Apple 🍎
@trimosx.bsky.social
Reposted by Apple 🍎
Awesome that MS are supported and documenting VBS enclaves properly. learn.microsoft.com/en-us/window.... Also awesome that in the example exported entry point they provide they don't seem to mention how careful you need to be with the input pointer that you don't just read/write enclave memory :)
VBS Enclaves Development Guide - Secure Enclaves
Development guide for Virtualization-based security (VBS) enclaves - Learn how to build a basic VBS enclave.
learn.microsoft.com
November 25, 2024 at 2:49 AM
Awesome that MS are supported and documenting VBS enclaves properly. learn.microsoft.com/en-us/window.... Also awesome that in the example exported entry point they provide they don't seem to mention how careful you need to be with the input pointer that you don't just read/write enclave memory :)
Reposted by Apple 🍎
TIL Google makes CodeQL databases available for Chrome. They also have a few example queries and CodeQL libraries available in the Chromium source repo (under tools/codeql/queries).
So, happy bug hunting everyone! 🙂
bughunters.google.com/blog/5085111...
So, happy bug hunting everyone! 🙂
bughunters.google.com/blog/5085111...
Blog: Finding Bugs in Chrome with CodeQL
Want to learn about using a static analysis tool called CodeQL to search for vulnerabilities in Google Chrome? Then this blog post is for you!
bughunters.google.com
November 21, 2024 at 12:31 PM
TIL Google makes CodeQL databases available for Chrome. They also have a few example queries and CodeQL libraries available in the Chromium source repo (under tools/codeql/queries).
So, happy bug hunting everyone! 🙂
bughunters.google.com/blog/5085111...
So, happy bug hunting everyone! 🙂
bughunters.google.com/blog/5085111...
Reposted by Apple 🍎
A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...
www.synacktiv.com/advisories/l...
Local privilege escalation in Windows Velociraptor service
Local privilege escalation in Windows Velociraptor service
www.synacktiv.com
November 22, 2024 at 5:23 PM
A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...
www.synacktiv.com/advisories/l...
Reposted by Apple 🍎
Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)
November 20, 2024 at 11:21 AM
Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)