Excellent reporting by @dangoodin : Critical Barracuda 0-day was used to backdoor networks for 8 months https://arstechnica.com/information-technology/2023/05/critical-barracuda-0-day-was-used-to-backdoor-networks-for-8-months/ ... and who says Perl isn't relevant anymore =D
home > posts
I fell into a rabbit hole today on memcmp() timing analysis for a remote service that verifies a MD5 digest... hours later, it's clear that due to compiler optimizations this is _really_ hard to exploit on most 64-bit machines (it can turn into 2^64 brute force in many cases).
Any tips on modern (remote) timing analysis of memcmp() implementations?
Also, Erlang should probably stop using memcmp() for cookie digest verification.
Using Aurora RDS? A new billing mode ("I/O Optimized") was introduced on May 11th that may save you a ton on database costs. Changing this setting for one of our IOPS-heavy workloads will save us ~70% on our monthly bill: https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-aurora-i-o-optimized/
You’ve seen the smart plug, but have you seen the smartest plug?
It's definitely that time of the week.
I had a blast working on the latest version of runZero (https://www.runzero.com/blog/runzero-3.8/).
Writing queries that attach vulnerabilities to assets feels like a strange mash-up of SIEM threat hunting, vulnerability scanning, and a shodan safari.
runZero 3.7 is live with support for custom integrations, a new python SDK, a Service Now Graph Connector, and a bucket of new fingerprints and protocols. The hosted scan engines now support scanning up to a /8 at a time on all ports (!). Free trials (and a free tier) even if you don't want to share a corporate email address:
https://www.runzero.com/blog/runzero-3.7/Production by The #TroubleShooters is unexpectedly out TODAY: https://thetroubleshooters.bandcamp.com/album/production (int eighty & kHill) !!!
I love crypto research that demonstrates practical attacks. The paper `A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm` by Nicky Mouha and Christopher Celi demonstrates RCE (!) through controlled memory corruption in the final-round update of the Keccak code used by SHA-3. This implementation bug affected Python, PHP, and the SHA-3 Ruby package: https://eprint.iacr.org/2023/331
Bonus points for dropping a Metasploit reverse TCP payload!