My v8 jit optimization exploit for 34c3 ctf:
https://gist.github.com/itsZN/9ae6417129c6658130a898cdaba8d76c

BlazeFox firefox pwnable reference solution for BlazeCTF:
https://gist.github.com/itsZN/4dd40ff12d886e5b3984200a92c1a38a

Here is my exploit for @plaidctf V8 exploit challenge. Bug was an n-day patched in chrome 66.0.3359.117
https://gist.github.com/itsZN/73cc299b9bcff1ed585e6206d1ade58e

Ah yes, I remember buying that textbook

The state of sandbox evasion techniques in 2024 https://fudgedotdotdot.github.io/posts/sandbox-evasion-in-2024/sandboxes.html

Google Chrome security advisory: Stable Channel update for Desktop
4 security fixes, 2 externally reported by Cassidy Kim(@cassidy6564): CVE-2024-8362 (high) Use after free in WebAudio and CVE-2024-7970 (high) Out of bounds write in V8. No mention of exploitation.

#Google #Chrome #vulnerability #CVE

Ted Chiang as eloquent as ever:

"The selling point of generative A.I. is that these programs generate vastly more than you put into them, and that is precisely what prevents them from being effective tools for artists.

[...]

Many novelists have had the experience of being approached by someone convinced that they have a great idea for a novel, which they are willing to share in exchange for a fifty-fifty split of the proceeds. Such a person inadvertently reveals that they think formulating sentences is a nuisance rather than a fundamental part of storytelling in prose. Generative A.I. appeals to people who think they can express themselves in a medium without actually working in that medium. But the creators of traditional novels, paintings, and films are drawn to those art forms because they see the unique expressive potential that each medium affords. It is their eagerness to take full advantage of those potentialities that makes their work satisfying, whether as entertainment or as art.

[...]

The task that generative A.I. has been most successful at is lowering our expectations, both of the things we read and of ourselves when we write anything for others to read. It is a fundamentally dehumanizing technology because it treats us as less than what we are: creators and apprehenders of meaning. It reduces the amount of intention in the world."

Read the whole essay. It's brilliant. #ai

https://www.newyorker.com/culture/the-weekend-essay/why-ai-isnt-going-to-make-art

Probably the strangest chip that you'll see today: the Intel 2920, a digital signal processor (DSP) from 1979. It was the "first microprocessor capable of translating analog signals into digital data in real time." Chips are usually 16-bit or 32-bit, but this was a 25-bit processor. It didn't have any jump instructions, instead running code in a loop from the 192-word EPROM. Each instruction combined an ALU operation, a shift, and an analog I/O operation. 1/7

The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras.

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295m-for-security-failures-leading-to-breaches/

It seems Google is still in the process of migrating issues to the new P0 issue tracker, resulting in bumping old reports to the top.

Now the bot implements a filter that won't post issues with CVE's earlier than 2023.

[RSS] Reflections on RANDSTRUCT in GrapheneOS

https://dustri.org/b/reflections-on-randstruct-in-grapheneos.html

I recently saw an amazing Navajo rug at the National Gallery of Art. It looks abstract at first, but it is a detailed representation of the Intel Pentium processor. Called "Replica of a Chip", it was created in 1994 by Marilou Schultz, a Navajo/Diné weaver and math teacher. Intel commissioned the weaving as a gift to the American Indian Science & Engineering Society. 1/6

While Burp's browsers are devouring my disk space at least their disk usage diagram looks nice

We just published v4.1.0 of the eslint plugin `no-unsanitized`, which prohibits the usafe of XSS sinks (e.g., `innerHTML=` or `setHTMLUnsafe()`) without the use of a preconfigured sanitizer library.
The rule helps finding and preventing XSS in various Mozilla projects, including Firefox.
Technical Details at https://frederikbraun.de/finding-and-fixing-dom-based-xss-with-static-analysis.html and source at https://github.com/mozilla/eslint-plugin-no-unsanitized

[RSS] In the Windows kernel, what is a LUID, and what makes it loo-ey?

https://devblogs.microsoft.com/oldnewthing/20240830-00/?p=110198

[RSS] The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/

NVD are you okay?

We broke 10k stars on #GitHub! Remaining in the 1st and 2nd positions on #Google for, “Reverse Engineering Tutorial”. Special thanks to @0xinfection @hasherezade @fox0x01 @three_cube @binitamshah and all of you! #ReverseEngineering https://github.com/mytechnotalent/Reverse-Engineering