This week has been crazy with a lot of excellent content that should keep you busy for a while! Crypto, Sandboxes, WAF Bypasses...
๐ Upcoming hardening in PHP
With so many websites running on PHP, itโs good that people are working on making PHP itself a harder target! You can find a list of the upcoming and recent improvements in this post: Upcoming hardening in PHP. From heap hardening to limiting the number of PHP filters, these updates bring a lot of great changes to make PHP more secure.
๐ Known Attacks on Elliptic Curve Cryptography
All the Elliptic Curve attacks in one place! A well-detailed and comprehensive list of everything you need to know about Elliptic Curve attacks.
๐ก๏ธ When WAFs Go Awry: Common Detection & Evasion Techniques for Web Application Firewalls
It starts a bit slow but then it goes to the next level with actual detailed case studies on real bypasses, an excellent article from the MDSec Research team. When WAFs Go Awry. Keep that one handy for your next encounter with a WAF.
๐ฅ๏ธ A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities
Everything you didnโt know you wanted to know about macOS sandbox escapes with exploit and demos. A lot of super interesting details: A New Era of macOS Sandbox Escapes
๐ Path traversal via crafted Git repositories
Joernchen strikes again! This time with a directory traversal in the Jujutsu version control system: CVE-2024-51990.
๐งฉ ssl/shortboost
If you love Unicode, you are going to love this GitHub repository: ssl/shortboost
๐ค From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
AI finding bugs? Project Zero details how their Big Sleep agent found an exploitable stack buffer underflow in SQLite.
