New Shodan is out today! (on PC at least): https://www.systemshock.com/
home > posts
I fell into a rabbit hole today on memcmp() timing analysis for a remote service that verifies a MD5 digest... hours later, it's clear that due to compiler optimizations this is _really_ hard to exploit on most 64-bit machines (it can turn into 2^64 brute force in many cases).
Any tips on modern (remote) timing analysis of memcmp() implementations?
Also, Erlang should probably stop using memcmp() for cookie digest verification.
Using Aurora RDS? A new billing mode ("I/O Optimized") was introduced on May 11th that may save you a ton on database costs. Changing this setting for one of our IOPS-heavy workloads will save us ~70% on our monthly bill: https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-aurora-i-o-optimized/
You’ve seen the smart plug, but have you seen the smartest plug?
It's definitely that time of the week.
I had a blast working on the latest version of runZero (https://www.runzero.com/blog/runzero-3.8/).
Writing queries that attach vulnerabilities to assets feels like a strange mash-up of SIEM threat hunting, vulnerability scanning, and a shodan safari.
runZero 3.7 is live with support for custom integrations, a new python SDK, a Service Now Graph Connector, and a bucket of new fingerprints and protocols. The hosted scan engines now support scanning up to a /8 at a time on all ports (!). Free trials (and a free tier) even if you don't want to share a corporate email address:
https://www.runzero.com/blog/runzero-3.7/Production by The #TroubleShooters is unexpectedly out TODAY: https://thetroubleshooters.bandcamp.com/album/production (int eighty & kHill) !!!
I love crypto research that demonstrates practical attacks. The paper `A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm` by Nicky Mouha and Christopher Celi demonstrates RCE (!) through controlled memory corruption in the final-round update of the Keccak code used by SHA-3. This implementation bug affected Python, PHP, and the SHA-3 Ruby package: https://eprint.iacr.org/2023/331
Bonus points for dropping a Metasploit reverse TCP payload!
Holy cow. The Daily Swig by PortSwigger, one of my favorite reads, is shutting down due to law suits and drama: https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
"We have written stories about numerous bad actors, some of whom are well-funded, and we have been obliged to pay settlements for malicious legal actions. We have sometimes been targeted by activists seeking to damage our software business because they dislike our story. This reality made it harder to justify continuing with the Swig."
Thank you for the great articles over the years, you will be missed!