speak soon. CVE-2024-4577, Argument Injection in PHP-CGI

So Apple has introduced a new system called “Private Cloud Compute” that allows your phone to offload complex (typically AI) tasks to specialized secure devices in the cloud. I’m still trying to work out what I think about this. So here’s a thread. 1/

Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say. scoopmedia.co/3yQR0Y4 via AJ Vicens | @ajvicens.bsky.social

This is going to remind a bunch of cybersecurity startups that adding an agent to users machines is a crazy big responsibility…

Hit by CrowdStrike and just found out you don't have the necessary BitLocker Recovery keys? We might have a solution for you 😜😇 In our two day hardware training at Black Hat we teach how to break BitLocker TPM only setups by sniffing the communication between the CPU

Here’s a blog post covering all the technical details behind a strcpy bug I found in the Tony Hawk video game series that can be used to hack several gaming consoles and even get RCE on the over the network icode4.coffee/?p=954

Let's talk about some of the security features of the new Raspberry Pi RP2350, because they are 🔥🧵

Oh No, My RAN! Breaking Into an O-RAN 5G Indoor Base Station usenix.org/system/files/w… [PDF]

Damn, a chinese variant (FM11RF08S) of MIFARE Classic cards are found to be backdoored by the manufacturer! Special auth commands leak (static) encrypted nonces which can then be used to recover sector keys and dump the card. They’ve already released- eprint.iacr.org/2024/1275.pdf

Giant management systems for solar power are vulnerable, and that seems bad. berthub.eu/articles/posts…

Firewallas, Diabetics, And… Bluetooth, oh my..🤯 remy🐀's uncovering the hidden security risks in your Bluetooth-enabled devices in our latest Labs blog. buff.ly/4fMUcFn

The findings were striking: 598 out of 1,474 analyzed CVEs were reported by Chinese nationals or companies, making up an impressive 40.5% of all published vulnerabilities for Windows x64.

In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…

I've looked into the Kekz Headphones for children approx a year ago. I finally published the blog post about the crypto of the audio files and how the cookies operate. There is even some customer data disclosure involved. nv1t.github.io/blog/kekz-head…

Any Axis IP Cameras visible in your Pentests? If you get valid administrative credentials, you can persist or get initial access via RCE. My latest blog describes an alternative to the already known technique published by Tenable in 2018. Fun project!🙂 r-tec.net/r-tec-blog-axi…

Slides from McCaulay and my 44CON talk on "Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024" are now available to download nccgroup.com/media/iacnw3z5…

slides for my #TheSAS2024 presentation github.com/blasty/slides/…

Yooooo WHAT? This is mad clever. 😂

VxWorks 6.9 uses SHA-256 + salt but with only one iteration 🤦‍♂️ this was implemented in response to CVE-2010-2965 by HD Moore. Check out the full disclosure drama: sec-consult.com/blog/detail/a-…

You can find me over at 🟦-sky with the same handle.