John Simpson @thracky@infosec.exchange

It’s a bit late but here’s my in depth (read: LONG) look at CVE-2020-0601 with all the details of how cert chain validation happens in CryptoAPI and where things went wrong. #curveball

https://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601/

Mini pro-tip for Java reversing:

JD-GUI is my preferred decompiler if I want to attach a debugger since it preserves line numbers.

CFR tends to provide much more reasonable code output, especially when dealing with inner classes, but doesn't fix up line numbers for debugging. Much better for static analysis though.

ZDI just disclosed 118 vulnerabilities in Cisco DCNM covering 12 CVEs and corresponding with Cisco's advisories released yesterday.

https://www.zerodayinitiative.com/advisories/published/

and

https://tools.cisco.com/security/center/publicationListing.x?resourceIDs=233075&apply=1&totalbox=1&cp0=233075#~FilterByProduct

Very much looking forward to being able to share some bigger research in 2020 and maybe even some conference talks. Also starting a non-profit, creating reversing workshops, and all sorts of other fun stuff.

Finally, I found my first 2 CVEs this year, an HTTP/2 DoS in Tomcat: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20

And an unauthenticated potential RCE in Windows Deployment Services: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0603

Here's an abridged version of one of our vulnerability reports for quite possibly one of the silliest vulns I worked on this year, the IOS XE REST API auth bypass:

https://www.zerodayinitiative.com/blog/2019/10/17/cve-2019-12643-cisco-ios-xe-authentication-bypass-vulnerability

Here's my analysis of a Windows DHCP Server vuln, though I don't personally agree with the "analysis of it's exploitability" title. It'd be tough as nails to exploit (probably) but we don't spend extensive time on that sort of thing:

https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-0725-an-analysis-of-its-exploitability/

Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:

Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:

https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-11815-a-cautionary-tale-about-cvss-scores/

#infosec

So I’ve gone and created a vulnerability research room on Matrix if anyone cares to join. Pretty lonely in there at the moment but looking to start a positive place to share tips and tricks and ask questions.

https://matrix.to/#/!HyTIuilAJZLTZavOKj:matrix.org?via=matrix.org

#infosec #hacking #vulnerability

Finally figured out that whole PAYDAY vuln. Yeah it's pretty bad, but only *really* bad if you haven't patched since April 2018.

Reversing undocumented protocols is tremendously satisfying.