I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-)

github.com/amlweems/xzbot

Interesting...
#xzbackdoor

1/2

You've seen the XZ backdoor, but have you gotten hands on with it?

With just a config edit and a deploy, the backdoor and xzbot tool is setup for you - thats the power of 🏟️ Ludus!

New Flare VM, REMnux, and Commando VM roles/templates dropped too!

docs.ludus.cloud/docs/Environme…

Linux users after xz backdoor discovered 🐧🐧

That’s how the xz backdoor was discovered 😂

📢 Dowiedz się, jak oprogramowanie #NeuVector firmy SUSE, które w 100% jest oparte na #opensource , może zapewnić 🛡️pełne bezpieczeństwo kontenerów i środowisk #Kubernetes , także przed atakiem XZ Backdoor CVE-2024-3094 .

Zobacz nasz nowy wpis na blogu👉 okt.to/1eA6J4

How the #XZUtils SSHD backdoor works.

#ThreatHunting #DFIR #xzbackdoor

Based on Anthony Weems POC

battle of backdoors

udemy.com/course/windows…

#infosec #redteam #malware #hacking #XZBackdoor

W kwietniowych #SUSENews zapraszamy na bezpłatne warsztaty online z zarządzania i zabezpieczania #Kubernetes i skonteneryzowanych aplikacji. Publikujemy nagrania sesji z #OpenSourceDay . Piszemy jak chronić się przed XZ Backdoor CVE-2024-3094.

👉Sprawdź: okt.to/aifAhj

Fresh from Binarly REsearch team: We’ve completed an in-depth analysis of the #XZbackdoor , from initialization to the main hook enabling remote access.

Dive into our validated breakdown of techniques and backdoor functionalities, complete with proofs.
github.com/binarly-io/bin…

XZ Backdoor 😅

#Linux #Technology

🔥 XZ Backdoor / Linux Güvenlik Zaafiyeti Hakkında CVE-2024-3094

- Andres Freund adlı bir mühendis yakın zamanda Debian sisteminde SSH oturum açma işlemlerinin çok fazla CPU tükettiğini farkedince işletim sistemini izlemeye / incelemeye başlıyor ve dikkati sayesinde bu

W kwietniowych #SUSENews zapraszamy na bezpłatne warsztaty online z zarządzania i zabezpieczania #Kubernetes i skonteneryzowanych aplikacji. Publikujemy nagrania sesji z #OpenSourceDay . Piszemy jak chronić się przed XZ Backdoor CVE-2024-3094.

👉Sprawdź: okt.to/1ueUcW

I have read excellent discussions about XZ backdoor (CVE-2024-3094: nvd.nist.gov/vuln/detail/CV… - Base Score: 10.0 CRITICAL), but one pending question is: whoever has done it, was it an one-off effort or were multiple other open source projects compromised?

#xzbackdoor #cve

CVE-2024-1086 (Local Privilege Escalation)
-
While the xz backdoor was all over the place, this incredible exploit seemed to 'slip' by!
-
This is working on most Linux kernels from 5.14 to v6.6
-
Repo: github.com/Notselwyn/CVE-…
-
Creator: Lau

Presented an online session at null Ahmedabad (n|u Ahmedabad) monthly meet. Talked about the biggest cybersecurity attacks through April and their working.

• XZ backdoor
• Palo Alto PAN-OS attack and more

Feels great to contribute to the community in whatever little ways.

#cybersecurity #nullahm

W kwietniowych #SUSENews zapraszamy na bezpłatne warsztaty online z zarządzania i zabezpieczania #Kubernetes i skonteneryzowanych aplikacji. Publikujemy nagrania sesji z #OpenSourceDay . Piszemy jak chronić się przed XZ Backdoor CVE-2024-3094.

👉Sprawdź: okt.to/LxSXCD

Codeium backdoor >> xz backdoor

It's been a while. I wrote a blog post instead of writing a thread here. I hope you're not tired of xz backdoor discourse yet.