John Simpson @thracky@infosec.exchange
- Country
- Canada 🍁
N-Day Vulnerability Researcher @ Trend Micro
Opinions are not my employer's.
Migrating to here from @Thracky
Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:
Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:
Mini pro-tip for Java reversing:
JD-GUI is my preferred decompiler if I want to attach a debugger since it preserves line numbers.
CFR tends to provide much more reasonable code output, especially when dealing with inner classes, but doesn't fix up line numbers for debugging. Much better for static analysis though.
ZDI just disclosed 118 vulnerabilities in Cisco DCNM covering 12 CVEs and corresponding with Cisco's advisories released yesterday.
https://www.zerodayinitiative.com/advisories/published/
and
Very much looking forward to being able to share some bigger research in 2020 and maybe even some conference talks. Also starting a non-profit, creating reversing workshops, and all sorts of other fun stuff.
Finally, I found my first 2 CVEs this year, an HTTP/2 DoS in Tomcat: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20
And an unauthenticated potential RCE in Windows Deployment Services: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0603
Here's an abridged version of one of our vulnerability reports for quite possibly one of the silliest vulns I worked on this year, the IOS XE REST API auth bypass:
Here's my analysis of a Windows DHCP Server vuln, though I don't personally agree with the "analysis of it's exploitability" title. It'd be tough as nails to exploit (probably) but we don't spend extensive time on that sort of thing:
Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:
Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:
So I’ve gone and created a vulnerability research room on Matrix if anyone cares to join. Pretty lonely in there at the moment but looking to start a positive place to share tips and tricks and ask questions.
https://matrix.to/#/!HyTIuilAJZLTZavOKj:matrix.org?via=matrix.org
Finally figured out that whole PAYDAY vuln. Yeah it's pretty bad, but only *really* bad if you haven't patched since April 2018.
Reversing undocumented protocols is tremendously satisfying.
49% of workers, when forced to update their password, reuse the same one with just a minor change.
- Country
- Canada 🍁
N-Day Vulnerability Researcher @ Trend Micro
Opinions are not my employer's.
Migrating to here from @Thracky
