FreeACS-Pwn, the (nasty) PoC exploit for FreeACS is now on the github of exploits myself/colleagues release.

github.com/XiphosResearch/expl

More "Feature Complete" version of the sploit-chucker with options for proper world domination coming as soon as we are finished with QA/test.

Slides/0day ready (pretty much) for the conference on Friday.
What is not ready is myself, lol.

Hmmm. mastodon.social is kicking out some 500 errors. And federation is still behind?

So, who is going to be the first to make a Mastodon instance available via Tor Hidden Service or i2p eepsite then?

Heh. I wonder if Tenable are going to add detections for vulnerabilities in their own products.

Always love reading about super hilarious vulns in the buggy bloatware produced by the "security industry".

aspe1337.blogspot.co.uk/2017/0

The Plasma decompiler is pretty amazing, based on Capstone/Keystone.

Below is the "Hello World" decompilation compared to source to show how super readable the output is.

Also can generate xref/callgraphs (like IDA!) except, well, it costs less and uses xdot!

It also does MIPS, ARM bins!

Guess its gonna probably suffice for my decompiling needs for a while as I can't afford IDA/Binja.

Github: github.com/plasma-disassembler

mastodon.social/media/9E4MnsEP

This is some awesome work. Remotely compromising the Broadcom WiFi SOC via crafted WiFi packets.
Cannot wait for the part 2, wherin they go from WiFi chip to operating system kernel...
Radiowaves? more like pwnwaves!
googleprojectzero.blogspot.co.

kek. the silly green ticks beside peoples names on this are basically like self signed ssl certs.

Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!