Tool Release – insject: A Linux Namespace Injector

tl;dr Grab the release binary from our repo and have fun. Also, happy new year; 2021 couldn’t end soon enough. Background A while back, I was asked by one of my coworkers on the PSC team about ways in which to make their custom credit card data scanner cloud native to assess Kubernetes clusters. While … Continue reading Tool Release – insject: A Linux Namespace Injector →

Tool Update – ruby-trace: A Low-Level Tracer for Ruby

We released ruby-trace back in August to coincide with my DEF CON 29 talk on it and parasitic tracing in general. Back then, it supported (c)Ruby 2.6 through 3.0. A few days ago, Ruby 3.1 was released. We have updated ruby-trace to add support for Ruby 3.1 and reorganized our test suite to validate our … Continue reading Tool Update – ruby-trace: A Low-Level Tracer for Ruby →

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches

Background Java Virtual Machines (JVMs) provide a number of mechanisms to inspect and modify the Java applications and the runtime they stand on. These include Java agents, JARs that are capable of modifying Java class files at runtime; and JVMTI agents, native libraries that can perform deep hooking into the innards of the JVM itself. … Continue reading Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches →

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228

tl;dr Run our new tool by adding -javaagent:log4j-jndi-be-gone-1.0.0-standalone.jar to all of your JVM Java stuff to stop log4j from loading classes remotely over LDAP. This will prevent malicious inputs from triggering the "Log4Shell" vulnerability and gaining remote code execution on your systems. . In this post, we first offer some context on the vulnerability, the … Continue reading log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 →

Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

This is the second blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures central to Ethereum 2.0, the zero-knowledge arguments underpinning Filecoin, and a wide variety of other emerging applications. While my prior blog series, "Pairing over BLS12-381," implemented the entire pairing … Continue reading Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly →

Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0

NCC Group's Exploit Development Group document exploiting the sudo vulnerability on VMWare vCenter Server

Tool Release – Reliably-checked String Library Binding

by Robert C. Seacord Memory Safety Reliably-checked Strings is a library binding I created that uses static array extents to improve diagnostics that can help identify memory safety flaws. This is part of broader initiative in the C Standards Committee to improve bounds checking for array types. See my blog post Improving Software Security through … Continue reading Tool Release – Reliably-checked String Library Binding →

Are you oversharing (in Salesforce)? Our new tool could sniff it out!

Unauthorised access to data is a primary concern of clients who commission a Salesforce assessment. The Salesforce documentation acknowledges that the sharing model is a "complex relationship between role hierarchies, user permissions, sharing rules, and exceptions for certain situations"[1]. It is often said that complexity and security are natural enemies. Salesforce empowers its users with … Continue reading Are you oversharing (in Salesforce)? Our new tool could sniff it out! →