Invalid Web Security

Security Researcher Orange Tsai from DEVCORE has released his research on the Apache HTTP Server. The research highlights how he bypassed Httpd’s built-in access control and authentication. He also explains how unsafe RewriteRules can be exploited, among other issues.

Check out his blog post at the link below:

[EN] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! This is 🍊 speaking

Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2

Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2 Team82 demonstrates an attack exploiting a remote code execution vulnerability in Synology BC 500 IP cameras. This attack is part of a broader research project that involved exploiting a TP-Link ER605 router, and pivoting from there to the local network to attack the camera.

How CVE-2022-24785 MomentJS Path Traversal Works: Detailed Exploit Guide.

0xjay.com

New JavaScript CDN supply chain attack by the new owner of polyfill dot io

https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet

A pre-authenticated remote code execution affecting the PHP library JPGraph was found by . Check out his advisory for recommendations:

JpGraph Professional Version - Pre-Authenticated Remote Code Execution JpGraph Professional Version - Pre-Authenticated Remote Code Execution

ROOTCON 18 Car Hacking Village PH - Call for Sponsors

This year we have invited once again Alina Tan & some of the members of Division Zero’s (Div0) Car Security Quarter (CSQ). They will be bringing out their hardware for ROOTCON’s CHV. Last year was a blast collaborating with them.

Aside from bringing in the CSQ people, we will be bringing our friend Captain Kelvin from HK who will be sharing his chip-off forensics demo.

Help us in bringing these awesome people by sponsoring us.

Want to sponsor us? Email us at [email protected]. We will acknowledge our sponsors at https://shipcod3.github.io/ & then have your company logo on our exhibition floor. You can also collaborate with us during the event.

More info: https://shipcod3.github.io/

Orange Tsai and his team DEVCORE discovered a remote code execution vulnerability in PHP. The vulnerability allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences.

Check blog for more info:

Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability | DEVCORE 戴夫寇爾 While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remot...

Hacking Millions of Modems (owned by an ISP). A story by Sam Curry.

Hacking Millions of Modems (and Investigating Who Hacked My Modem) Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.

SMB Enumeration Cheatsheet by 0xdf

SMB Enumeration Cheatsheet SMB enumeration is a key part of a Windows assessment, and it can be tricky and finicky. When I was doing OSCP back in 2018, I wrote myself an SMB enumeration checklist. Five years later, this is the updated version with newer tools and how I approach SMB today. It’s also worth noting that this li...

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) - Help Net Security New versions of Git are out, with fixes for CVE-2024-32002, which can be used to remotely execute code during a "clone" operation.

Announcing the moment you've all been waiting for: Registration for ROOTCON 18 is OFFICIALLY OPEN!

For details visit https://www.rootcon.org/html/rc18

A simple web-based tool that lists all Content Security Policy issues on your target to help you figure out which missing directives or policies can help you bypass CSP!

CSP Evaluator CSP Evaluator

U.S. auto safety investigators are seeking detailed answers and documents from Tesla in a probe into the automaker's December recall of more than 2 million vehicles to install new Autopilot safeguards.

The National Highway Traffic Safety Administration (NHTSA) said last month it was investigating after receiving reports of 20 crashes involving vehicles that had the Autopilot software updates installed under Tesla's recall. The agency's letter said it had identified "several concerns" regarding the recall.

More news: https://www.msn.com/en-ca/money/topstories/us-seeks-answers-from-tesla-in-autopilot-recall-probe/ar-BB1lXC21

Type-C USB PD 65W Fast Charging Module We unashamedly love USB-C and it’s fabulous to see all manner of USB-C projects across the Tindieverse. In a ground-up project though, it can sometimes be a little tricky to integrate USB-C, …

You don't need a Flipper Zero to "hack" dumb radio protocols. The piece of wire is enough: https://twitter.com/flipper_zero/status/1770459769452589468

Planning for RC18 Villages has already started!

Flipper Zero can now spam Android, Windows users with Bluetooth alerts A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices.

Nice catch!

Congrats Camacho for passing the CRTP exam.

The sixth installation of TCON is LIVE!

The Largest Gathering of Tech Professionals in Northern Philippines is finally back!

2 Days (and 1 Night). 3 Tracks. 15 Sought-after Speakers.

Join our high-profile speakers in the fields of InfoSec and Dev at Go Hotels Plus Tuguegarao for another epic gathering of technical minds on November 24-25, 2023.

Register now >> https://hackthenorth.ph/register

Random Day 1 attendees of ROOTCON Hacking Conference in the Car Hacking Village

- photo by Alina Tan of Div0 Car Security Quarter of Singapore

This is a tool that can guess the pressed keyboard keys from the audio of a computer's microphone.

Keytap2 can also be used to retrieve text from audio snippets of keyboard typing. https://github.com/ggerganov/kbd-audio

To all our valued con-goers,

For those who are trying a last-minute registration, this is to inform you that we are no longer accepting any waiting list, as much as we wanted you to be hanging out with us and we appreciate the patronage, understand that we have limitations in our venue.

For those who made it to the wait list cut-off, you will receive an email from us on how to proceed, and for those who didn’t make it this year, hopefully, you will be able to make it next year!

P.S. - Apologies if we are no longer replying to last-minute registrations, our inbox has been exhausted with all your inquiries.

ROOTCON

Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.

Link: https://www.loldrivers.io/

The OWASP API Top 10 2019 edition provided a comprehensive overview of the top threats facing APIs at that time, but the threat landscape has evolved rapidly since then. To address these changes and provide new insights and recommendations for API security, the OWASP released the API Top 10 2023 list.