4DgiftsJul 2, 2024

So i wrote this on the other site (the short messages wannabe porn site) and predictably got just a single response.
Perhaps here I would fare better?

Reading the Qualys writeup about the OpenSSH race condition RCE it occurred to me that there should be a book titled "Beautiful Exploits" in which a handful of beautiful exploits are explained and their philosophical and historical implications are discussed.

Which ones you'd pick?

Show threadSeth Hanford 🐡Jul 2, 2024
@4Dgifts @wdormann I think log4j just from the bonkers exploitability surface area. Somebody just drops some jndi string into a device name or form field and some system far removed just goes to grab some Java class & runs it. I also really liked the creativity in CVE-2023-38408 (OpenSSH ssh-agent RCE); but if the Qualys folks write anything up, it just makes me smile.
Show threadWill Dormann
@ckure @4Dgifts
Yeah, the fact that log4j affected Ghidra was something special. 😂
Qualys writeups are always next-level.
Jul 2, 2024 at 11:32amWeb