🔐 Releasing LUKSbox: encrypted vaults that survive the next decade.

Drop sensitive files on any cloud or USB. The provider gets one random-looking blob they can't read, even under subpoena.

✅ FIDO2 (YubiKey, Titan, Nitrokey, Windows Hello)
✅ TPM 2.0 keyslots
✅ Post-quantum hybrid (ML-KEM-768/1024 - FIPS 203)
✅ Detached header → zero metadata on the container
✅ Linux / macOS / Windows
✅ Rust, Apache-2.0, 30M+ fuzz iterations

v0.1.0 is out. External audit next.

👉 https://github.com/PentHertz/LUKSbox

#infosec #encryption #postquantum #FIDO2 #rust #opensource #cryptography #penthertz

555 timer Integrated Circuit

This gem is now 55 years old! A wonderful history is described in this vid.

Naturally I also looked in the wikipedia and Encyclopedia Britannica to find goodies of the time this wonderful timer was build. Since no patent was filed you can find a billion versions of it, which is a nice variant on the patent theme

Wikipedia states

The timer IC was designed in 1971 by Hans Camenzind under contract to Signetics.[3] In 1968, he was hired by Signetics to develop a phase-locked loop (PLL) IC. He designed an oscillator for PLLs such that the frequency did not depend on the power supply voltage or temperature. Signetics subsequently laid off half of its employees due to the 1970 recession, and development on the PLL was thus frozen.[6] Camenzind proposed the development of a universal circuit based on the oscillator for PLLs and asked that he develop it alone, borrowing equipment from Signetics instead of having his pay cut in half. Camenzind's idea was originally rejected, since other engineers argued the product could be built from existing parts sold by the company

We are sure glad marketing was on good insticts then

The first design for the 555 was reviewed in the summer of 1971.[8] After this design was tested and found to be without errors, Camenzind got the idea of using a direct resistance instead of a constant current source, finding that it worked satisfactorily.[8] The design change decreased the required 9 external pins to 8, so the IC could be fit in an 8-pin package instead of a 14-pin package.[8] This revised version passed a second design review, and the prototypes were completed in October 1971 as the NE555V (plastic DIP) and SE555T (metal TO-5).[9] The 9-pin version had already been released by another company founded by an engineer who had attended the first review and had retired from Signetics; that firm withdrew its version soon after the 555 was released. The 555 timer was manufactured by 12 companies in 1972, and it became a best-selling product.[6]

Quite neat this was for us electronic tinkerers and engineers

The 555 found many applications beyond timers. Camenzind noted in 1997 that "nine out of 10 of its applications were in areas and ways I had never contemplated. For months I was inundated by phone calls from engineers who had new ideas for using the device."[8]

sources

https://en.wikipedia.org/wiki/555_timer_IC

https://www.youtube.com/watch?v=6JhK8iCQuqI

#electronics #timer #timer555 #555timer #IC #engineering #mathematics #physics #no #TV

Trenchant exec, Peter Williams, who stole zero-day exploits from his employer and sold them to a Russian buyer (known for selling exploits to the Russian government) has been ordered to pay $10 million in restitution to his former employer. My story about it is here:

https://www.zetter-zeroday.com/trenchant-exec-who-sold-zero-days-to-russian-buyer-ordered-to-pay-10-million-in-restitution-to-former-employers/

DistrictCon Year 1 Talks are officially live on our YouTube Channel! Check it out: https://youtube.com/watch?v=RDqXQ4nCOIE&list=PLILSGbVWGGPwuqdZhFrsf2sjEMPjIlceH

A HUGE shoutout to our incredible speaker line up that came out through the snow to share their amazing content with us.

The 3 recent Linux LPEs are sort of interesting in that each one took a different path from discovery to disclosure.

1. Copy Fail: Publicity stunt where they claim to have done the right thing, yet didn't bother to tell a single distro vendor, and lied about updates being available.
2. Dirty Frag: Attempted to do proper coordination, including notifying the linux-distros mailing list. But the embargo was broken, so it was disclosed unexpectedly ahead of time.
3. Copy Fail 2: Discovered as an n-day by looking at kernel commit logs and Spender noticing that it was copyfail-class

Each path had basically exactly the same outcome (No fixes at publication time). 😂

Well, that's a new captcha...

"I can see a bird in it from here," said Pooh. "Or is it a fish?"

A hands-on look at Microsoft’s Independent Guest Virtual Machine (IGVM) format inside OpenHCL’s `openhcl.bin`.

We unpack the fixed header, variable headers, data layout, and how IGVM measurement supports Confidential Computing with SEV-SNP and TDX.

🔗 https://blog.quarkslab.com/the-igvm-file-format.html

Paramiko is a pure-Python implementation of SSHv2. Recently, we worked with the Paramiko team on a security audit sponsored by @ostifofficial 🙏
Read a summary of our findings and find the full report here:
https://blog.quarkslab.com/paramiko-security-audit.html

While it's raining Linux LPEs, I suppose it's worth mentioning Copy Fail 2:Electric Boogaloo

Unlike CopyFail, this one works against Ubuntu 26.04, as it was only patched a few days ago

I am teaching an introduction to Linux binary exploitation class. We start with fundamentals, talking about micro/macro architecture, segmentation, paging, AMD64 changes/improvements, and so on.

In the class yesterday, we did a deep dive accompanied by the AMD manual about segmentation. It's easy to misinterpret many public texts that state "it's disabled/retired" when, in fact, just some features are ignored.

We still have the privilege level defined by segmentation (CS.CPL register); it's needed for 32-bit binaries running in CPU compatibility mode, and the GDT needs to be set up. Also, I showed the class how segmentation (CS.L) still controls the behavior of the processor as, depending on its value, instructions might behave differently. All of this was validated in real time on the VM through kernel debugging.

It seems like overkill to teach all those fundamentals just to learn about buffer overflows, format strings, and what could be done once arbitrary read/write is achieved in a modern Linux distribution, but I think it's valuable. I struggled in the past during binary and kernel exploitation, especially because I didn't understand much of those things well.

During the classes, I also learn important things. In my last Linux kernel exploitation class that took place a few years ago, my exploits stopped working. They exploit a race condition and were working fine, but I just happened to toggle the power mode from performance to power saver, and this interfered with the codes. Before that accident, I wasn't paying much attention to these details for several reasons. I then took the opportunity to read more about those technologies embedded in modern CPUs, and it has been rewarding.

I also learned some interesting things about glibc. As I have been playing with the kernel for most (or all?) of my professional career as a researcher, I didn't pay attention to lots of things. This week I just learned about dynamic and static TLS (Thread Local Storage). I had never imagined the scenario for dynamic TLS. Found some interesting things about it:

glibc: Major issue with Houdini
https://redhat.atlassian.net/browse/RHEL-39415%29

[PATCH] elf: Support recursive use of dynamic TLS in interposed malloc
https://inbox.sourceware.org/libc-alpha/8734p2h0t4.fsf@oldenburg.str.redhat.com/T/

A new TLS alloctor for glibc
https://youtu.be/JIkS4aLvQPg

A new TLS allocator for glibc
https://conf.gnu-tools-cauldron.org/media/opo25/submissions/LQTU3G/resources/tls_z0ToUZm.pdf

Non-technical teams are now shipping production vulns

Honestly, one of the things I like least about traveling for work is having to wear pants. Seems like we should have moved past this expectation by now