March 15, 2023
-
-

Hi. Guy who worked in MSRC & shipped the MS17-010 patch here.
*Preview pane* RCE was like the holy grail of non-OS vulns. This is so cool (the vuln, not the target because I will always #StandWithUkraine).
But goddamn y’all better install this one. Trust me. I know.

Ryan Naraine @ryanaraine

We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: mdsec.co.uk/2023/03/exploi… by @domchell


Well, I'd argue the Outlook 0day has its limitations, although it seems to be a nation state 0day attack (see who reported it). It doesn't allow RCE but NTLM leaking. What I want to say is if ur org still allows outbound 139/445 connection, well, you already got bigger problems.

-
-

Today is a sad day:
Apparently, my favourite HTML element, <marquee />
Has been deprecated ⚠️
My first ever website used it everywhere.
Thanks for all the great memories. We will miss ya.
-

GPT-4 can take a picture of napkin mockup as an input and output a fully functional website (HTML/CSS/JS) 🤯🤯🤯


-
The oldest privesc: injecting careless administrators' terminals using TTY pushback
https://www.errno.fr/TTYPushback.html
-
-