Wow that offer from Putin is poisened...it certainly does give the impression that Trump is not the one in control, and that's the purpose I guess..

So I'm writing a tutorial on abusing the MAC framework in to create rootkits. Here's the repo that'll contain the PoC code used in the tutorial: github.com/SoldierX/freebsd_ma

Hey guys and any interested reversers/others,

I made my own version of GP0's "mpscript" tool for exploration of the engine.

Here it is, along with an almost year-old MpEngine.dll (obviously vulnerable to the bug that GP0 found, in case anybody wants to investigate that further).

Private symbols are included for both binaries. (~Year-old Windows private symbols sets leaked somewhat recently.)

Mirror far and wide. rol.im/mpscript.rar

The most powerful duck in recent history is laming himself. Because he needs all his power to cover up the dirt...

Also reminder to self: remmber, never try to argue with people that basically only rely on straw man arguments.

Wow discussions on Twitter are so broken...no wonder they degrade into a shouting contest so quickly..

Constant time #AES is in #OpenBSD! T-tables are gone from #IPsec and other places where it matters. Matters for everything that doesn't have AES-NI. Time to upgrade your sparc64 VPN gateways and enjoy the slowdown!

Nothing about that here (in my timeline at least), seems like the mastodon hype worn off a bit, and people are back at twitter.. ;/

I decided to do a detailed explanation of the message replay attack that was presented together with @veorq at HITB, Infiltrate, and Troopers17:

pwnaccelerator.github.io/2017/

Thinkpad's are not considered consumer PC's I guess since my x220 would be vulnerable if I had ran stock bios + AMT. Since it supports intel vPro on the chipset/cpu.

Better disable AMT while you still can...

Voice recognition seems to work better if you talk like a robot. Who is training who here?!

Back from , it was pretty great! Our talk on Signal went well and people apparently liked it (slides at: Nowhttps://conference.hitb.org/hitbsecconf2017ams/materials/D2T1 - Markus Vervier - Hunting for Vulnerabilities in Signal.pdf).
Now it's time to relax and getting rid of that cold..

We're working on a post-quantum sig scheme, hash-based, that we hope to submit to NIST. Code name: Gravity. May or may not rely on B2b and github.com/veorq/blabla. The hardest part is to design something simple enough yet fast and stateless. SPHINCS is fast and stateless but incomprehensible. Goldreich is stateless and simpler but inefficient. Looking for a middle ground.

Show more
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!