ITSEC Newsletter 2023-11-30

"After watching James Kettle’s presentation at DEF CON 31, I started to research more on Race Conditions and specifically on Single Packet Attack. In the end, I created a tool(Library) called H2SpaceX to exploit this type of race condition on HTTP/2 in addition to James Kettle implementation which is SpikeEngine.kt in Burp Turbo Intruder extension. My goal was to research and understand HTTP/2 and Single Packet Attack more and have a tool to test new techniques and more research on the topic. It also allows you to do some automation, for example, read and process the response of sent requests and then decide what to do based on responses. You can also integrate the tool into your environment."

"In the past months, while tackling some code review projects, I’ve been working to improve my Semgrep ruleset. Beside the experience gained in the field during my ongoing vulnerability research efforts, I’ve used as input what I learned by attending some training courses (OST2‘s Vulns1001 and Vulns1002, and InfoSect‘s Code Review) and I’ve tested my rules against a number of SAST test suites and test cases, conveniently collected by NIST’s Software Assurance Metrics And Tool Evaluation (SAMATE) project."

"People regularly use metasploit for utilizing exploits written by others. But what is actually the process of writing an exploit and since getting it published as a metasploit module? This is an important step to complete as other professionals can then reuse your work in customer engagements. This post outlines the process I followed to transform the authenticated Remote Code Execution (RCE) vulnerability in PRTG, identified as CVE-2023-32781, into a Metasploit exploit. The focus here is on the development of the exploit itself, rather than the steps for exploiting the RCE."