🐂 Renegade Security | NO. 3 (Standard Edition)

A Moses Frost Newsletter

Feb 21, 2022

The last few weeks were hectic for me, and as such, the Newsletter had to take a back seat. This week we return to some normalcy, I won’t get into the specifics, but I will mention that these newsletters are more of a labor of love, and I’d much rather put out quality than quantity. Here are some thoughts for the last few weeks. If, and I do mean if, Russia goes to war with Ukraine, then I suspect there would be a pretty large Cyber contingent. In a previous life when I was over at the previous company, they had plenty of visibility into what was going on in that country. While they have posted a blog recently around attacks, they also have history going back years. Take a look at those posts, this is actually not recent, but from the eyes of that country, systemic, persistent, and consistent since they took portions of that country.

Everything old is new Department

Before getting into all the Technical news, Sunday morning I saw this interesting youtube video. It’s a 15 minute watch, but also a quick read on twitter. While I understand why the company operates this way, I can just see all the mistakes they are making and know that they have a long way to go culturally before they come to the same conclusions. I suspect from a security standpoint, we will see TONS of bugs. Here is the link, its basically what is like to work at Tiktok (China) vs Facebook (US): https://twitter.com/LucasOuYang/thread/1493408428626100226. Here is one red flag: No unit tests.

There was a recent bit of how to read uninitialized memory in HTTP stacks recently in a Heartbleed like fashion, this time focused on HTTP3. This style of attacks a not new, in fact there was an issue in NodeJS years ago, this function still exists today.

While we are at it, how about write.exe in Windows? I believe this data back to Windows 1.0?

Grzegorz Tworek @0gtweet

"write.exe" is just ShellExecute() to wordpad.exe. And ShellExecute() reads HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths before reading HKLM. Which means, you can use "write" to launch anything if you create "wordpad.exe" subkey. And it explains why I love Windows.🙃

Speaking of old and new, backwards compatibility may plague us all for quite sometime, here is the Amazon Web Services version of the issue. It appears, AWS IDMSv2 transition will be difficult:

Ben Reser @BenReser

v4.0.0 of the #Terraform AWS Provider came out today. It moves the provider to using IMDSv2. If you're running in a container on an EC2 instance you'll need to increase the HttpPutResponseHopLimit to 2. If you don't you'll get errors about "no valid credential sources."

Crypto … To the moon? Derpartment (SIC).

What happens if the underlying network isn’t secure? BGP used to steal coins.

Watch this video, tell me your thoughts. It’s two hours, I know I know. But I will say, if you want to know whats going on right now with Crypto currencies, and NFTs, maybe this will give you a different, and dark, perspective.

I understand that there is a TON of Twitter in this newsletter, but this one is important. OpenSea NFTs were hacked en masse. The video above can show you somewhat why. To be frank, it has to do with a Solidity smart contract that appears to be stealing the code.