Mohd Waqas’ Post

As a software developer whose first programming language was C and C++. This is so disrespectful to see Unites States (FBI and Security Agencies ) is asking to drop C ane C++ from cyber security and infrastructure software. Reason: unsafe memory management. But I support this, given the hacking and security vulnerabilities happend recently due to unsafe memory access.

If you have a massive C++ code base, does 𝐰𝐫𝐢𝐭𝐢𝐧𝐠 𝐧𝐞𝐰 𝐜𝐨𝐝𝐞 𝐢𝐧 𝐑𝐮𝐬𝐭 matter? It does. Though the reason why is not intuitive. Android had a 76% → 24% drop in memory safety vulnerabilities over 6 years. 💡 The key insight here is that even if the vast majority of a codebase is not in a memory safe language- Writing new code in a memory safe language (e.g. Rust) has a huge security impact, because new code is disproportionately responsible for bugs. > Based on the average vulnerability lifetimes, 5-year-old code has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes observed in Android and Chromium) lower vulnerability density than new code. Great post by Jeffrey Vander Stoep and Alex Rebert. https://lnkd.in/g4K7FB5q #cybersecurity #rust

A critical security flaw in the Rust standard library has been discovered, and it could be used to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0. To learn more about the flaw, check out this article: https://lnkd.in/g8CpxiMz. You can also find additional details on the CVE here: https://lnkd.in/gVXAwYXE. Stay vigilant, and make sure your systems are up-to-date and secure.

Attention Windows users! A critical security flaw in the Rust standard library has been discovered, which could lead to command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. However, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. According to the Rust Security Response working group, the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. Ensure that you are taking all necessary precautions to safeguard your systems against potential attacks. https://lnkd.in/etRe24tk

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape

I am looking for recommendations on code obfuscation techniques so that I can improve the security of a project I'm working on. 1 - Have you used any effective code obfuscation libraries on iOS? 2- What do you think of swift-confidential ( https://lnkd.in/dNFugHrH )? 3- Do you have any articles or resources that you found helpful ? Your recommendations and advice would be greatly appreciated. #CodeObfuscation #CyberSecurity #Programming #DeveloperCommunity

Day 50 of the 100 Days of PicoCTF Challenge: Cracking the Code and Uncovering the Flag I tackled a binary exploitation problem that required a deep understanding of input handling in C. Here’s how I approached the challenge and successfully uncovered the flag: The Challenge: I was presented with a C program that contained a critical block of code. The key was a conditional statement where the program would display the flag if a specific condition was met: The condition: if ((entry_number = strtol(entry, NULL, 10)) == 0) The Insight: I realized that the condition would be true if the input value converted to 0 using strtol(). This meant that by entering the value 0, the flag would be revealed. The Solution: I entered 0 at the prompt, knowing that strtol("0", NULL, 10) would result in 0. This triggered the program to display the flag. Key Takeaways: This challenge emphasized the importance of understanding how inputs are processed in C programs and highlighted the critical role of input validation in cybersecurity. Even the smallest detail in input handling can be the key to unlocking a system or capturing a flag. #Cybersecurity #PicoCTF #BinaryExploitation #ReverseEngineering #CaptureTheFlag #CTF #Linux #CProgramming #ProblemSolving #100DaysOfCode

🔒 XZ Utils Backdoor - CVE-2024-3094 🔒 Following recent news, a new backdoor has been identified to be affecting XZ versions 5.6.0 and 5.6.1. A malicious attacker was able to modify the upstream source code of the Github Project and push the vulnerable version to multiple Linux Distributions (Fedora, Alpine, etc.) software stack. The whole process is complex and appeared to be carefully studied running during a couple of years. Please ensure your systems are not running that XZ versions and downgrade to a safer release as soon as possible. I have written a blog post in where I explain a bit more of context of the issue. You can also find some references for further understanding the whole technique used by the attackers. #AppSec #CyberSecurity #OffensiveSecurity #Pentesting #Business #management

"A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API," the Rust Security Response working group said in an advisory released on April 9, 2024. "An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping."" https://lnkd.in/gJYmsRxD

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape