Leiam lá ;)

if you found an SSRF in an application running on Kunernetes (AWS EKS), the default IAM profile for the node has "eks:DescribeCluster" privileges. With these privileges, you have access to the "aws eks update-config" command which gives access to cluster certificates.

🥳 We just released paranoid_crypto. The library checks for trivial weakenesses on crypto artifacts generated by black boxes (i.e. when we don't know how they were generated). Official call for contributions to be published soon. Joint work with Daniel Bleichenbacher.

Check out our blog post to learn results from our experiments with Paranoid (github.com/google/paranoi…). Our open-source project that detects the usage of weak cryptographic artifacts, such as public keys and digital signatures --> security.googleblog.com/2022/08/announ…

Thanks everyone who showed up at H2HC and for the great time we had. All I can say to organizers is that next year we (webbers) will come stronger as a friendly revenge for h2hCPU edition ;)

Here are my slides for my talk at Ekoparty | Hacking everything yesterday about our new technique of ASLR bypass using CPU vulnerabilities. There will (hopefully) be a blogpost sooner: docs.google.com/presentation/d… You also can find the paper here: cos.ufrj.br/uploadfile/pub… #EKOPARTY2022

It turns out that the user-mode spectre-BTI mitigations were slightly broken since four years ago when they were introduced in prctl syscall... github.com/es0j/CVE-2023-…

This is a very unknown technique. Tried googling it and found no results, so maybe even a novelty. This allows you to dump all domains from a Cloudflare user by doing nameserver correlation. Great for finding base domains owned by the company. celes.in/posts/cloudfla…

RELEASE DAY After almost 10 years of hard work, tireless research, and a dive deep into the kernels of computer science, I finally realized a dream: running a high-level language on GPUs. And I'm giving it to the world! Bend compiles modern programming features, including: -

NEW: Supply chain attacks are increasing in popularity in Web3. Lavamoat has emerged as a robust defense mechanism - but it’s not perfect. This blog spills the beans on some sneaky bypasses, and show how tricky it is to lock down JavaScript ecosystems. osec.io/blog/2024-06-1…

Unleashing a 0day: Pivoting Capabilities and Conquering the Linux Kernel A talk by 0xTen about exploiting a slab use-after-free bug in the traffic control subsystem. Slides: figma.com/deck/GyXCgKKy6… Video: youtube.com/watch?v=bxJhlw…

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-2…

We just finished an audit for Lavamoat webpack plugin and found an interesting behaviour related to how the URL costruct() was handled. Here's the details 👇

Starting today, Backpack will begin publishing its Proof of Reserves once a day, every day. Built and verified by OtterSec.