Posts
2371Following
534Followers
1244Heretek of Silent Signal
buherator
buherator
https://devblogs.microsoft.com/oldnewthing/20240815-00/?p=110131
0
1
2
repeated
/r/netsec
_r_netsec@infosec.exchangeMSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://jjensn.com/at-home-in-your-firmware
0
1
0
repeated
Enjoy the old sch00l lulz:
Fuck You Ilfak - A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader
2
2
0
buherator
buheratorhttps://issues.chromium.org/issues/41314367
1
2
7
repeated
Zero Day Initiative
thezdi@infosec.exchangeMicrosoft fixed CVE-2024-38213 last Tuesday. It was discovered in the wild by ZDI threat hunter @gothburz. Today, he makes the details of the vulnerability and how it's being used by threat actors. https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections
0
2
0
buherator
buherator
1
0
3
buherator
buheratorhttps://i.blackhat.com/BH-US-24/Presentations/US24-Sialveras-Bugs-Of-Yore-Wednesday.pdf
#BHUSA2024 #BHUSA24
0
1
2
buherator
buheratorhttps://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf
#BHUSA2024 #BHUSA24
0
0
3
buherator
buheratorSlides: https://i.blackhat.com/BH-US-24/Presentations/US24-Xiao-Super-Hat-Trick-Exploit-Chrome-and-Firefox.pdf
Whitepaper: https://i.blackhat.com/BH-US-24/Presentations/US24-Xiao-Super-Hat-Trick-Exploit-Chrome-and-Firefox-Four-Times-wp.pdf
#BHUSA2024 #BHUSA24
0
0
2
repeated
Trail of Bits
trailofbits@infosec.exchangeTwo days ago, NIST finalized three post-quantum cryptography standards. Today, we are announcing an open-source Rust implementation of one of these standards, SLH-DSA, now available in RustCrypto! https://blog.trailofbits.com/2024/08/15/we-wrote-the-code-and-the-code-won/
0
3
0
repeated
Andrew Couts
couts@mastodon.socialNEW: Every Pixel phone released since 2017 has a hidden Verizon app, "Showcase.apk," with deep system access that has an unpatched flaw. Google's response to the vulnerability caused Palantir to ditch Android altogether. @lhn has the scoop: https://www.wired.com/story/google-android-pixel-showcase-vulnerability/
3
2
0
repeated
daniel:// stenberg://
bagder@mastodon.socialthe most recent hackerone issue was filed because the user googled "[another project] bug bounty program", clicked the first link (to #curl's bug-bounty) and entered an issue about a completely different project...
3
1
0
repeated
Joxean Koret (@matalaz)
joxean@mastodon.socialLong thread ahead about training a classifier of "good/batch matches" for #Diaphora.
So, the whole idea that I have been working on for quite some time already to try to, somehow, improve matching in Diaphora is the following: Train a model to better determine if a pair of functions in two binaries (ie, a match between a function A in binary X, and function B in binary Y) is correct or not.
1
1
0
repeated
mumblegrepper
mumblegrepper@flokinet.socialDid someone already create a tarpit that targets the AI scraping bots?
0
1
0
repeated
Yarden Shafir
yarden_shafir@bird.makeup
Just learned that in French cybersecurity threats are called "cybermenace" and I will only be using this term from now on
0
1
0
repeated
/r/netsec
_r_netsec@infosec.exchangeMixing watering hole attacks with history leak via CSS https://adepts.of0x.cc/css-history-leaks/
0
1
0
repeated
repeated
daniel:// stenberg://
bagder@mastodon.socialSo the Department of Energy emailed me
https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/
12
8
1
repeated
Zero Day Initiative
thezdi@infosec.exchangeThe folks from Xiaomi didn't pick up their Pwnie for Lamest Vendor Response, so we're keeping it safe for them until they decide to come accept it.
1
3
0