MonkeHacks #73

After a few relatively quiet weeks, it’s back to being hectic. The dupe period for the Google LHE started this week, so I’ve focused a lot on getting some good research done for that. I wrapped up a pentest as well, which proceeded smoothly. I built my little Raspberry Pi cluster; I haven’t had time to install Immich on it yet. The hardware side has been assembled - the Raspberry Pi 5, the SATA hat on it, and the cooling fan attached to the cluster stand. The cluster stand will allow me to expand the capabilities of the cluster really easily, if I have more projects I want to build. The SATA hat will double as backup storage, because it supports up to 100TB in SSDs (although I only have 1TB right now).

I’m returning to Ireland on Thursday (July 31) to see my family and friends for a few days. Again, I’ll just be focusing on work in that time; the week after next is onsite LHE and Def Con week.

Speaking of Def Con; I’ll be at Vulnerability Vibes on August 6. During Def Con itself, I’ll be hanging around the Bug Bounty Village for most of the event.

Weekly Ideas / Notes 

• Kevin Mizu launched a site that serves as a wiki for HTML gadgets that can be used to bypass sanitisers. This is really useful. You can find it here.

• I’ve been working on some interesting research for the Google LHE. It’s really interesting stuff, but I do feel that I lack some of the skill to do the ideas I have justice. All the more motivation to upskill. It’s always a difficult balance between learning new things, and making money. The LHE is a little bit stressful.

• I did quite a bit of reading this week; and next week, I’ll be reading even more, as I’ll be travelling to Ireland. Solenoid is great but it’s a little hard to digest sometimes; Terry Pratchett, on the other hand, has a prose as smooth as melting butter. I read the entirety of Equal Rites. Next is Mort. Then Sourcery.

• I got a Switch 2! The Switch 2 exclusive game lineup right now is… pretty bad, but it runs my old Switch games a lot more smoothly. I also bought a copy of Animal Crossing, and I’m strongly considering the new Mario Kart.

• My sleep schedule hasn’t really recovered, and that’s partially due to the temperature here; my sleeping hours will get a force reset when I take my morning flight to Ireland on Thursday.

• Somebody used a bird as a hard drive to save a PNG as an audio file, and then they got the bird to remember the sound and reproduce it. That is… insane. I love it.

Reading List

• Currently:

  • Fiction:

    • Solenoid by Mircea Cărtărescu (130/600 pages)

    • Equal Rites by Terry Pratchett (288/288 pages)

  • Non-Fiction: A Random Walk Down Wall Street by Burton Malkiel (150/300 pages)

• Next on the list:

  • Fiction: Mort by Terry Pratchett

  • Non-Fiction: Day Zero to Zero Day by Eugene Lim (SpaceRaccoon)

Resources

• Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000: This bug is an ingenious time-of-check-time-of-use (TOCTOU) issue in the Cloud Build approval flow. Seriously impressive.

• How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance: A cool writeup, again in-depth, from Searchlight - formerly Assetnote.

• Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution: Another XBOW finding. It’s getting better… for better or for worse.