ICYMI: This week's show is up!
@metlstorm.risky.biz and I were joined by our new podcast host @jameswilson.io to talk all about the Notepad++ supply chain compromise and the security angle on the Clawdbot/Moltbook fiasco:
VIDEO: www.youtube.com/watch?v=W5hx...
AUDIO: risky.biz/RB823
Maybe one day our paths will cross π
Found an interesting ruby bug, time to see if it impacts rails. Anyone want to collab?
The Pentium's microcode ROM holds 414,720 bits in total: 4608 micro-instructions. For more photos of the Pentium's microcode circuitry along with a detailed explanation, see my latest blog post:
www.righto.com/2025/03/pent...
Thank you! That motivates me to continue writing and sharing!
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
Ten years ago, I realised I needed to rewrite ActiveScan++ in Java. After putting it off for so long that artificial intelligence was literally able to do 90% of the work for me, I've done it! It's now available in the BApp store. Report issues and feature requests here ->
github.com/albinowax/Ac...
Security researcher Luke Jahnke has published an escape for SafeMarshal, a new Ruby security gem that can be used to block deserialization attacks
nastystereo.com/security/rub...
Haha it is starting to feel like an advent calendar. But no, just a lot of free time lately. Maybe I need tougher targets, any suggestions?
My latest blog post is live π₯ Read it to learn what SafeMarshal is and *two* very different ways to escape and get RCE!
Read it to find out why Date is *not* a safe class in Ruby or how to leverage serialized strings being constructed with string concatenation!
nastystereo.com/security/rub...
I've just rewritten ActiveScan++ in Java to lay the foundation for some major enhancements. It's not in the BApp store yet but if you'd like to take it for a spin you can grab it here:
github.com/albinowax/Ac...
π¨ CORS vulnerabilities in Go π¨
Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! π
Learn how these patterns lead to bypasses ππ
π pentesterlab.com/blog/golang-...
I hope to write a follow up post that covers the footguns I learnt about for R apps, especially jsonlite::fromJSON ;)
New blog post is up!
Shiny Vulnerabilities in R's Most Popular Web Framework
nastystereo.com/security/r-s...
Turns out the programming language R is used for more than statistics, including web apps!
I think my post showing that Ruby's substring implementation is faulty is a little bit interesting, hoping someone else can chain it with another bug someday to show some true impact: nastystereo.com/security/rub...
Not sure how I missed that, but we now actually have Ken Thompson's C compiler backdoor code from the classic "Reflections on Trusting Trust". An excellent writeup by @swtch.com - research.swtch.com/nih.
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
one tip for i3 is to use pypi.org/project/quic...
I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby!
It builds on the work of others, including Leonardo Giovanni, @ulldma.bsky.social and @vakzz.bsky.social
nastystereo.com/security/rub...
