Posts
2511
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated

AWS Nitro Enclaves offer strong isolation for sensitive workloads but require careful security implementation. We cover key areas to help developers avoid common pitfalls and harden their enclave deployments. https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/

0
3
0
repeated
Edited 3 months ago

Today on no one should ever use yaml for anything:

2
4
0
repeated

Today is your last chance to register to my Windows Kernel Exploitation training delivered at in Paris/France https://www.hexacon.fr/trainer/halbronn/

0
2
0
[RSS] Going beyond the empty set: Embracing the power of other empty things

https://devblogs.microsoft.com/oldnewthing/20240923-00/?p=110297
2
1
5
repeated

nobody should "want to switch careers to security".

security shouldnt be "its own career".

it should be "becoming so good at the thing you are already good at, that you can perform security on that thing - like develoment, or SRE, or networking, or intelligence work". Eventually you get so good, you 'become security'.

which is why security has never, and will never be a 'starter career'. folks should get promoted into a security role from another role, like sysadmin/dev/network/etc.

6
3
0
repeated

eversinc33 🤍🔪⋆。˚ ⋆

Yesterday I finally finished part II of my anti rootkit evasion series, where I showcase some detections for driver "stomping", attack flawed implementations of my anti-rootkit, hide system threads via the PspCidTable and detect that as well. Enjoy!

https://eversinc33.com/posts/anti-anti-rootkit-part-ii.html

0
3
0
repeated

Finally, the second part of the blog post where we go from Windows Paged Pool Overflow to SYSTEM shell starting from Low Integrity https://3sjay.github.io/2024/09/20/Windows-Kernel-Pool-Exploitation-CVE-2021-31956-Part2.html have a great weekend everyone ;)

https://bird.makeup/@esj4y/1832774880464601573

0
5
0
repeated

Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning.

https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/

3
3
0
repeated

Safe C++: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2024/p3390r0.html

By the author of Circle, a C++ standards proposal that essentially plops a copy of Rust onto C++. Starting with lifetimes and borrow checking and unsafe blocks, but then: A new kind of reference type. A new kind of move constructor. A whole new standard library, which borrows some of Rust's naming conventions (‘send', 'sync') and even renames ‘shared_ptr’ to ‘arc’. Enums (‘choice types’) and pattern matching. Slice types.

I like it.

1
3
0
repeated

One of the funny bits that didn't make it into our sshamble talks in Las Vegas: OpenSSH for Windows writes to the event log, but no longer filters dodgy characters, so you can troll your local admins:

(recent webcast version at https://www.youtube.com/watch?v=G5yRpdNbdBs)

4
5
0
repeated
Edited 3 months ago

You have MacOS? You hate that you can't copy/paste in Citrix? You love hacky scripts that might break any time? I made something for you:
[floyd.ch blog post]
Citrix copy/paste circumvention on MacOS, CitrixCopyPasta
https://www.floyd.ch/?p=1401

0
1
0
repeated

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.
* Devs are still arguing about whether or not some of the issues have a security impact.

I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can't accept that their code is crap - responsible disclosure: no more.

1
3
0
repeated

IBM Datacenter on Toronto's King Street in 1963

0
4
0
repeated
Edited 3 months ago

back in 2013, @sima published a i915/GEM Crashcourse explaining the Linux kernel i915 GPU driver; I read that earlier this year, and it was really helpful for understanding what is going on in the i915 code and understanding the context of CVE-2024-42259.

I think without that explainer, it would have taken me a long time to understand what GTT MMIO mappings are. The idea that some physical address region owned by the GPU proxies physical memory accesses based on GPU page tables is pretty mindblowing...

0
1
0
repeated

Merry Jerry, powered by AI🎄🎅🕎⛄️❄️

Oh those sneaky bastards. I moved to moderated registrations on Infosec.exchange where new signups have to enter a reason for joining. That’s turned out to be a very good filter. Until now.

I just suspended an account for spam and looked at their reason for joining which was this:

I’m a cybersecurity enthusiast with a background in [your background, e.g., IT, software development]. I’m keen on sharing knowledge, staying updated on the latest security trends, and engaging with professionals in the field. I want to contribute to discussions on best practices and learn from the community to enhance my skills. Thank you for considering my application!

I wasn’t overly picky about reasons for joining - if it seemed like an actual person that was here for some reason other than marketing, seo, etc, I’d approve it. But this reason is clearly generated by an llm, and gave them an instruction to replace some text in brackets, which they did not do.

14
6
0
repeated

Project Zero Bot

New Project Zero issue:

Linux: i915: out-of-bounds PTE write in vm_fault_gtt() leads to PTE UAF

https://project-zero.issues.chromium.org/issues/42451707

CVE-2024-42259
0
8
6
[RSS] Exploiting Exchange PowerShell After ProxyNotShell: Part 3 - DLL Loading Chain for RCE

https://www.thezdi.com/blog/2024/9/18/exploiting-exchange-powershell-after-proxynotshell-part-3-dll-loading-chain-for-rce
0
0
0
repeated
repeated

Your efforts in saving energy matter!

"An AI-generated bot account was able to comment “PUSSY IN BIO” on 2.1 million Instagram posts, all thanks to you switching from AC to a big box fan that just kind of pushes the stale, hot air in your apartment around. We’re building a better world—together."

https://www.mcsweeneys.net/articles/the-department-of-energy-wants-you-to-know-your-conservation-efforts-are-making-a-difference

2
16
0
repeated

Here are the slides of my "Simple Machine Learning Techniques for Binary Diffing (with Diaphora)" talk given at the @44CON conference last week:

https://github.com/joxeankoret/diaphora-ml/blob/main/docs/diaphora-ml-techniques-44con-final.pdf

1
7
1
Show older