brainsmoke boosted

On the off chance that Peter Bosch and I win a pwnie for our SPI flash TOCTOU research, I hope that the award organizers swap out the prize at the last second before handing it over. pwnies.com/nominations-2019/

brainsmoke boosted

No flash, only DRAM!

When developing open firmware like coreboot and LinuxBoot, or doing research into early boot security, you end up waiting all the time on the SPI flash chips erase and write cycles. spispy replaces the slow flash with an open source FPGA and DRAM controller for instant updates.

github.com/osresearch/spispy

I wrote some ptrace() code so you won't have to:

- trace whole process trees
- attach to running processes
- automatically resolve hardware breakpoints on library load
- inject syscalls
- minimal tracer in <90 LoC

github.com/brainsmoke/ptrace-b

That time when you start making a presentation, and now I have an xml parser script to show/hide arbitrary layers in inkscape generated SVGs and a Makefile with automated dependency generation to combine them in a slide-deck

Basically: get the server to instantiate an object of arbitrary class, pick an RMI object, exploit the resulting RMI server with .

Show thread

If you run Code42 CrashPlan, you'll want to verify whether your firewall filters unused TCP ports blog.radicallyopensecurity.com

Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!