I have taken a conscious decision to turn off notifications for boosts & favourites: the birdsite has programmed us to write content and then see how popular it is but we should not be writing content to be loved, at least i don't. I am here to have interesting discussions, to learn from others and to share what I believe is interesting or might be of interest.
"The end of Ego-boosting"
This talk contains an interesting idea: emulating Instruction Set Architectures on function-level granularity using NX/execute-disable to trap calls crossing ISA boundaries. The application is using QEMU in UEFI on Aarch64 to run x86_64 Option ROMs. This allows 64-bit ARM code to call x86_64 code, which is emulated, that in turn can call back into Aarch64 code etc.
Further info: https://www.suse.com/c/revolutionizing-arm-technology-x86_64-option-rom-aarch64/
Good 29A mirror with all zines present + intact http://dsr.segfault.es/stuff/website-mirrors/29A/main.html
And courtesy of CIA FOIA Library click-holing, lessons in intelligence analysis from a mycotoxin CW attack in Kampuchean territory (Khmer Rouge-controlled Cambodia) near the Thai border in the mid-late 1970s https://www.cia.gov/library/readingroom/docs/CIA-RDP84B00049R000400830010-1.pdf
Courtesy of a birdsite flamewar with Lorian, here are colour-coded markups of the 2017 Wassenaar “intrusion software” decontrol (Note 1) Technical Notes showing their constituent moving parts, and the statement of understanding (Note 2) which makes them basically non-substantive. #savedyoualawyer
Slides from my Hack in the Box closing keynote are up - Security is what we make of it: blockchain & beyond: https://conference.hitb.org/hitbsecconf2018ams/materials/CLOSING%20KEYNOTE%20-%20Amber%20Baldet%20-%20Security%20is%20What%20We%20Make%20of%20It%20-%20Blockchain%20and%20Beyond.pdf
Plans for 2018:
* a new hardware design to finalise including some CPU shenanigans,
* complete Malbolge on Setun and paper it,
* get some momentum behind H||GTFO.
Wondering what H||GTFO is? The idea is to add a “historical section” to PoC||GTFO and start collecting the history of hacking which is being lost. Those fancy CSR-1 hacks? The Cisco 12000 RCE? VAX RCEs? S/36 LPAR bypass? Now is the time to tell that story… where? horgtfo at my domain where PoC||GTFO lives (alchemistowl.org).
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!