Gallagher
@dumpsterfire.life
Infosec: I like to build things and chase rabbits
I am likely going to focus more on what I do outside of work on here rather than be Infosec focused...
Outside of work:
- astrophotography
- hardware hacking
- ham radio
- cars
- guitar
- cats
- potato
I am likely going to focus more on what I do outside of work on here rather than be Infosec focused...
Outside of work:
- astrophotography
- hardware hacking
- ham radio
- cars
- guitar
- cats
- potato
Reposted by Gallagher
Reposted by Gallagher
I acquired a Chrome extension for $5 and began redirecting the browsing traffic of existing users to whatever I wanted.
While doing so, I caught an ownership transfer of an extension with 400,000 installs that folks should be aware of.
www.secureannex.com/blog/buying-...
While doing so, I caught an ownership transfer of an extension with 400,000 installs that folks should be aware of.
www.secureannex.com/blog/buying-...
Buying browser extensions for fun and profit
An investigation into buying access to browsers through extensions
www.secureannex.com
March 18, 2025 at 1:58 PM
I acquired a Chrome extension for $5 and began redirecting the browsing traffic of existing users to whatever I wanted.
While doing so, I caught an ownership transfer of an extension with 400,000 installs that folks should be aware of.
www.secureannex.com/blog/buying-...
While doing so, I caught an ownership transfer of an extension with 400,000 installs that folks should be aware of.
www.secureannex.com/blog/buying-...
“The Enemy of Art is the Absence of Limitations” - Orson Welles
February 23, 2025 at 7:49 PM
“The Enemy of Art is the Absence of Limitations” - Orson Welles
Reposted by Gallagher
If you use Elastic, @acjewitt.bsky.social wrote up how you can use their osquery based agent to get an inventory of browser extensions in your environment allowing you to know what is installed by your users no matter what browser. More with Elastic to come 👨🍳
How to detect malicious browser extensions using Elastic
Learn how the Elastic Infosec team created a full inventory of all browser extensions using osquery and Elastic Security with examples on building detections to alert the security team when a known…
www.elastic.co
February 6, 2025 at 5:45 PM
If you use Elastic, @acjewitt.bsky.social wrote up how you can use their osquery based agent to get an inventory of browser extensions in your environment allowing you to know what is installed by your users no matter what browser. More with Elastic to come 👨🍳
Has anyone found the new DOGE server they installed at the Treasury Department on Shodan yet? 🤔
February 6, 2025 at 1:05 AM
Has anyone found the new DOGE server they installed at the Treasury Department on Shodan yet? 🤔
Reposted by Gallagher
iTerm2 vuln really isn't anything to write home about and has several dependencies for working.
I also have yet to see POC.
If you query your hosts/VMs for /tmp/framer.txt and have no findings, don't let the "critical" rating set your teams on fire.
Patch, but breathe.
I also have yet to see POC.
If you query your hosts/VMs for /tmp/framer.txt and have no findings, don't let the "critical" rating set your teams on fire.
Patch, but breathe.
January 3, 2025 at 9:40 PM
iTerm2 vuln really isn't anything to write home about and has several dependencies for working.
I also have yet to see POC.
If you query your hosts/VMs for /tmp/framer.txt and have no findings, don't let the "critical" rating set your teams on fire.
Patch, but breathe.
I also have yet to see POC.
If you query your hosts/VMs for /tmp/framer.txt and have no findings, don't let the "critical" rating set your teams on fire.
Patch, but breathe.
Reposted by Gallagher
Reposted by Gallagher
December 11, 2024 at 9:34 PM
Reposted by Gallagher
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
One of my hobbies outside of Infosec is astrophotography and this is one of the most recent images I have captured. I am still learning, but I am pretty happy with the way this turned out and wanted to share. This is the center of the Heart Nebula and was about 3.5 hours of exposure time (52 x 240s)
October 9, 2023 at 12:28 PM
One of my hobbies outside of Infosec is astrophotography and this is one of the most recent images I have captured. I am still learning, but I am pretty happy with the way this turned out and wanted to share. This is the center of the Heart Nebula and was about 3.5 hours of exposure time (52 x 240s)
Reposted by Gallagher
On BlueSky we don't tweet, we post. Tweets go viral so what do posts on BlueSky do? Do my posts go "Stratocumulus" now vs "viral" ?
Will the cool kids be going around and saying, "My post went nimbus!"
Will the cool kids be going around and saying, "My post went nimbus!"
July 24, 2023 at 3:11 PM
On BlueSky we don't tweet, we post. Tweets go viral so what do posts on BlueSky do? Do my posts go "Stratocumulus" now vs "viral" ?
Will the cool kids be going around and saying, "My post went nimbus!"
Will the cool kids be going around and saying, "My post went nimbus!"