Иногда полезно разгребать закладки в браузере и избранные посты, которые откладывались до появления энтузиазма. Проведем обзор опубликованных блогпостов, докладов и исследовательских материалов, которые вряд ли станут «исследованиями года», но несут в себе новые техники. Кто знает, какая из них может вдруг выстрелить и полностью поменять ландшафт угроз?
With the latest Linux kernel, the fuzzing process will be easier not only for our team. Thanks to Denis Valeev, who discovered, prepared, and contributed the patch to kernel v.5.16.5.
The discovered bug breaks nyx-fuzz (also included in AFL++ code base) that uses VMware backdoor as an alternative way for hypercall from guest user-mode. With this bug, a hypercall is interpreted as a GP and leads to process termination. Bug occurs on GP triggered by VMware backdoor when eax value is unaligned. eax alignment check should not be applied to non-SVM instructions because it leads to incorrect omission of the instructions emulation. The solution is to apply alignment check only to SVM instructions.
The concept of a smart city involves bringing together various modern technologies and solutions that can ensure comfortable and convenient provision of services to people, public safety, efficient consumption of resources, etc. However, something that often goes under the radar of enthusiasts championing the smart city concept is the security of smart city components themselves. The truth is that a smart city’s infrastructure develops faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals.