So I'm writing a tutorial on abusing the MAC framework in #FreeBSD to create rootkits. Here's the repo that'll contain the PoC code used in the tutorial: https://github.com/SoldierX/freebsd_mac_rootkits
Hey #infosec guys and any interested reversers/others,
I made my own version of GP0's "mpscript" tool for exploration of the #MpEngine #JavaScript engine.
Here it is, along with an almost year-old MpEngine.dll (obviously vulnerable to the bug that GP0 found, in case anybody wants to investigate that further).
Private symbols are included for both binaries. (~Year-old Windows private symbols sets leaked somewhat recently.)
Mirror far and wide. https://rol.im/mpscript.rar
Nothing about that #oauthworm here (in my timeline at least), seems like the mastodon hype worn off a bit, and people are back at twitter.. ;/
I decided to do a detailed explanation of the message replay attack that was presented together with @veorq at HITB, Infiltrate, and Troopers17:
New #Phrack paper feed: "VM escape - QEMU Case Study" by Mehdi Talbi & Paul Fariello:
blast from the past: http://web.mit.edu/~simsong/www/ugh.pdf
#noninfosec -- in times of cloud-rap there is still hope for Hip-Hop: https://www.youtube.com/watch?v=bFbbVX5lh88
A nice instance of compiler introduced vulnerabilities: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
Now should I go look for these in rust and swift compilers?
E_NOTIME
Would love to know more about this (and discuss here with more chars...): https://twitter.com/oe1cxw/status/854665583278927872
Back from #hitb, it was pretty great! Our talk on Signal went well and people apparently liked it (slides at: Nowhttps://conference.hitb.org/hitbsecconf2017ams/materials/D2T1 - Markus Vervier - Hunting for Vulnerabilities in Signal.pdf).
Now it's time to relax and getting rid of that cold..
We're working on a post-quantum sig scheme, hash-based, that we hope to submit to NIST. Code name: Gravity. May or may not rely on B2b and https://github.com/veorq/blabla. The hardest part is to design something simple enough yet fast and stateless. SPHINCS is fast and stateless but incomprehensible. Goldreich is stateless and simpler but inefficient. Looking for a middle ground.
Security Chief Rocka @ X41