Rework fortnite #141
Rework fortnite #141
Conversation
| SAVE FORTNIGHT |
| This makes the build fail, and it's outside of the project scope. Do you even use the software? |
| tried running this commit and my entire firmware got nuked, did you even test this? |
| I believe this file is malicious and contains a backdoor Trojan horse known as an "IP logger", it can grab your discord token |
Cool but it is entirely possible that this file is exploiting a zero-day. Additional testing is required |
Security Alert: Zero-Day Exploit Detected in 'fortnite'OverviewThe Percury Mercshopians have identified a critical zero-day exploit embedded in a file named 'fortnite'. This malicious file is capable of executing unauthorized remote code, compromising sensitive data, and propagating across networked systems undetected. The exploit leverages sophisticated obfuscation techniques, making it exceptionally difficult to detect and mitigate using standard antivirus solutions. Technical AnalysisThe 'fortnite' file exhibits behavior characteristic of advanced persistent threats (APT), including but not limited to memory corruption, buffer overflow attacks, and privilege escalation. Initial analysis indicates that the file is programmed to establish a covert command and control (C&C) channel with external servers, allowing attackers to issue commands and exfiltrate data. Below are excerpts from the octet dump and relevant commands observed during the reverse engineering process: Octet DumpObserved Commands
Mitigation Steps
ConclusionThe 'fortnite' zero-day exploit represents a significant threat to organizational security. Immediate and comprehensive response measures are essential to mitigate the impact and secure network integrity. Continued vigilance and proactive security practices are recommended to defend against such advanced threats. For further assistance and detailed incident response, please contact our cybersecurity team at security@percurymerc.shop |
| @builtbyvys Thank you for this, I have forwarded this to the people at Mitre to get a CVE made for it. Will update on the status of this
|
| Looking into this... |
rifting left a comment
rifting left a comment There was a problem hiding this comment.
Please remove the IP logger and discord token stealer before I can proceed with reviewing the pull request
Co-authored-by: skibiditoilet510 <167944814+skibiditoilet510@users.noreply.github.com>
rifting left a comment
rifting left a comment There was a problem hiding this comment.
After a close examination of the file, it is shown that fortnite.jpg is vulnerable to the Colonthree CVE. Please update it as it is patched in the latest versions
| @Riftriot will have to work on fixing this in a future pull, I would be happy to help out |
| This is serious. This should be reverted immediately. |
| I am running it on my machine now, and see almost every unit test is failing. Did you even run them before merging this pull request? |
| Hey everyone, after reviewing the Colonthree CVE, I believe it's important to maintain a balanced perspective. While every vulnerability should be addressed, it's crucial not to inflate the severity beyond its actual impact. In this case, the exploit's scope seems limited, and with proper mitigation strategies in place, the risk can be effectively managed. Let's focus on constructive solutions rather than unnecessary panic. 💻🔒 #cybersecurity #github #CVE |
| This is not unnecessary panic. This is a case of a reckless contributor who merged a pull request that makes the majority of unit tests fail, as well as the build. Please consider your priorities when replying with comments such as these. |
This careless, and baseless sentiment will not be tolerated here. Delete this comment now, and stop downplaying serious threats. This is life ending. |
|
|
| Hey proudparrot2 and Cattn, I appreciate your feedback and understand the concerns you're raising. My intention wasn't to downplay the severity of the issue but to emphasize the importance of measured responses. Every vulnerability, including the Colonthree CVE, deserves our full attention and swift action to mitigate risks effectively. However, I believe that creating a sense of balance and not causing unnecessary panic is crucial for our collective progress. We need to address the CVE with the urgency it demands while also providing clear, constructive solutions and ensuring our community remains calm and focused. Let's work together to fix the build and unit test failures as a priority and develop a robust plan to prevent similar issues in the future. Collaboration and clear communication will help us navigate this challenge more effectively. 💻🔒 #cybersecurity #github #CVE |
| I agree, and hope the language used in your previous message is never repeated, as downplaying something of such high priority will have dangerous implications for future security. …On Tue, May 21, 2024 at 12:28 PM rift ***@***.***> wrote: Hey proudparrot2 and Cattn, I appreciate your feedback and understand the concerns you're raising. My intention wasn't to downplay the severity of the issue but to emphasize the importance of measured responses. Every vulnerability, including the Colonthree CVE, deserves our full attention and swift action to mitigate risks effectively. However, I believe that creating a sense of balance and not causing unnecessary panic is crucial for our collective progress. We need to address the CVE with the urgency it demands while also providing clear, constructive solutions and ensuring our community remains calm and focused. Let's work together to fix the build and unit test failures as a priority and develop a robust plan to prevent similar issues in the future. Collaboration and clear communication will help us navigate this challenge more effectively. 💻🔒 #cybersecurity #github #CVE — Reply to this email directly, view it on GitHub <#141 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQSFVQRUR5OV36OZSYFG3RTZDNY4VAVCNFSM6AAAAABHOFFIPGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRTGAYDKNZZHE> . You are receiving this because you commented.Message ID: ***@***.***> |
| e9x, we maintain a professional standard in this community, and your recent post is far from meeting it. Let's keep the discourse focused and respectful. Please refrain from such inappropriate content in the future. Let's work together to uphold the standards we expect from all members. 💻🔒 #cybersecurity #github #CVE |
8 participants
No description provided.