cleptho boosted

CloudFail : Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network github.com/m0rtem/CloudFail

cleptho boosted

Intel AMT drama: Show more

cleptho boosted

VM escape - QEMU Case Study (April 28, 2017)
by Mehdi Talbi & Paul Fariello
phrack.org/papers/vm-escape-qe

In this paper, we provide a in-depth analysis of CVE-2015-5165 and CVE-2015-7504. We discuss the technical details to exploit the vulnerabilities on QEMU's network card device emulation, and provide generic techniques that could be re-used to exploit future bugs in QEMU.

via twitter.com/Dinosn

cleptho boosted
cleptho boosted
cleptho boosted

Equation Group Dump Analysis and Full RCE on Win7 Fully Patched with Cobalt Strike
trustedsec.com/blog/equation-g

Shadow Brokers leaked additional tools reportedly from the Equation Group
steemit.com/shadowbrokers/@the

cleptho boosted

The one company that gets IoT security right is the one you'd least expect: Ikea mjg59.dreamwidth.org/47803.htm

cleptho boosted

EVENTSTART IS isec.pl's do_brk masterpiece (hatorihanzo.c).

cleptho boosted

Disclosing "cellphone contacts and social-media passwords" goes beyond having "nothing to hide". It jeopardises other people that trust you.

I can tolerate the TSA pat-downs, but you can't ask me to make decisions with the rights of others.

wsj.com/articles/trump-adminis

cleptho boosted

The GCC Internals guide: gcc.gnu.org/onlinedocs/gccint/ - very useful reference for looking up, but not a good tutorial starting point

Essential abstractions in GCC course slides, exercises, notes: cse.iitb.ac.in/grc/gcc-worksho - a little dated now but still excellent starting point for understanding GCC

RISC-V LLVM patches: github.com/lowRISC/riscv-llvm - nice series of patches for understanding how to add a backend to LLVM

cleptho boosted

It's exciting and reassuring to see Justin Schuh proselytizing on the fact that users should *not* make security decisions in an application. It's the app's job to work on behalf of the user. If a user is given the opportunity to make a poor security decision, they will. They shouldn't have the choice.

Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!