Markus Vervier ๐พ @marver@mastodon.social
Security Chief Rocka @ X41
Joined Apr 2017
Wow that offer from Putin is poisened...it certainly does give the impression that Trump is not the one in control, and that's the purpose I guess..
Markus Vervier ๐พ
boosted
So I'm writing a tutorial on abusing the MAC framework in #FreeBSD to create rootkits. Here's the repo that'll contain the PoC code used in the tutorial: https://github.com/SoldierX/freebsd_mac_rootkits
Markus Vervier ๐พ
boosted
Hey #infosec guys and any interested reversers/others,
I made my own version of GP0's "mpscript" tool for exploration of the #MpEngine #JavaScript engine.
Here it is, along with an almost year-old MpEngine.dll (obviously vulnerable to the bug that GP0 found, in case anybody wants to investigate that further).
Private symbols are included for both binaries. (~Year-old Windows private symbols sets leaked somewhat recently.)
Mirror far and wide. https://rol.im/mpscript.rar
The most powerful duck in recent history is laming himself. Because he needs all his power to cover up the dirt...
Also reminder to self: remmber, never try to argue with people that basically only rely on straw man arguments.
Wow discussions on Twitter are so broken...no wonder they degrade into a shouting contest so quickly..
Markus Vervier ๐พ
boosted
Nothing about that #oauthworm here (in my timeline at least), seems like the mastodon hype worn off a bit, and people are back at twitter.. ;/
I decided to do a detailed explanation of the message replay attack that was presented together with @veorq at HITB, Infiltrate, and Troopers17:
Markus Vervier ๐พ
boosted
Thinkpad's are not considered consumer PC's I guess since my x220 would be vulnerable if I had ran stock bios + AMT. Since it supports intel vPro on the chipset/cpu.
Better disable AMT while you still can...
Markus Vervier ๐พ
boosted
New #Phrack paper feed: "VM escape - QEMU Case Study" by Mehdi Talbi & Paul Fariello:
Markus Vervier ๐พ
boosted
Phrack <3
Markus Vervier ๐พ
boosted
Voice recognition seems to work better if you talk like a robot. Who is training who here?!
blast from the past: http://web.mit.edu/~simsong/www/ugh.pdf
#noninfosec -- in times of cloud-rap there is still hope for Hip-Hop: https://www.youtube.com/watch?v=bFbbVX5lh88
A nice instance of compiler introduced vulnerabilities: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
Now should I go look for these in rust and swift compilers?
E_NOTIME
Would love to know more about this (and discuss here with more chars...): https://twitter.com/oe1cxw/status/854665583278927872
Back from #hitb, it was pretty great! Our talk on Signal went well and people apparently liked it (slides at: Nowhttps://conference.hitb.org/hitbsecconf2017ams/materials/D2T1 - Markus Vervier - Hunting for Vulnerabilities in Signal.pdf).
Now it's time to relax and getting rid of that cold..
At HITB in Amsterdam now.
Markus Vervier ๐พ
boosted
We're working on a post-quantum sig scheme, hash-based, that we hope to submit to NIST. Code name: Gravity. May or may not rely on B2b and https://github.com/veorq/blabla. The hardest part is to design something simple enough yet fast and stateless. SPHINCS is fast and stateless but incomprehensible. Goldreich is stateless and simpler but inefficient. Looking for a middle ground.
Security Chief Rocka @ X41
Joined Apr 2017
