Fuzzing for Vulns, GitLab Auth Bypass, JPEG Vulns, Programming Language Ranks – ASW #300

This article has a very familiar opening about a "buffer overflow caused by a copy operation that uses a length value taken directly from attacker-controlled packet data without bounds checking."

It was discovered with a fuzzer, which might not sound as cool as using an AI or LLM, but remains one of the most effective tools for vuln discovery.

I can't resist a vuln write-up that talks about path traversal. This article also demonstrates persistence in focus on tracking vulns over long timeframes.

Authentication endpoints are fruitful areas for research. Not to mention how often we talk about authentication, SSO, and SAML around here.

At the heart of this vuln is a parsing problem with XML. I don't think we'll be able to get rid of XML any time soon, but it's at least better than the mess of ASN.1 that has plagued OpenSSL (and certificates) for ages. What's a good format that balances human readability with mistake-resistant structure for parsing?

I referenced The Silmarillion in last week's episode intro, so I felt obliged to include this article that makes a subtle nod to Khazad-dûm.

It also ties in nicely with this week's theme of file formats, parsing, and fuzzing. You don't have to get into the exploit details to appreciate this article or take away some lessons in parsing, sandboxing, and handling user-generated content.

The recording is available. Two presentations that stood out to me were:

• Service Agents and the Search for Transitive Access in GCP – starts here
• GCP and AWS identity federation - lessons learned from the field as well as cross-cloud forensics and incident response – starts here