- The Grugq's Newsletter
- Posts
- Jan 20, 2023
Jan 20, 2023
Exploiting null-dereferences in the Linux kernel
-
What not to say on your security clearance application.
-
US spies lag rivals in seizing on data hiding in plain sight
-
Test if an account signup is legitimate by comparing the email to the pwned or not email list. This can establish an email address’s age, e.g. “at least as old as the 201X breach.”
-
RAND: Outsmarting Agile Adversaries in the Electromagnetic Spectrum (2023) rand.org/pubs/research_…
Report (.pdf, 174pp) rand.org/content/dam/ra…
"Cognitive EW capabilities" = use of ML to enable USAF platforms to learn, reprogram, adapt, & counter EW threats in flight.
— Matthijs R. Koot (@mrkoot)
5:18 PM • Jan 19, 2023
-
OMFG
Wells Fargo gets into huge legal trouble so often that it has started talking about it as a category of regular operational expense in its earnings.
Here's the CFO explaining how operating losses due to legal problems were down $2.3 billion between September and December.
— Alex Johnson (@AlexH_Johnson)
11:01 PM • Jan 19, 2023
-
CVE-2022-47966: ManageEngine RCE 🔥
Nuclei Template : github.com/projectdiscove…@pdnuclei
Shodan Query: title:"ManageEngine"
#pdresearch#nuclei#hackwithautomation#bugbounty
— Dhiyaneshwaran (@DhiyaneshDK)
8:37 PM • Jan 19, 2023
-
Finding bugs that turn out to be useless can be demoralising but usually finding those means you’re on the right track!
Remember: The road to exploitable bugs is paved with unexploitable bugs
— mdowd (@mdowd)
2:00 AM • Jan 20, 2023
-
-
-
how to completely own an airline in 3 easy steps
EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server
-
-
-
-
This was clever. A programmatic ad company bought ad slots in mobile apps to abuse. They pushed JavaScript to the ad slot which loaded and played 25 video ads stacked on top of each other in that one slot. So they got paid 25x for each ad slot they bought. Which was a lot. Targeting 1700 apps across 11 million devices and peaking at 12 billion ads per day.
-
Reply