Wow that offer from Putin is certainly does give the impression that Trump is not the one in control, and that's the purpose I guess..

So I'm writing a tutorial on abusing the MAC framework in to create rootkits. Here's the repo that'll contain the PoC code used in the tutorial:

Hey guys and any interested reversers/others,

I made my own version of GP0's "mpscript" tool for exploration of the engine.

Here it is, along with an almost year-old MpEngine.dll (obviously vulnerable to the bug that GP0 found, in case anybody wants to investigate that further).

Private symbols are included for both binaries. (~Year-old Windows private symbols sets leaked somewhat recently.)

Mirror far and wide.

The most powerful duck in recent history is laming himself. Because he needs all his power to cover up the dirt...

Also reminder to self: remmber, never try to argue with people that basically only rely on straw man arguments.

Wow discussions on Twitter are so wonder they degrade into a shouting contest so quickly..

Constant time #AES is in #OpenBSD! T-tables are gone from #IPsec and other places where it matters. Matters for everything that doesn't have AES-NI. Time to upgrade your sparc64 VPN gateways and enjoy the slowdown!

Nothing about that here (in my timeline at least), seems like the mastodon hype worn off a bit, and people are back at twitter.. ;/

I decided to do a detailed explanation of the message replay attack that was presented together with @veorq at HITB, Infiltrate, and Troopers17:

Thinkpad's are not considered consumer PC's I guess since my x220 would be vulnerable if I had ran stock bios + AMT. Since it supports intel vPro on the chipset/cpu.

Better disable AMT while you still can...

Voice recognition seems to work better if you talk like a robot. Who is training who here?!

Back from , it was pretty great! Our talk on Signal went well and people apparently liked it (slides at: Now - Markus Vervier - Hunting for Vulnerabilities in Signal.pdf).
Now it's time to relax and getting rid of that cold..

We're working on a post-quantum sig scheme, hash-based, that we hope to submit to NIST. Code name: Gravity. May or may not rely on B2b and The hardest part is to design something simple enough yet fast and stateless. SPHINCS is fast and stateless but incomprehensible. Goldreich is stateless and simpler but inefficient. Looking for a middle ground.

Show older

The original server operated by the Mastodon gGmbH non-profit