Update: While we talk about Huawei Kernel Self Protection (HKSP) I make mention of the authors statement that he is unrelated to Huawei. Turns out this statement, despite a commit date of Friday wasn't pushed until Monday morning so it was not original. Further information has also come out showing that the author is a Huawei employee, so the relationship is much closer than I believe it to be. ~zi
It was a busy week, Microsofts Github account was hacked, Centurylink Routers have no security, and multiple interactionless RCEs in Samsung phones.
[00:01:45] OpenOrbis PS4 Toolchain)
[00:05:06] DEF CON 28 in-person conference is CANCELLED)
[00:13:23] The Nintendo leak saga continues...)
[00:18:40] Keybase joins Zoom)
[00:33:41] Azure Security Lab - Research Challenge)
[00:42:38] Hijacking Centurylink Routers [CVE 2019-19639])
[00:46:24] DoS on Twitter App)
[00:51:39] A tale of verbose error message and a JWT token)
[01:00:29] Pentesting Cisco SD-WAN Part 2: Breaking routers)
[01:04:21] Memory leak and Use After Free in Squid)
[01:17:48] How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability)
[01:28:30] Samsung Android multiple interactionless RCE)
[01:38:25] Linux futex+VFS Use-After-Free)
[01:45:03] Huawei HKSP Introduces Trivially Exploitable Vulnerability)
[01:50:32] Ragnarok Stopper: development of a vaccine)
[01:55:51] Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs)
[02:09:34] Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters)
[02:10:19] GitHub - JHUAPL/Beat-the-Machine: Reverse engineering basics in puzzle form)