Slides for my @ekoparty talk "Advanced Fuzzing
With #LibAFL"

• >https://docs.google.com/presentation/d/1ILXdsBx6JJbsf3uq-_hSeYux-a0DRRPxebOY65EDE5o/edit?usp=sharing

A bit of history.

On September 5, 1977,
the Voyager 1 hardware
was yeeted towards interstellar space.

Four years later, in 1981, the backup S-band portion of the communications hardware was shut off.

In October of 2024, after a partial degradation of the primary X-band communications interface, the backup S-band communications automatically came back online due to the fault, after a period of 43 years offline.

THAT is appliance-grade engineering.

Just registered the 38c3 assembly "ITAR Violators". Hope to see your ITAR controlled items!

Google Security: Retrofitting Spatial Safety to hundreds of millions of lines of C++
Google is retrofitting secure-by-design principles to their existing C++ codebase wherever possible, including bringing spatial memory safety into as many codebases. It has already made a noticeable impact, from preventing exploits, reducing crashes and improving code reliability/easier debugging.

#google #security #securebydesign #memorysafety #vulnerability #memory #infosec #cybersecurity

Missed out on the action at #r2con2024 in Barcelona? #NowSecure researcher and #radare2 co-creator @pancake put together a recap of all three days, including all the recordings, slides, and GitHub repositories. Check it out here: https://www.nowsecure.com/blog/2024/11/15/nowsecure-at-r2con2024-top-takeaways-and-mobile-security-highlights/?utm_source=mastodon

A huge thanks to everyone who joined us and made this comeback event a success after a 5-year break! #r2con #radare #frida

Pandoc compiled to Wasm (WebAssembly), which enables live conversions in the browser.

• Live demo: https://tweag.github.io/pandoc-wasm/

• Repository: https://github.com/tweag/pandoc-wasm

Amazing work by @terrorjack and the ghc-meta-wasm folks!

#pandoc #Wasm #ghc

Yet another memory corruption bug caught thanks to -Wflex-array-member-not-at-end! 🐛🪲🐧

https://lore.kernel.org/linux-hardening/ZzZ-cd_EFXs6qFaH@kspp/

The maintainer has already taken this patch, and it will soon land in mainline and a couple of stable trees. 😃🐧

If you'd like to learn more about this work, feel free to check out this presentation:

https://embeddedor.com/blog/presentations/#Enhancing_spatial_safety_Fixing_thousands_of_-Wflex-array-member-not-at-end_warnings_LPCEU

This work aims to eradicate these types of memory corruption vulnerabilities from the kernel once and for all. 😀🙌🏽

Kernel Self-Protection Project ⚔️🛡️🐧

@cR0w

For your amusement: https://dotdotslash.ing/

Unpatched 0day in an enterprise firewall management interface? Must be Friday https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/

Reproducing CVE-2024-10979: A Step-by-Step Guide https://redrays.io/blog/reproducing-cve-2024-10979-a-step-by-step-guide/

See the latest iOS inactivity reboot in action! 🔒

iOS 18 comes with improved anti-theft measures. Three days w/o unlock, the iPhone will reboot, preventing thieves from getting your data.

Inactivity reboot puts your iPhone into "Before First Unlock" state, effectively locking encryption keys in the Secure Enclave Processor. Even if thieves leave your iPhone powered on for a long time, they won't be able to unlock it with cheaper, outdated forensic tooling. (1/2)