Below is not financial advice and may not be accurate. Read JL Collin’s book on a Simple Path To Wealth. It decomplexes investing. Max out employee 401k contributions. It’s free money. Do not try and beat the market. Stick with index tracking securities (VT,VTI, VXUS,VOO,BND,BNDX). Put money into the market every month. Setup your broker…
All posts by justintaft
CVE-2020-16225: TPEditor v1.96 Code Execution via Memory Corruption
TLDR; TPEditor v1.96 does not perform bound checking when copying “boot page” (.sta) file content to memory. The finding can be exploited to gain arbitrary code execution upon file opening. Greetz to @mufinnnnnnn who paired up with me on the review. It was a highly collaborative effort to discover and exploit the bug. [ZDI Link] This…
CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads
Recently my CVE-2021-29084 went public [ZDI Link]. I thought it would be fun to share my disclosure notes. TLDR; The Synology DS418play NAS contained an unauthenticated accessible endpoint vulnerable to HTTP header injection. Due to nginx’s configuration, the X-Accel-Redirect header can be used download files which are shared via SMB. Note the finding requires knowledge…
Exporting Bitwarden Vault Items When Master Password Is Forgotten But TouchID Unlock Is Enabled
Disclaimer: If you have access to your Bitwarden Vault items, it’s best to make a copy of all vault items ASAP. Create a new Bitwarden account without logging out of the old account, SAVE A COPY OF THE NEW ACCOUNT’S MASTER PASSWORD, and then copy vault items into the new account manually. Tampering with Bitwarden is NOT recommended,…
Scaling A Read Heavy WordPress Blog
I finally caved in. I migrated to WordPress. I know I know, it’s not that impressive or news worthy. However it does reflect me getting older and wanting to simplify my life. Keeping the end goals in mind and keeping things (relatively) simple to achieve them. My last setup was pretty scalable. My site was…
On Emacs
Over the last 20 years I’ve used many environments for programming and editing files (vim, Emacs, Eclipse, NetBeans, PHPStorm, Visual Studio, just to name some). While I will use the right tool for the right job, I’m partial to Emacs. Emacs is easy to extend – You can modify Emacs while it’s running, within Emacs.…
.NET Deserilization Gadgets
The use of BinaryFormatter in .NET applications often leads to Remote Code Execution quite easily. See https://github.com/pwntester/ysoserial.net for example gadgets. When testing the TypeConfuseDelegate payload in your own project, a couple of exceptions may be thrown: ‘Object must implement IConvertible’ – This occurs when the appropriate deserialization types can not be found. Check to ensure…
Applying SELinux Tags To Allow Cross-VM Disk Access
Fedora uses SELinux’s Multi Category Security to restrict VMs from accessing other VMs backing disks. Each VM is assigned a randomized category number when starting. When accessing a VM disk file from another running VM, such as by sharing a directory, an error similar to the following is logged by systemd: audit[26742]: AVC avc: denied…
Creating and backing up security sensitive VMs using KVM and Borg
It’s Thursday night. You’ve been hacking away at a web app all week. All of a sudden your laptop turns off because you forgot to plug in the power cord. No bigge you think. You plug your laptop in, boot it up, and start the VM you’ve been using. Crap, you sigh to yourself, as…