LainTrain

My friend it is you who is socially inept. Trans people are not basement dwelling "politicals" most of us are just normal every day folks with jobs and partners etc. who just want to be respected to the same level that everyone else is.

I have never even heard of this browser but it's clear the maintainers have priorities of pushing an agenda rather than designing software to meet end user requirements and I wish them well and hope they can learn to set aside their ideology.

Fundamentally it also doesn't even have to be about that either, gender-neutral is a factual grammatic term and it's silly to suggest using gender-neutral pronouns is some sort of political act.

If anything it's Andreas who made it political by taking it so personally in his head, which he did because of political bogeymen in his head, he got triggered by a term and now the chuddie defense force rushes to his side in the latest culture war battleground.

Thanks! The reason I was looking for an example is because I understand:

overflow a return address with a crafted string, return to the overwritten stack buffer full of shellcode

In principle, but not in practice. Especially the last part.

I have my char buf[16] and some char * ptr = buf; and then a gets() gets a 20 char string, causing a buffer overflow either then or when the buffer is read where it reads out of bounds.

I've done this many times, sometimes intentionally, and if I visualize the memory as one continuous line where the ptr is stored at the precise address buf[20] is at, allowing me to write into that memory location a new address for the pointer by having part of the string given to gets() be a new memory address at the address of ptr, so that next time that pointer is accessed in a program, it leads to an arbitrary memory read, and the arbitrary pointer address can be to still further down in the initial string we gave to gets(), e.g. buf[40] where our shellcode is stored, but how to do this - implement it in practice (so - in code), I don't really know.

Specifically I don't know how to make a pointer at a predictable constant address so it's stored address can be overwritten, and how to make the reading of the resulting maliciously modified pointer also somehow execute code. I'm guessing it can't just be a char pointer reading in data, right?

I just want to learn in more practical terms how exploits like this function in the wild haha, but eventually I do hope to become a C chad and even an assembly chad and understand how computers actually work and perhaps shake the impostor syndrome of being a skid neesus monkey when it comes to pentesting and do something worth doing :)

Link?

Ah never heard of that before!

Pizza place?

If an add-on is modifying contents of pages it shouldn't or of the clipboard when it shouldn't, you would have to give it explicit permission at install time, i.e. "This extension can: Read and Modify Data on all sites you visit: Read and Modify contents of the clipboard."

Obviously a simple URL redirector for wikipedia requesting access to this data is absurd and would be an immediate red flag. The reason this very thing doesn't happen more often, is because frankly you'd have to be so computer illiterate to get to that stage that it is much easier to just phish you with basic Facebook profile info for much greater gains.

This is also the reason most "hacks" nowadays are either supply-side or phishing, shit is just too secure, no fun. We should bring back ActiveX.

I'm an cybersec MSc and an infosec professional.

You obviously shouldn't install closed source or otherwise shady extensions from dodgy authors you don't know, but on the whole there is very little they can do that you should worry about.

Most "advice" comes from people who want to sell you something and the infosec industry is mostly a scam to drain B2B procurement budgets plus a few gay furry researchers at defcon who are incomprehensible savants and actual malware authors who do something, unless they just write crappy .NET junk.

Take for example an average """zero-day""" in 2024: https://arstechnica.com/security/2024/07/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it/

This isn't even a vulnerability. It's just phishing that requires a user to have file extensions turned off, then download a dodgy as hell .PDF file that isn't one due to hidden extension, which then uses a milquetoast .hta trojan downloader that only works if one has IE enabled on Windows AND opens the .pdf in MS Edge to pull in reverse shell code via probably psexec of some sort.

There are so many steps one wonders why not just send a iamnotavirus.exe uac prompt and all to download, compile and run ransomware from vxunderground source code then and there.

Worrying about stuff like this in browser is akin to using a VPN on public WiFi to avoid MITM attacks, there's nothing wrong with it but there's basically nothing to actually worry about there.

What?

Who is it?

Literally who?

To me it's mostly the emphasis on consistency and routine that stood out. Best wishes