thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

0xdevalias

Reverse Engineering on macOS

Some notes, tools, and techniques for reverse engineering macOS binaries.

Table of Contents

• Reverse Engineering Tools
  • Binary Ninja
• Ghidra

christianselig

import UIKit
import SwiftUI

class ViewController: UIViewController {
    override func viewDidLoad() {
        super.viewDidLoad()
        
        let box = UIView()
        box.frame = CGRect(x: (view.bounds.width / 2.0) - 100.0, y: 0.0, width: 100.0, height: 100.0)
        box.backgroundColor = .systemGreen

phortuin

Based on this blogpost.

To sign Git commits, you need a gpg key. GPG stands for GNU Privacy Guard and is the de facto implementation of the OpenPGP message format. PGP stands for ‘Pretty Good Privacy’ and is a standard to sign and encrypt messages.

Setting up

Install with Homebrew:

$ brew install gpg

c3l3si4n

id: nuclei-rce

info:
  name: Nuclei Template RCE by Chromium
  author: c3l3si4n
  severity: critical
  tags: rce,hackback

headless:
  - steps:

trongtinh1212

Windows Registry Editor Version 5.00

;USE AT YOUR OWN RISK!
;USE AT YOUR OWN RISK!
;USE AT YOUR OWN RISK!


;Improves system responsiveness and network speed.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile]
"SystemResponsiveness"=dword:00000001

elebow

1. Install socat and dtach on all hosts, and openssl on at least one host. And vim on the server!

2. Generate two self-signed keypairs. You can accept all default values.

   for h in server client; do
   openssl req -newkey rsa:2048 -nodes -keyout $h-key.pem -x509 -days 365 -out $h-cert.pem
   done

est31

Trying to deploy WPA3 on my home network

Introduction

Recently, news broke about a new possible offline attack on WPA2 using PMKID. To summarize the attack, WPA2 protected APs can end up broadcasting PMKID values which can then be used to offline-brute-force the password.

These PMKID values are computed this way:

PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)

doctaphred

Information from https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file :

    Use any character in the current code page for a name, including Unicode
    characters and characters in the extended character set (128–255), except
    for the following:

    - The following reserved characters:

        < (less than)
        > (greater than)

robertpainsi

Commit Message Guidelines

Short (72 chars or less) summary

More detailed explanatory text. Wrap it to 72 characters. The blank
line separating the summary from the body is critical (unless you omit
the body entirely).

Write your commit message in the imperative: "Fix bug" and not "Fixed
bug" or "Fixes bug." This convention matches up with commit messages