Thank you @CypherCon! What an amazing event and a great community! Opening slides from my keynote today:

Hello #cyphercon! Badge line con is moving along fast, please say hi if you see me! I’m excited for today’s lineup and stoked to share some work during my 11am keynote tomorrow!

Fantastic work by @amlw - xzbot

Exploration of the xz backdoor (CVE-2024-3094). Includes the following:

* honeypot: fake vulnerable server to detect exploit attempts

* ed448 patch: patch liblzma.so to use our own ED448 public key

* backdoor format: format of the backdoor payload

* backdoor demo: cli to trigger the RCE assuming knowledge of the ED448 private key

https://github.com/amlweems/xzbot

If you spent this weekend scrambling to respond to CVE-2024-3094 (the libxz-utils backdoor), we have good news! The universe of affected distributions seems small and relatively easy to track down: https://www.runzero.com/blog/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero/

TL;DR: The "rolling" releases affected by this issue all use very new builds of OpenSSH (9.6p1/9.7p1) which simplifies the search.

maybe an interesting listen to follow it: "This is an hour long conversation with Jon Lebkowsky, Ed Cavazos, and John Quarterman discussing the history of EFF-Austin, an independent organization that was originally supposed to be a chapter of the Electronic Frontier Foundation (EFF), but established its own identity when EFF decided not to have chapters in 1992.": https://archive.org/details/JoelGreenbergEFFAHistoryPart1

A couple of ancient photos from my first #DEFCON

Is the "light of the compelling consumer proposition" going to shine brightly in 2024? https://torrentfreak.com/netflix-piracy-is-difficult-to-compete-against-and-growing-rapidly-240204/

The FOSDEM 2024 talks are 🔥: https://fosdem.org/2024/schedule/rooms/

Some favorites so far:

* "Where the !?*! are the packets going?”, covering TCP "InSession" traceroute (and more!) by Luca Sani - https://fosdem.org/2024/schedule/event/fosdem-2024-2929--where-the-are-the-packets-going-/

* "Effortless Bug Hunting with Differential Fuzzing" by Maciej Mionskowski - https://fosdem.org/2024/schedule/event/fosdem-2024-1927-effortless-bug-hunting-with-differential-fuzzing/

* "Linux on a Confidential VM in a cloud: where's the challenge?" by Vitaly Kuznetsov - https://fosdem.org/2024/schedule/event/fosdem-2024-2394-linux-on-a-confidential-vm-in-a-cloud-where-s-the-challenge-/

#fosdem #go #networking #security

The world got weird. Help Systems acquired many security vendors, then spun them out as Fortra, including Cobalt Strike, Core Impact, and this week's flavor of exploitable file transfer software: GoAnywhere MFT (CVE-2024-0204)!

Surely these all belong together.

Looking for exposed GoAnywhere systems? Look for HTML bodies containing: "GoAnywhere Web Client". @runZeroInc search query at: https://www.runzero.com/blog/finding-fortra-goanywhere-mft/

#forta #CVE_2024_0204

How much you say? I can't quite read this, let me find my monocle.