Subreption LLC

Subreption releases research exposing critical security flaws in FIPS/Common Criteria certified enterprise network switches. (subreption.com/press-releases…) FLAPPYSWITCH abuses CVE-2024-50604, CVE-2024-50605, CVE-2024-50606 and CVE-2024-50607, for breaking out of the management "cli", executing a modular loader and achieving persistence in the underlying Linux-based OS through classic ELF infection techniques. Vendor patches quietly released (Jan 2025) insufficiently addressed the issues, and misrepresented them as requiring physical access. Vulnerabilities remain exploitable. Our research hopes to bring proper attention to the state of the art in enterprise network equipment security, as it is often overlooked, in the wake of the Salt Typhoon incident. Available at: github.com/subreption/FLA… Stay tuned for updates. #FLAPPYSWITCH #salttyphoon

End of Sales is not End of Life. This is one understated PSA from law enforcement that will go sadly unnoticed and repeat for a few iterations well into the future. FLAPPYBIRD lives on!

The FBI has released a PSA warning that Russian FSB cyber actors are targeting end-of-life networking devices across critical infrastructure sectors. Click for technical details and further information on the FSB Center 16 unit conducting this activity: ic3.gov/PSA/2025/PSA25…

FLAPPYSWITCH against a remote Ruckus ICX switch running latest 9.x firmware, in FIPS/Common Criteria mode, gaining code execution and persistence in under 20 seconds. Thanks to our collaborating researcher for both excellent code and comedy! #physicalaccessonly #notreally #FLAPPYSWITCH #securitymyth

Subreption releases research exposing critical security flaws in FIPS/Common Criteria certified enterprise network switches. (subreption.com/press-releases…) FLAPPYSWITCH abuses CVE-2024-50604, CVE-2024-50605, CVE-2024-50606 and CVE-2024-50607, for breaking out of the management "cli", executing a modular loader and achieving persistence in the underlying Linux-based OS through classic ELF infection techniques. Vendor patches quietly released (Jan 2025) insufficiently addressed the issues, and misrepresented them as requiring physical access. Vulnerabilities remain exploitable. Our research hopes to bring proper attention to the state of the art in enterprise network equipment security, as it is often overlooked, in the wake of the Salt Typhoon incident. Available at: github.com/subreption/FLA… Stay tuned for updates. #FLAPPYSWITCH #salttyphoon

Pending a more formal announcement, we are excited to introduce you to our research since fall 2024 into enterprise network security. Here comes FLAPPYSWITCH. "What can an incident like Salt Typhoon do to telco infrastructure at a hardware level?" needn't be an academic question anymore. Grab your answers! github.com/subreption/FLA… @DistrictCon @CISACyber

7eb03d851c7af7c35b102a024de9d4e94ec693fb90c8f7bbdb05db8c89aa2162 625a4f85d1f648f4f447c9f15b7456c245bc6289604e5336b6f5b11211037707 d91e1b95253651fae4a97128a65101d742783848fc4eef4308767d77cf9c5626 c1330c4c4935d95d9c7af194c6c4312f8849c4c4aaef4178bb88418ec77029ad

We don't typically engage in discussions, but the UX/UI argument against Ghidra really is a cosmetic one. Ghidra is not charging you a separate full fee for every platform for the decompiler or disassembler. There are things IDA does slightly better than Ghidra, mostly for exotic targets. But that list has rapidly become shorter over time. While the free QA from the community is priceless, we still don't appreciate @NSACyber enough for the huge contribution they have made by releasing it. Not unlike DataWave and other things also in relative obscurity. That said, Ilfak has given members of the community some discounts years back.

To be fair the main reason why I am not using Ghidra is that I am used to the IDA GUI and Ghidra UI is just horrible in comparison.

We got hit with Beg Bounty shenanigans on New Year's! Read the story at subreption.com/blog/bug-bount… and subreption.com/blog/bug-bount… Homage to @troyhunt of @haveibeenpwned fame. Special thanks to @ThinkstCanary. Happy 2025! May this new year bring our friends happiness and a plethora of gnarly bug chains, and lots of anxiety to our foes! Just kidding, good wishes to those too! #begbounties #scams

Added a set of CVEs currently reported and in process of disclosure and remediation/mitigation: CVE-2024-50604, CVE-2024-50605, CVE-2024-50606, CVE-2024-50607, in Ruckus Networks/CommScope products. Underhyped research during the #SaltTyphoon aftermath! A throwback at @redballoonsec

Thank you @MITREcorp for resolving this on Sunday outside of working hours. Good credit is due here. It is true CVEs can take a while at times, and that sometimes third-parties abuse the system, but clearly there are people working overtime and outside of business hours to accommodate the demands of the industry. Excuse our impatience! :-)

@MITREcorp @CVEnew We are having issues obtaining CVE reservations with legitimate technical merit. After a few weeks and several follow ups with no response, could this policy be applied to CVE reservations that, for example, are bogus, or only backed by a dubious source (ex. a journalist whose prior experience in information security is reporting on Nintendo games and dating apps). With warm regards, from our team, we still patiently but eagerly wait for those CVEs reservations to finalize their trip behind the moon.

Releasing hackrf_sweeper (reimplementation of HackRF's hackrf_sweep as a library), along demo applications (including a ZMQ+CURVE client and publisher of FFT bins for remote sweeping). github.com/subreption/hac…

Finally proper YARA support for Ghidra without the suck: GhidraYara (github.com/subreption/ghi…). Analyzer extension + plugin for rule generation and management, rolled up in one. More features to come, including integration with ProgramDB (for in-DB storage of rules and artifacts).

We have recently released a few things: hackrf_sweeper (hackrf_sweep properly reimplemented as a library) and GhidraYara (including refreshed Java bindings for YARA). github.com/subreption/hac… github.com/subreption/ghi…

The test assembly rig from our blog post (subreption.com/blog/fpv-ipc-r…) is now available at: printables.com/model/951443-l… With @thingiverse gone downhill for years & their strange censorship policies, we are happy to support @josefprusa and his @Prusa3D @printablescom from Poland! #openipc

It's never too late for a post about #chatgpt, finally. How well does it work for cryptography-related questions and challenges? Here's a short experiment just about that: subreption.com/blog/gpt-capab… #chatgpt #HackTheBox (TL;DR Not terrible)

While everyone was busy having a #crowdstroke, we have published a short primer about hardware and firmware reverse engineering of a video sensor used in IPC devices and FPV drones, fresh out of the labs: subreption.com/blog/fpv-ipc-r… #re #ghidra

A short blog post: IEEE 802.11 wireless spectrum coverage metrics (improving probability of intercept with traditional wireless adapters, with actual numbers per configuration and optimized channel hopping) subreption.com/blog/wireless-…

On a different note, amidst the widespread plagiarism of original research in proactive defenses in Linux & other projects for the last decade, OpenBSD employs Machiavellian tactics: marc.info/?l=openbsd-tec… "Release broken code, let them Ctrl+C/Ctrl+V, write sploits, ???"