Ahh the joy of moving...

On the plus side, I found an old VHS recording of one of the benefit shows did while in college.

Here's a snippet of a guitar solo (circa 1989-1992) with prog-metal band Raymaker at Berklee College, benefiting the Pine Street Inn homeless shelter.

From 12am to 5-6am I would be at MIT hacking in the Athena clusters... the rest of the time shedding (practicing/studying).

Nowadays I actually need sleep!


Mudge boosted

Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. debian.org/News/2017/20170417

@cynicalsecurity no worries :) thanks for the extra data. Fascinating!

@cynicalsecurity not surprising to hear that modern thought on Starfish Prime is that it was overstated.

Do you have any pointers or references to these interpretations?

I'd like to read more.


@cynicalsecurity I like armscontrilwonk's work. Additionally, I haven't seen any reports on efforts towards high gamma yield from NK but I acknowledge that media coverage in the topic is likely very opinionated in slant (and that they may not be going that direction at all).

Not sure what you're disagreeing with, as I was stating that I find it an interesting thought that I had not really considered before, but I do appreciate your comments and armscontrolwonk has some good work :)

Fascinating to consider North Korea's missile efforts aimed at delivering a nuclear EMP rather than traditional nuclear ordnance.

Explode high in the air w/o requiring the precision or re-entry capability of traditional ICBMs.

Changes whole flavor of the aperiodic missile launches from NK into Sea of Japan.

Interesting writeup / sources:


Great Frank Rieger writeup:


@HalvarFlake in larger organizations and agencies, people and teams specialize. I'm sure you see it in your corporate experiences.

I remember bursting into laughter walking through the halls of NSA when I heard: "specialization... it's not just for insects!". Very true!

More specialization and focus is needed to eek out the remaining wins in a well picked over field. What I don't see, and I think of you as a kindred soul here, are lots of folks really looking for new *applied* green fields. :)

@donb cool, please share with me earlier if you can.

Other off the top of the head tricks (some need a different sig):

Password: quarantine pw files that aren't encrypted

username: utmp/wtmp

syslog to local/remote: zorch certain logs based on log level etc.

Browser strings: logs

DNS additional records: local lookup caches

SMTP X-headers: mail files/spools

Anything across the net to bork IDSes running AV.

This is a gift that keeps on giving!

Other ideas?

Have fun planting virus signatures in strange places that touch remote disks somehow/somewhere.


Change your mail sig to:

Or send it in a browser var, as a password (quickly find the sites that don't encrypt passwords), send to open syslogs, etc.

The some AV actually delete/quarantine the file (weblogs, mailspool, {u,w}tmp etc.)!

What are your ideas?

Inspired by: sec.cs.tu-bs.de/pubs/2017-asia

Off topic for infosec... but...

Gonna miss my BJJ friends and family in Boston.

Here's the serious photo they took with me... and then here's the one right afterwards where they jumped me and choked me out. It was all fun and games but notice that Andy (bjj black belt behind me) actually has a serious choke in place, hence how red in the face I'm getting. It was only a few more moments before... thud!

Love my friends :)

BTW - if you're into exploit/RE, I honestly encourage trying some BJJ!

Mudge boosted

Brilliant <thing on other network we don't talk about> by @Mudge:


"This is a brilliant tactic. There are so many others like this because the AV community keeps thinking this is a one-move game... Kudos!"

That definition of the strategy of the AV community is absolutely perfect. Depth: zero.

@tqft @HATF Jonathan MacDowell ( @planet4589 over on that other social network), is a super nice guy and very approachable. He would be whom I would ask for pointers outside of govt. channels.

@Tanuki @PrincessOfCats I'm not thinking DoS as the goal... I'm thinking of forcing some assumptions to become invalid by the 'host' application where malloc()s start to fail that may not be correctly checked... or better yet invalidating some formal proof assumptions of environment.

@Tanuki @PrincessOfCats the ASLR aspect should be derived from the original process by the loader no? Are you able to get strange responses from the base program by maxing out your memory footprint? Can you do this recursively?

I think it sounds pretty cool. There's gonna be something interesting you can do with it, even if it's not classical code exec :)

Mudge boosted

So, we are currently invading mastodon.social on two fronts - French social media, and the migration of from twitter :P

We should probably make @Gargron 's life easier and help the guy out; patreon.com/user?u=619786

Please boost! (it's the new RT, right?)

I really appreciate the work of the Broadcom exploit by P0 (cool that Halvar gets a shoutout)!

Constructive observation:

I wish people writing exploit-reports would start with the reveal or outcome and *then* show how they got there.

Too often the author takes the reader on the full journey from the the start. The problem is that the author already has end-result context but the reader does not.

The reader, at the end, is forced to re-parse earlier elements when they get the final context.

@PrincessOfCats couldn't agree more. That's the whole stack at CITL. The only diff is that doing it at scale (static and dynamic) allows corners to be cut (the really expensive ones), because we want a high accuracy of prediction without having to do the full proof-work.

@thegrugq I used a 'handle' for a different purpose: To hide coloring (but irrelevant) features of myself: age, race, gender, orientation. The goal was to have people process the information being presented w/o triggering their own prejudices.

Worked somewhat: NY Times thought I was 40s when I was young 20s, and others ascribed backgrounds that allowed the messages to resonate with themselves.

Didn't work other times: hiding name ~= assumption of some sort of illegality.

@PrincessOfCats @NickDe ugh. I'm such a Luddite now :/

Here I was, sitting around waiting for a channel split...

awoo mode huh?

Show older

The original server operated by the Mastodon gGmbH non-profit