this new SSH exploit is absolutely wild
321,603
Publicado 2024-07-03
blog.qualys.com/vulnerabilities-threat-research/20…
www.qualys.com/2024/07/01/cve-2024-6387/regresshio…
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy/
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥 SOCIALS 🔥
Come hang out at lowlevel.tv/
Todos los comentarios (21)
-
haha wouldn't it be cool if you learned C and assembly haha lowlevel.academy/
-
Temple OS is once again not affected? Coincidence?
-
That's why we call it "OpenSSH".
-
The creativity of threat hunters will NEVER cease to amaze me
-
LLL: "It's from 20 years ago, 2006." Me: "It's not THAT long -- Oh shit..."
-
Can I just say this? Thank you Low Level Learning for dark mode. So many yt chanels flash bang me.
-
"Everyone can do it" - Yeah for now nobody was able to do it on a 64 bit system only on 32 bit systems lol.
-
Bugs like this are part of why I use a pretty aggressive fail2ban. The attacker doesn't get 10,000 tries... instead they get 3 tries or sometimes even less. The bans eventually expire, but instead of hours to get in, it would take decades. Plenty of time to install a fixed version.
-
This has all my windows people at work scream LINUX VIRUS and im so exhausted of telling them it would take literal hours and using fail2ban is a dead simple mitigation any public server should have anyway. Ugh... That said, this explanation was really good! Reminds me of the late Tetris level shenanigans where VBlank interrupts cause almost the same situation - albeit of a different nature.
-
I think at this point we can update the saying to "the three hardest problems in computer science are cache invalidation, naming things, asynchronous programs and 'Off By 1' errors"
-
oh that is why an openssh update was avaliable.
-
Just wanna say I love your vids man , high prod quality and clear description of the issue.
-
I use sssh. Safer ssh
-
Interesting video & well explained. I'll be coming back to this channel for more content like this, good stuff! 👍
-
What an excellent explanation, you are a great teacher. Subscribed!
-
This is a really high quality and useful video for me. It makes me look smart to my bosses. Thank you :)
-
Great stuff. Thanks ever so much LLL!
-
Great video and breakdown!
-
very well explained. i love that the vulnerability is put under real word context and report is not just a scary click bait. if one has a cloud server e.g. amazon, they should limit their client IP address for that ssh port.
-
Your explaination for laypersons is very very good. I'm not a programmer or security expert by any means, but found it was easy to comprehend thanks to your summary