cybersecurity cybersecurity npm search RCE? - Escape Sequence Injection
Jump
  • "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearSO
    solidsnail         9 months ago 100%

    That is very true.
    I do think that there's more depth to it than that. For example, dealing with it on the end of the terminal will probably break compatibility, and dealing with it on the app end will require every single dev to start sanitizing this. The challenges are real.

    1
    • appsec
    appsec solidsnail 9 months ago 100%
    npm search RCE? - Escape Sequence Injection blog.solidsnail.com
    6
    0
    cybersecurity
    cybersecurity solidsnail 9 months ago 85%
    npm search RCE? - Escape Sequence Injection blog.solidsnail.com
    5
    2
    appsec
    appsec solidsnail 10 months ago 100%
    It’s not a Feature, It’s a Vulnerability blog.solidsnail.com

    cross-posted from: https://infosec.pub/post/5707149 > I talk about a report I've made to MSRC in the beginning of the year regarding vscode. > > It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

    3
    0
    cybersecurity
    cybersecurity solidsnail 10 months ago 84%
    It’s not a Feature, It’s a Vulnerability blog.solidsnail.com

    I talk about a report I've made to MSRC in the beginning of the year regarding vscode. It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

    9
    0
    security Security From Terminal Output to Arbitrary Remote Code Execution
    Jump
  • "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearSO
    solidsnail         1 year ago 100%

    ( ͡° ͜ʖ ͡°)

    1
    • security Security From Terminal Output to Arbitrary Remote Code Execution
    Jump
  • "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearSO
    solidsnail         1 year ago 100%

    Stopped you? Wdym?

    1
    • security
    Security solidsnail 1 year ago 100%
    From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce

    cross-posted from: https://infosec.pub/post/2466014 > This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

    6
    4
    "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearEX
    Exploit Development solidsnail 1 year ago 100%
    From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce

    cross-posted from: https://infosec.pub/post/2466014 > This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

    3
    0
    cybersecurity
    cybersecurity solidsnail 1 year ago 100%
    From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce

    cross-posted from: https://infosec.pub/post/2466014 > This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

    7
    0
    "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearCY
    /c/cybersecurity - Cybersecurity News & Discussion solidsnail 1 year ago 100%
    From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce

    cross-posted from: https://infosec.pub/post/2466014 > This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

    7
    0
    security
    Security solidsnail 1 year ago 100%
    From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce

    cross-posted from: https://infosec.pub/post/2466014 > This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

    3
    0
    appsec
    appsec solidsnail 1 year ago 100%
    From Terminal Output to Arbitrary Remote Code Execution https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce

    This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

    1
    0
    cypherpunk cyph3rPunk Which browsers are best for privacy?
    Jump
  • "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearSO
    solidsnail         1 year ago 100%

    I think they're lacking explanation of what the data means.

    This can be very nuanced, and dependent on your goals.

    For example, in the context of fingerprinting, sometimes it's better to provide fake data instead of no data, because that itself can be a unique characteristic.

    8
    • cybersecurity cybersecurity Mentorship Monday - Discussions for career and learning!
    Jump
  • "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearSO
    solidsnail         1 year ago 0%

    I feel like I'm a bit lacking when it comes to finding race condition vulnerabilities. Any tips on that?

    0
    • securitynews Security News ASUS warns router customers: Patch now, or block all inbound requests
    Jump
  • "Initials" by "Florian Körner", licensed under "CC0 1.0". / Remix of the original. - Created with dicebear.comInitialsFlorian Körnerhttps://github.com/dicebear/dicebearSO
    solidsnail         1 year ago 100%

    Took them 5 years to fix a critical vulnerability.

    Really shows their concern for security.

    1