@amlweems : I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot • TwiCopy

Anthony Weems

@amlweems

+ Follow

Cloud Vulnerability Research • The opinions stated here are my own, not those of my company.

ID: 14378227

linkhttp://amlw.dev calendar_today13-04-2008 21:43:53

178 Tweet

3,3K Takipçi

267 Takip Edilen

Anthony Weems

@amlweems

a year ago

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

thumb_up_off_alt3,3K

chat_bubble_outline51

repeat854

shareShare