Show newer

I have taken a conscious decision to turn off notifications for boosts & favourites: the birdsite has programmed us to write content and then see how popular it is but we should not be writing content to be loved, at least i don't. I am here to have interesting discussions, to learn from others and to share what I believe is interesting or might be of interest.

"The end of Ego-boosting" :flan_think:

I have a spare ticket to EMF Camp that I would love to give away, especially to a woman or non-binary person interested in technology, a student, or anyone of various groups under-represented in tech.

Pedagogy problem : how to teach principles of sound fwd engineering concurrent with rev engineering?

Will experiment with transcribing SEI-corrected K&R exercises into asm for my own learning, but wonder if there’s a better way :-/

This talk contains an interesting idea: emulating Instruction Set Architectures on function-level granularity using NX/execute-disable to trap calls crossing ISA boundaries. The application is using QEMU in UEFI on Aarch64 to run x86_64 Option ROMs. This allows 64-bit ARM code to call x86_64 code, which is emulated, that in turn can call back into Aarch64 code etc.

Video: youtube.com/watch?v=uxvAH1Q4Mx
Slides: linux-kvm.org/images/b/b4/QEMU
Code: github.com/ardbiesheuvel/X86Em
Further info: suse.com/c/revolutionizing-arm

Researching Russian malware will inevitably land you in someone’s LiveJournal from a dozen years ago; can never shake the feeling that I ought to be leaving a note begging pardon for the intrusion.

profound guilt for encouraging technical brilliance to burn cycles battling policy ignorance + charlatanism X profound relief that policy may not be my garbage fire of residence for much longer

Good guy researcher, didn't make any logo/website to hype its paper 👌
SEVered: Subverting AMD’s Virtual Machine Encryption arxiv.org/pdf/1805.09604.pdf (PDF) t.co/ViUBo1g5Br

And courtesy of CIA FOIA Library click-holing, lessons in intelligence analysis from a mycotoxin CW attack in Kampuchean territory (Khmer Rouge-controlled Cambodia) near the Thai border in the mid-late 1970s cia.gov/library/readingroom/do

Courtesy of a birdsite flamewar with Lorian, here are colour-coded markups of the 2017 Wassenaar “intrusion software” decontrol (Note 1) Technical Notes showing their constituent moving parts, and the statement of understanding (Note 2) which makes them basically non-substantive.

The new local is called ‘High Side’ and now we’re getting a ‘Chubby Squirrel Brewing Company.’

I live in a meme.

Little offended that VV has closed both my old school and my old house :-/

Plans for 2018:

* a new hardware design to finalise including some CPU shenanigans,
* complete Malbolge on Setun and paper it,
* get some momentum behind H||GTFO.

Wondering what H||GTFO is? The idea is to add a “historical section” to PoC||GTFO and start collecting the history of hacking which is being lost. Those fancy CSR-1 hacks? The Cisco 12000 RCE? VAX RCEs? S/36 LPAR bypass? Now is the time to tell that story… where? horgtfo at my domain where PoC||GTFO lives (alchemistowl.org).

Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!