Is the "light of the compelling consumer proposition" going to shine brightly in 2024? https://torrentfreak.com/netflix-piracy-is-difficult-to-compete-against-and-growing-rapidly-240204/
home > posts
The FOSDEM 2024 talks are 🔥: https://fosdem.org/2024/schedule/rooms/
Some favorites so far:
* "Where the !?*! are the packets going?”, covering TCP "InSession" traceroute (and more!) by Luca Sani - https://fosdem.org/2024/schedule/event/fosdem-2024-2929--where-the-are-the-packets-going-/
* "Effortless Bug Hunting with Differential Fuzzing" by Maciej Mionskowski - https://fosdem.org/2024/schedule/event/fosdem-2024-1927-effortless-bug-hunting-with-differential-fuzzing/
* "Linux on a Confidential VM in a cloud: where's the challenge?" by Vitaly Kuznetsov - https://fosdem.org/2024/schedule/event/fosdem-2024-2394-linux-on-a-confidential-vm-in-a-cloud-where-s-the-challenge-/
The world got weird. Help Systems acquired many security vendors, then spun them out as Fortra, including Cobalt Strike, Core Impact, and this week's flavor of exploitable file transfer software: GoAnywhere MFT (CVE-2024-0204)!
Surely these all belong together.
Looking for exposed GoAnywhere systems? Look for HTML bodies containing: "GoAnywhere Web Client". @runZeroInc search query at: https://www.runzero.com/blog/finding-fortra-goanywhere-mft/
How much you say? I can't quite read this, let me find my monocle.
#golang PSA: If you are shipping binaries built with Go 1.21.1 or newer to Linux systems with Transparent Huge Pages (THP) enabled (default in many cases), you either need to tweak the system THP settings via SysFS or upgrade to Go 1.21.6 AND set the workaround GODEBUG=disablethp environment variable.
If you don't, it can lead to what looks like a slow memory leak and eventually an out-of-memory condition. The issue doesn't affect every application (it depends on your memory use patterns), but when it does trigger, it's a pain to debug.
Go docs on THP: https://go.dev/doc/gc-guide#Linux_transparent_huge_pages
Github issue: https://github.com/golang/go/issues/64561
Original Linux kernel issue: https://bugzilla.kernel.org/show_bug.cgi?id=93111
Huge thanks to @TomSellers for tracking this down. The latest @runZeroInc build (4.0.240109.0) includes the fix for self-hosted customers.
Piping /dev/urandom into the USB HID keyboard stream[1] of a Windows 11 host logon screen makes for some funny videos.
Semi-related, you can do silly things with the "Microsoft OS Descriptor" USB parameters (properties get mapped to registry keys/values), but it looks generally safe, since not much happens automatically with those properties, especially outside of the Explorer view for Mass Storage/MTP/PTP devices.
1. Pi Zero W 2 in OTG mode, setup as a composite device via ConfigFS, and literally mashing random bytes into /dev/hidg0
Hot takes for 2024:
* Is the project part of the Apache Foundation and something you have never heard of as a defender? Expect to see in-the-wild exploitation.
* Seeing a ton of lower-case error messages? It's Go. It's all Go now. Go ate Java, it's coming for .NET next. Rust folks (aka C++ refugees) are welcome to hang out in the basement and drink Bailey's from a boot (or at least, work on bootloaders) while everyone else moves to Go.
Happy new year!
Not a great start to 2024: `The fee is now $%!f(*float64=0xc1f673a2e0)`
As a long-time Chrom(e|ium) user, switching to Firefox this week was painless (+uBlock Origin to match Brave-like defaults).
@roy makes a good case for switching going into 2024:
https://roytanck.com/2023/12/23/in-2024-please-switch-to-firefox/There was one snag that folks should be aware of: Firefox "suggestions" send your URL bar input to Mozilla and/or your configured search engine. It was easy to disable, but felt shady given that it leaks your search input to two external parties by default.
If anyone is wondering why I stopped writing exploits, this graphic from @dangoodin's article on the Triangulation exploit chain sums it up: https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/
Even the most difficult exploits I worked on rarely took more than a week. Modern exploit development is a different beast altogether.