fsebugoutzone.org:9999

       Post ATMSxL8IBkMjZcjDrU by hdm@infosec.exchange
 (DIR) More posts by hdm@infosec.exchange
 (DIR) Post #ATMSxJFfBN4bjuA54a by hdm@infosec.exchange
       2023-03-07T02:57:19Z
       
       1 likes, 1 repeats
       
       I love crypto research that demonstrates practical attacks. The paper `A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm` by Nicky Mouha and Christopher Celi demonstrates RCE (!) through controlled memory corruption in the final-round update of the Keccak code used by SHA-3. This implementation bug affected Python, PHP, and the SHA-3 Ruby package: https://eprint.iacr.org/2023/331Bonus points for dropping a Metasploit reverse TCP payload!
       
 (DIR) Post #ATMSxL8IBkMjZcjDrU by hdm@infosec.exchange
       2023-03-07T03:02:27Z
       
       0 likes, 0 repeats
       
       this is also not a great look: https://github.com/KeccakTeam/KeccakTools/pull/4/files