Dailydave mailing list archives
Re: "Exploitation Less Likely"
From: Dave Aitel via Dailydave <dailydave () lists aitelfoundation org>
Date: Tue, 13 Aug 2024 09:22:14 -0400
https://github.com/CloudCrowSec001/CVE-2024-38077-POC/blob/main/CVE-2024-38077.md https://github.com/Wlibang/CVE-2024-38077/blob/main/One%20bug%20to%20Rule%20Them%20All%2C%20Exploiting%20a%20Preauth%20RCE%20vulnerability%20on%20Windows%20(2024_8_9%2010_59_06).html But while you are at it, always good to watch a video for no reason: https://www.youtube.com/watch?v=mVXrl4W1jOU -dave On Mon, Aug 12, 2024 at 6:45 PM Don A. Bailey <donb () securitymouse com> wrote:
Please pass paper to list for us poors. Thx. D On Aug 12, 2024, at 5:39 PM, Dave Aitel via Dailydave < dailydave () lists aitelfoundation org> wrote: DefCon is a study in cacophony, and like many of you I'm still digging through my backlog of new research in multifarious browser tabs, the way a dragonfly keeps track of the world through scintillated compound lenses. In between AIxCC (which proved, if anything, the boundaries <https://dashboard.aicyberchallenge.com/collectivesolvehealth> of automated bug finding using current LLM tech?), James Kettle's timing attack research <https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work>, and even more PHP ownership <https://www.ambionics.io/blog/iconv-cve-2024-2961-p1>, you unfortunately do have to pay attention to the outside world. One of the things that lit up my sensors was the Windows Remote Desktop Licensing service that came out from a sort of "Post QiHoo360" exploit community, led by Dr. Zhiniang Peng (aka @edwardzpeng), an absolute legend of exploitation. A remote unauthenticated heap overflow in the latest Windows via an MSRPC endpoint, bypassing modern defenses by just calling LoadLibraryA("\\webdav\owned.dll") on a fake object. An unexpected burst of pure beauty really, like the iridescence of a Morpho moth flitting across a concrete parking lot. The exploit <https://github.com/CloudCrowSec001/CVE-2024-38077-POC/blob/main/CVE-2024-38077-EXP.py> is public, but the original paper is now mysteriously deleted, I assume for political reasons. If you have a copy of it, please shoot it my way. It's telling that all the best exploits I know have "Exploitation less likely" as their rating from Microsoft. Anyways, it's interesting what merits attention, and what doesn't. -dave _______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
_______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
Current thread:
- "Exploitation Less Likely" Dave Aitel via Dailydave (Aug 12)
- Re: "Exploitation Less Likely" Don A. Bailey via Dailydave (Aug 13)
- Re: "Exploitation Less Likely" Dave Aitel via Dailydave (Aug 13)
- Re: "Exploitation Less Likely" Don A. Bailey via Dailydave (Aug 13)