Seriously, someone wants to attack my Raspberry Pi ?
https://nvd.nist.gov/vuln/detail/CVE-2018-18068
Future 'con presentations have to come from somewhere, even if they present no real world threat. In this case I suspect this is probably what is going on here.
Somehow I skipped over this information when skimming my daily CVE browsing the past few days.
Food for thought.
- b/eads
Why not? If I send you a cool app and you run it granting me access to your network, I poke around the network and see Linux running on a Pi, if I can pivot to that then I would try all the privesc methods at my disposal. Now your Pi is being used as a C2 server or whatever else the threat actor wants 😉