I’m teaching a short Embedded Device Security course for women beginning in 2 weeks. The amazing Australian Signals Directorate has heavily sponsored the cost, so if you’re keen on learning more about this, register here: events.humanitix.com/embedded-devic… InfoSect

hi, check out this tool for easy Linux kernel building and debugging - easylkb

worked on it together with @[email protected]! 💕

writeup: tmpout.sh/3/20.html
repo: github.com/deepseagirl/ea…

About to listen to Silvio Cesare present on Linux Kernel bugs at the CSC conference, while reading his 25 yo post on Unix Virus that tmp.0ut just released 🤩

Check it out, it's tmp.0ut Volume 3!

tmpout.sh/3/

chompie Dreg Love this. I had the same experience, tried to learn traditional C and assembly by reading books and boring courses, never went anywhere. Once I started shellcoding and writing malware I was hooked. Then I found the motivation to go back, read and research more

Dreg tbf, that stuff can be pretty boring without context

my main rec to beginners is start with a tangible goal. replicate an exploit, solve a challenge, etc. and then seek out resources to get there

reading an intel manual is a lot less painful while making progress on a goal

I published the slides for my talk at #SANS #Hackfest . I sort of hijacked my own talk to give my perspective on Offensive Security capability engineering, framing it with a practical example.

github.com/FuzzySecurity/…

I want to shout out mr.d0x and Adam Chester 🏴‍☠️ of course <3

Posting to save someone a headache:

As of Linux 5.18, CONFIG_DEBUG_INFO gets overridden by CONFIG_DEBUG_INFO_NONE, which disables debug builds. You must select which DWARF format to emit now in your kconfig, or no debug 🙃

ex. CONFIG_DEBUG_INFO_DWARF4=y

git.kernel.org/pub/scm/linux/…

lmfao

me looking through my past “research” ““notes””

Popular opinion 🚨
I’d love if Intel shared the details (or some basic PoC) of the privilege escalation path that the Intel engineers found.

This bug is particularly challenging to reverse engineer, I’d love to read more opinions on it.
intel.com/content/www/us…

me after solving the easiest CTF challenge in that category:

This has been a very interesting bug to analyze!

Every day we have ideas, spend all day experimenting and finish the day with a new hypothesis.

Progress can be measured by how much we've learnt (-:

Thought of an even easier way to do this: have the LD_PRELOAD raise RLIMIT_NOFILE to the max, then open /dev/null 1024 times. That way all fds used by the process will have to be numbered higher than 1024.

Florian: Offensive security researchers are self important narcissists that delude themselves into believing they are helping people
Me: oh

The video and slides of my talk 'A 3-Year Tale of Hacking a Pwn2Own Target...' are out. Hope this presentation somehow could be another reference to your next research!

➡️ Video: youtube.com/watch?v=uGofhl…
➡️ Slides: github.com/orangetw/My-Pr…

You've probably heard a lot of NTLM leaking techniques by now, but have you wondered leaking NTLM info via ports other than 445/SMB? This long-overdue blog post from me reveals an interesting trick which could leak NTLM via any port (e.g. port 80). research.checkpoint.com/2023/abusing-m…

new blog post and 0day exploit release for CANON ImageCLASS printers: haxx.in/posts/hacking-… 🖨️

Like writing exploits and want to make it a career? Want to know why offensive security researchers can do any cybersec job? Can AI replace them? I’ll be discussing this and more during my keynote at Hackfest next week. The whole conference will be streamed for free.

FBI wanted Apple to sign malicious firmware that would have disabled the passcode throttling mechanism.

Technically Apple could’ve done it behind closed doors and not just provided signed malicious firmware to the government.

On the other hand, this would’ve undermined the…