e2%84%8c, %e2%84%8d, and %e2%84%8e
runZero Hour Episode 13 is streaming LIVE on Youtube!
https://www.youtube.com/watch?v=mi0lrEtb4eI
Join us to celebrate one year of runZero Hour with a special anniversary episode! To mark this special occasion, we’ve gathered an all-star panel of cybersecurity experts to look back on 2024's greatest security hits and ponder what's ahead in 2025.
We’ll also be hosting the live raffle for the mystery mini-machine crafted by our very own HD Moore and celebrating our t-shirt winners. It's gonna be an epic episode!
I love hacker toys, but don't love that they tend to sit on a shelf collecting dust for the majority of their lives. My goal for the runZero Hour anniversary "mystery machine" raffle was to provide something you actually want to use every day. Tune in Friday for the reveal and snag a limited runZero t-shirt if you sign up soon! https://www.runzero.com/research/runzero-hour/
watchTowr Labs keeps things spicy in their recent post on Mitel MiCollab vulnerabilities: "Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day" - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/