Forwarded from vx-underground
June 11th a Microsoft engineer accidentally leaked 4GB of Microsoft PlayReady internal code. It was leaked on the Microsoft Developer Community. The leak includes:
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
Forwarded from bupt.moe
#security
OpenSSH 发现 RCE。影响范围
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
OpenSSH 发现 RCE。影响范围
8.5p1 <= OpenSSH < 9.8p1 。https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
说个恶心的,一些TLS证书厂商会在公司TLS证书还有三个甚至两个月过期的时候直球打电话给业务部门,恐吓说证书即将过期/不合规/需要更换/……等各种,堪比当年的某菲安全对着GitHub公共库一键发射 SCA issue
Pseudorandom Thoughts
锐评ASUS 灵耀14 Ultra 9 32GB:OOBE会发烫而且高配版没有蓝色注定它只能是个相对失败的笔记本 键程和喇叭还可以,屏幕没玻璃覆盖扣分,轻薄是真挺轻薄的
已经用了2个月,强烈不建议买,实在受不了ASUS弱智的固件 开机空转 CPU 73摄氏度 了,在考虑换个 Magicbook/ThinkBook X
Forwarded from 没处说的话
https://mp.weixin.qq.com/s/rtgOCzg_Dc9DbMBRLi2UdA
笑点解析:手机为主的N要素认证这么多年,全国数据都快被脱干净了,终于想起来当年做过eID
笑点解析:手机为主的N要素认证这么多年,全国数据都快被脱干净了,终于想起来当年做过eID
OffSec Learn Unlimited半年回顾:
发现OffSec系列考试我每考一次能轻4斤😰
OSWA二十天刷完所有课程+靶机
五台靶机每台后台10分getshell 10分 一战 60/100 二战 80/100 刚提交报告不知道能不能拿证
OSCP半年慢慢摸刷完课程 PG几乎没做。根据官方统计,PG都刷完的人肯定能过CP
AD整块60分 三台靶机getshell 10分 提权10分 要求必须是交互式shell 一战 40/100 二战先歇了
下一场是OSDA,我还没开始学呢(雾)
看考试类型总觉得300系列可能比200还简单点(没那么要求脑洞)
我是2024年1月报的LU,但前面太摸鱼了,拖到6月才考,现在想来至少前几个月可以直接先约考试逼一下自己 把OSWP OSDA和OSWA考下来的 现在要4个月搞完OSCA3,有点紧张了。
发现OffSec系列考试我每考一次能轻4斤😰
OSWA二十天刷完所有课程+靶机
五台靶机每台后台10分getshell 10分 一战 60/100 二战 80/100 刚提交报告不知道能不能拿证
OSCP半年慢慢摸刷完课程 PG几乎没做。根据官方统计,PG都刷完的人肯定能过CP
AD整块60分 三台靶机getshell 10分 提权10分 要求必须是交互式shell 一战 40/100 二战先歇了
下一场是OSDA,我还没开始学呢(雾)
看考试类型总觉得300系列可能比200还简单点(没那么要求脑洞)
我是2024年1月报的LU,但前面太摸鱼了,拖到6月才考,现在想来至少前几个月可以直接先约考试逼一下自己 把OSWP OSDA和OSWA考下来的 现在要4个月搞完OSCA3,有点紧张了。
跟朋友聊天的时候想到,这几年90后怀旧题材这么火,怎么感觉故事会县城宇宙的文艺创作不是很多,比如那种石米/白色竖条瓷砖外立面的矮楼和蓝色的推不开的玻璃窗,阋墙而各自心怀鬼胎的兄弟开红色铃木摩托去村委会的路上出了车祸,小镇上车载喇叭在喊有水族馆巡回演出结果去到了是水缸里奄奄一息的海马和海胆,大巴车司机在山间镇子穿行时看见停电的晚上有人在路边烧纸,诸如此类。
Forwarded from K4YT3X's Channel (K4YT3X)
离谱,真 tm 离谱,祝愿 Hilton 年年 data breach
https://www.reddit.com/r/Defcon/comments/1enmgf1/def_con_attendees/
https://www.reddit.com/r/Defcon/comments/1enmgf1/def_con_attendees/