Posts
2460
Following
557
Followers
1265
A drunken debugger

Heretek of Silent Signal
repeated

The second article in our new series on research and is out!

Exploiting atdcm64a.sys arbitrary pointer dereference - Part 2:
https://security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-2/

This time, @ale98 covers how to craft PoCs for the arbitrary MSR read and arbitrary pointer dereference vulnerabilities described in his previous article, with step-by-step advice for debugging with .

Enjoy... and stay tuned for the third and last article next week.

0
2
0
repeated

My TamaGo talk at the recent @osfc_io is now online, if you are interested check it out!

https://www.osfc.io/2024/talks/tamago-bare-metal-go-for-arm-risc-v-socs/

0
2
0
repeated

dedicated to the brave reverse engineers

1
16
0
repeated

If you're using @zimbra, mass-exploitation of CVE-2024-45519 has begun. Patch yesterday.

Malicious emails are coming from 79.124.49[.]86 and attempting to curl a file from that IP.

0
4
0
[RSS] Zimbra - Remote Command Execution (CVE-2024-45519)

https://blog.projectdiscovery.io/zimbra-remote-code-execution/
0
0
0
repeated

A friend of mine (@GabrielGonzalez) has written a book about "Attacking and Securing U-Boot".
https://www.amazon.com/Attacking-Securing-U-Boot-Gabriel-Gonzalez/dp/B0DJ7M2JNN

1
4
0
repeated

An awesome video of live coding 6502 asm directly in Basic to produce music, with all the explanations on the way.
https://www.youtube.com/watch?v=ly5BhGOt2vE

0
1
0
repeated
Edited 1 month ago

Dutch intelligence agency warns that 'introducing a scanning application on every mobile phone with an associated infrastructure of management systems creates an extremely large and complex system. This complex system thereby accesses a large amount of mobile devices and the personal data on them. This ultimately results in a situation whose risks to digital resilience the AIVD considers too great.' đź’Ż https://mastodon.nl/@bert_hubert/113231287067384382

0
3
0
repeated

John Carmack on the value of simplicity over safetyness in C

1
1
0
repeated
repeated

bert hubert 🇺🇦🇪🇺

Edited 1 month ago

Pro-tip if you are searching for anything HTML, CSS or JavaScript related: add "mdn" to your query. This Mozilla project really is a work of love, maintained by hundreds of volunteers @openwebdocs and @MDN staff and contractors. https://developer.mozilla.org/en-US/docs/Learn

3
7
0
[RSS] Music production on Power: an adventure in porting

https://www.talospace.com/2024/09/music-production-on-power-adventure-in.html

:O
0
0
0
[RSS] Finding classes for exploiting Unsafe Reflection vulnerabilities in Java with Joern

https://blog.convisoappsec.com/en/finding-classes-to-exploit-insecure-unchecked-vulnerabilities-in-java-with-joern/
0
0
0
[RSS] Instrumenting an Apple Vision Pro Library with QBDI

https://www.romainthomas.fr/post/24-09-apple-lockdown-dbi-lifting/
0
0
0
repeated

I am wondering how many people and organisations genuinely have “opponent that can break into a cloud provider, steal hard disks, then extract coherent data from them outside of the cloud storage systems” in their threat model. Because I’m guessing in most cases such an adversary has easier and more effective ways to get at any at-rest data. Encrypting the drives a, for instance, RDS database is running on is not bad, but in most cases prioritising this over other security work seems like it’s driven by audit checkboxes rather than a full analysis. Do it, but fix the big ticket stuff first.

This may be an excessively cynical view.

2
5
1
repeated

Wouldn’t it be easier to make it illegal to trick, mislead, or defraud people?
https://alecmuffett.com/article/110438

0
1
0
repeated

Everyone was up in arms about the CUPS thing but this is much more serious: CVE-2024-45200 https://github.com/latte-soft/kartlanpwn

0
5
0
repeated

I bought a HTML template for a site I'm making. Typically I just pull the compiled html files out and make a standalone project which I maintain in a text editor. But, this time I figured it's time to learn modern web development so I tried using the toolchain it came with.

The toolchain consists of 3,446 dependencies, runs 15 processes, and uses 3 GB of ram. Unfortunately I can't run for president, but if I could I would run on the platform of making Node.js illegal.

9
16
0
Show older