BlazeFox firefox pwnable reference solution for BlazeCTF:
https://gist.github.com/itsZN/4dd40ff12d886e5b3984200a92c1a38a

Here is my exploit for @plaidctf V8 exploit challenge. Bug was an n-day patched in chrome 66.0.3359.117
https://gist.github.com/itsZN/73cc299b9bcff1ed585e6206d1ade58e

Ah yes, I remember buying that textbook

The state of sandbox evasion techniques in 2024 https://fudgedotdotdot.github.io/posts/sandbox-evasion-in-2024/sandboxes.html

Google Chrome security advisory: Stable Channel update for Desktop
4 security fixes, 2 externally reported by Cassidy Kim(@cassidy6564): CVE-2024-8362 (high) Use after free in WebAudio and CVE-2024-7970 (high) Out of bounds write in V8. No mention of exploitation.

#Google #Chrome #vulnerability #CVE

Ted Chiang as eloquent as ever:

"The selling point of generative A.I. is that these programs generate vastly more than you put into them, and that is precisely what prevents them from being effective tools for artists.

[...]

Many novelists have had the experience of being approached by someone convinced that they have a great idea for a novel, which they are willing to share in exchange for a fifty-fifty split of the proceeds. Such a person inadvertently reveals that they think formulating sentences is a nuisance rather than a fundamental part of storytelling in prose. Generative A.I. appeals to people who think they can express themselves in a medium without actually working in that medium. But the creators of traditional novels, paintings, and films are drawn to those art forms because they see the unique expressive potential that each medium affords. It is their eagerness to take full advantage of those potentialities that makes their work satisfying, whether as entertainment or as art.

[...]

The task that generative A.I. has been most successful at is lowering our expectations, both of the things we read and of ourselves when we write anything for others to read. It is a fundamentally dehumanizing technology because it treats us as less than what we are: creators and apprehenders of meaning. It reduces the amount of intention in the world."

Read the whole essay. It's brilliant. #ai

https://www.newyorker.com/culture/the-weekend-essay/why-ai-isnt-going-to-make-art

Probably the strangest chip that you'll see today: the Intel 2920, a digital signal processor (DSP) from 1979. It was the "first microprocessor capable of translating analog signals into digital data in real time." Chips are usually 16-bit or 32-bit, but this was a 25-bit processor. It didn't have any jump instructions, instead running code in a loop from the 192-word EPROM. Each instruction combined an ALU operation, a shift, and an analog I/O operation. 1/7

The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras.

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295m-for-security-failures-leading-to-breaches/

I recently saw an amazing Navajo rug at the National Gallery of Art. It looks abstract at first, but it is a detailed representation of the Intel Pentium processor. Called "Replica of a Chip", it was created in 1994 by Marilou Schultz, a Navajo/Diné weaver and math teacher. Intel commissioned the weaving as a gift to the American Indian Science & Engineering Society. 1/6

We just published v4.1.0 of the eslint plugin `no-unsanitized`, which prohibits the usafe of XSS sinks (e.g., `innerHTML=` or `setHTMLUnsafe()`) without the use of a preconfigured sanitizer library.
The rule helps finding and preventing XSS in various Mozilla projects, including Firefox.
Technical Details at https://frederikbraun.de/finding-and-fixing-dom-based-xss-with-static-analysis.html and source at https://github.com/mozilla/eslint-plugin-no-unsanitized

NVD are you okay?

We broke 10k stars on #GitHub! Remaining in the 1st and 2nd positions on #Google for, “Reverse Engineering Tutorial”. Special thanks to @0xinfection @hasherezade @fox0x01 @three_cube @binitamshah and all of you! #ReverseEngineering https://github.com/mytechnotalent/Reverse-Engineering

this is my emotional support carwash. whenever I get sad I ssh into this Montenegrin carwash I found on shodan 12 years ago and spin the rollers a bit. makes me feel real again

I know that one should never, ever go to SciHub to find academic papers but is there a site one should never, ever go to for ISO/IEC standards documents?

Today is the 10 year anniversary of the first time I ever pwned anything!

My first exploit was a simple stack smash, overwrite return ptr, jump to admin function. This was an in internal recruiting CTF by @gaasedelen for the RPISEC

Before that day I had never even considered computer security and was primarily doing robotics.

You never know when a buffer overflow may change the very course of your life!

Years ago, I created a bot that posted Sun Tzu quotes, if Sun Tzu had written about cyber war. When X closed up API access that bot broke, and it never was high on my list of priorities to bring here. Well, I just fixed that. May I introduce you to @SunTzuCyber, which posts every 6 hours. The posts are set up as unlisted/quiet public, so they won't show up in timelines unless you follow it.

There's a large number of #FreeBSD, #OpenBSD, and #illumos users out there.

We don't talk much because it "Just Works™"

I was not able to prove this for a very long time, so I used the most powerful weapon available out there: asking!

https://www.reddit.com/r/selfhosted/comments/1f1hr4m/unix_but_notlinux_club/

Did you ever found firmwares for Tricore or v850 architectures accessing addresses starting with 0xa.. instead of the 0x80.. one? after so much research I end up learning that this is handled by the mmu which applies a cache layer on top of the same memory range. In other words: IDA lies by fake the references by dropping the 3rd bit, ghidra can't handle this, and r2 is again the only tool able to properly define this memory layout.

https://community.infineon.com/t5/AURIX/About-the-issue-with-lsl-files/td-p/676113#.

I may be late to the party but today I’ve learned that ASML has installed a kill switch into an extreme ultraviolet lithography machine it has sold to TSMC, allowing it to be shut down if China invades Taiwan.

https://www.datacenterdynamics.com/en/news/asml-adds-remote-kill-switch-to-tsmcs-euv-machines-in-case-china-invades-taiwan-report/