18F & hospital tech around the US. Opinions mine; Boosts/likes/follows ≠ endorsements. 🐦: @wslack
wslack
- 318 Followers
- 209 Following
- 516 Posts
Decatur GA native serving at USDS, prev
18F & hospital tech around the US. Opinions mine; Boosts/likes/follows ≠ endorsements. 🐦: @wslack
18F & hospital tech around the US. Opinions mine; Boosts/likes/follows ≠ endorsements. 🐦: @wslack
[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)
Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain. This exploit chain leverages two vulnerabilities to achieve pre-auth remote code execution (RCE) on the SharePoint server: Authentication Bypass – An unauthenticated attacker can impersonate as any SharePoint user by spoofing valid JSON Web Tokens (JWTs), using the none signing algorithm to subvert signature validation checks when verifying JWT tokens used for OAuth authentication.
This is odd: why does Google Maps forget the DC Metro exists when asking directions with the starting point of "The White House" vs starting point just north of the building? Is it trying not to confuse tourists?