hackermondev

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

sagittarius-a

Patching the IDA Pro 9.0 BETA

Note

Obligatory disclaimer: this is for educational purposes only. I am not responsible for any damages caused by following this guide, or using any of the script(s) herein.

This guide prioritizes arm64 macOS, but may also work for other platforms.

---

Step 1 - Patching dylibs

Kyle-Ye

Inspired by https://infosec.exchange/@jjtech/112612685494089718

Method 1: LLDB

Step 0

Reboot into Recovery OS + Disable SIP

csrutil disable

x-yuri

Generating SSL certificates

req:

openssl req -x509 -subj /CN=root.yourdomain.com -days 3650 -noenc \
    -out root.crt -keyout root.key
  # -x509 - generate a certificate
  # -subj - subject
  # -days - validity period

thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

marcnewlin

#!/usr/bin/env python3

import usb.core
import struct
from collections import namedtuple

APPLE_VID = 0x05ac

Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])

Dump-GUY

'''
IDA plugin to display the calls and strings referenced by a function as hints.

Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <[email protected]>
Licence: Apache 2.0
'''
import idc
import idaapi
import idautils

jershmagersh

Can you write Python that extracts the copied_alphabet string from the __builtin_strncpy in this function and uses it to decrypt data wtihin the dec_sc_buff variable using the binary ninja API? 👤

🤖 To extract the copied_alphabet string and decrypt data within the dec_sc_buff variable using the Binary Ninja API, you can follow these steps: Extract the copied_alphabet string directly from the provided HLIL. Implement the decryption logic based on the operation described in the HLIL for modifying dec_sc_buff. Use the Binary Ninja API for any additional operations needed. Here is a Python example that accomplishes this:

awakecoding

function Install-DbgHelp {
    param (
        [Parameter(Mandatory=$true, Position=0)]
        [string] $DbgHelpBaseDir,

        [Parameter()]
        [string[]] $DbgHelpFiles = @('dbghelp.dll','symsrv.dll','srcsrv.dll'),

        [Parameter()]
        [switch] $Cleanup

SinaKarvandi

start path "C:\Windows\notepad.exe"
g
? .thread_intercept_thread = 0;
? .target_pid = $pid;
? .target_tid = 0;
? .target_allocation_address = 0;
? .target_allocation_size = 0;
? .is_commited = 0;

!sysret stage post script {