OSED, North Korean hackers, NAT Slipstream 2.0, and PGP (in)security

Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln.

Getting Started with Exploit Development

tl;dr The rest of this goes into detail about what topics matter and why from each resource, but if you want to cut to the chase and ignore that... * Prerequisites * C programming language * x86 Assembly (32bit and 64bit) * Linux terminal usage * Exploit Education - Nebula [https://exploit.education/nebula/] - Start thinking like an attacker and learning to do research * Open Security Training - Introduction to Software Exploitation [https://opensecuritytraining.info/E

Fireeye, PS4 exploit, and MacOS LPE

Big news this week as several government agencies and contractors may have been compromised. We also have a number of great writeups this week covering everything from a PS4 webkit exploit, MacOS, and Windows.