b33f | 🇺🇦✊

I wrote a post on creating "scalable research tooling for agent systems" and I'm also releasing the companion MCP server which lets you do autonomous Frida instrumentation on Android. Details in thread 👇📲🪝

For those of you playing around at home with the LiteLLM supply chain stuff. Here are the decoded payloads and other info. github.com/HackingLZ/lite…

@kernelpool I know you’ve been working this for a while. Do you have any insights on which local models are good, do you recommend different ones for different types of tasks?

Time to invest in some GPUs and stop putting research in the cloud :)

Chroma Python Backend Server Side RCE & Python Client Side RCE

@zeroxjf @trq212 How new? Do you have a link to the form, is it similar to the OAI exception?

The new cyber-abuse guardrails in Opus 4.6 are likely to drive a mass exodus of researchers from the platform. They give option to submit a form to prove legitimate research, but for me got no confirmation of its submission last week and no way of knowing its status 🤷‍♂️ @trq212

I've published a writeup on a vulnerability I found in Google Cloud Looker: a single directory deletion bug that led to RCE and cross-instance privilege escalation in k8s.

publishing my sidequest on apache fuzzing: * git: github.com/0xbigshaq/apat… * full docs (apache internals series): pwner.gg/apatchy/

vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max. it then found 21 high/critical vulnerabilities in Chrome.

I got some questions about this so I thought I should reply here (tldr I don’t think it’s so serious from a user risk perspective). My pc is packed up currently, I’m moving today 😆. Earlier I looked through my notes, generally these are my main findings: - Pre-auth rce, command injection (LAN) - Pre-auth oob write, not clear how useful it is, not really tested (LAN) - Post-auth stack overflow, I assume it’s viable I think overall risk is pretty limited because at a minimum you need to be connected to the LAN. I can do a more detailed write-up after my move arrives in two months (I ended up packing the router anyway) and it may be an interesting case-study to build tools for remote debugging on MIPS, automated emulation on QEMU etc. Overall I think it’s a great device to pick up if you want to dip your toes into hardware hacking, it’s inexpensive to buy and all you really need is a UART usb dongle (also cheap), potentially a multimeter but I can give the pin readouts if you dm me. If this is something you are interested in, I highly recommend taking the @FlashbackPwn IOT training from two all time legends @pedrib1337 and @RabbitPro ✌️🕶️

Last year in Feb I was playing around with some hardware. I got this tp-link AC1200 which was the most purchased router at the time IIRC. I was cleaning up my place and I wanted to dust off and complete my old research before throwing it out. Pre-auth RCE, latest firmware 👀

Highly underrated part of capability development in RT as well, when you stop calling your tools things like super8, fourfoil, silicone, or straylight and name them ticket-extracting-gimbal or stack-changing-thing it's all over. And, anyone who pushes such an agenda is promoting the quiet death. When you know the fourfoil in all its seasons, root and leaf and flower, by sight and scent and seed, then you may learn its true name, knowing its being: which is more than its use. -Ogion, A Wizard of Earthsea

@Bellebytes 🫶

@FuzzySec 🔥🔥🔥

@yo_yo_yo_jbo And there is no need to solder UART

😅 I haven't reported any of this but yea there is an unauthenticated service that may or may not process cool SOAP requests. I should mention that I also found a stack overflow somewhere else but I am not set up to debug on MIPS so this was easier. This is probably good hardware to add to a ctf.

I guess no one cares about this but I also have a burp plugin for real-time analysis/tampering of their encrypted comms. Maybe I'll publish the research notes later.

In collaboration with Lookout and Google (thank you 🙏) we have been working on tearing down and building detections for DarkSword - iOS exploit chain for iOS 18.4 - 18.7. Super excited for this research 🎉. Please update your iPhones. iverify.io/blog/darksword…

We appreciate @SAFATeamApS' continued support to Offensivecon as a Silver Sponsor!

@vxunderground I’m so glad congress isn’t alive to see this

United States President Donald J. Trump posted this message on social media today. Personal grievances the Trump administration it asserts it has with other countries and political theatrics aside, the notion that the United States even hints are exiting NATO is a PROFOUND cybersecurity issue. Yes, NATO deals with traditional military stuff (land, sea, air, space), NATO also deals with things in the digital domain (cyberspace). NATO (non-United States) has historically shared a great deal of intelligence with each other regarding state-sponsored threats to the United States. Likewise, the United States has shared intelligence on state-sponsored with our NATO allies. It makes me incredibly nervous that this idea of exiting NATO is floated or threatened. NATO cybersecurity space deals a lot with ICS/SCADA (Industrial Control Systems, which is things like water treatments plants, nuclear energy facilities, telecommunication systems, etc) and anything else which possesses a military threat to the United States and it's citizens. I am unsure of the impact leaving NATO would have on our cybersecurity intelligence. The idea makes me very nervous. The United States is constantly under siege from foreign adversaries (notably China, Russia, North Korea, Iran). Additionally, I have great concern that if we left NATO it would damage our relationship with European allies which have been of significant importance apprehending Threat Actors who have done extreme damage to the United States. Part of the FBI's success in apprehending ransomware actors have been our strong relationship with EUROPOL, and European allies apprehending individuals residing outside the United States. Chat, this unironically makes me very nervous.

@DarkNavyOrg @thezdi @OpenAI I agree, I feel the rules are a bit under specified in the category

Hi @thezdi @OpenAI, asking for the rules of Pwn2Own26 Coding Agent directory, particularly the "interact with ... repository" If a user opens someone else's git repo using CodeX App with default permissions and is immediately RCE’d, does this fall within the threat model? :)

We are thrilled to be sponsoring @offensive_con for the first time and to keep supporting the European security community. Thanks @Binary_Gecko for having us. See you there soon! 🇩🇪🇪🇺⚡️