August 14, 2023
August 14, 2023
I have completed the FORCED ENTRY RCE + SBX chain with a PAC bypass. The calculator payload can be found here: https://t.co/voZRBSdgdD. I learned a lot about iOS exploitation and can't wait to share that in a blog post, which I'll release along with the code to generate this PDF. pic.twitter.com/sKNYU1ueX4
— jeff (@jeffssh) August 13, 2023
So many good Blackhat talks my reading list is long. Loved the Tesla talk - Physical attack mitigation is becoming more and more important https://t.co/xABJj3hJsW
— David Weston (DWIZZZLE) (@dwizzzleMSFT) August 13, 2023
“Furthermore, the ASP attack opens up the possibility of extracting a TPM-protected attestation key Tesla uses to…
Wow, so the judge overseeing the Google Search monopoly case is admitting that Google is too big NOT to be invested in.
— Lee Hepner (@LeeHepner) August 13, 2023
Google is too big for Judge Mehta to avoid having a direct financial conflict of interest in the outcome of the case. Fascinating. https://t.co/Wd7nWh4otG
https://twitter.com/ethicalchaos/status/1690730216111357952
Cult of the Dead Cow releases Veilid: A secure open-source Peer-to-Peer network for apps that flips off the surveillance economy
— GadgeteerZA (@GadgeteerZA) August 13, 2023
See https://t.co/xy5SMFgFW5#technology #privacy #opensource #socialnetworks #P2P pic.twitter.com/x8ieKCTncZ
Types of Target Article Responses, a 🧵:
— M.J. Crockett (@mollycrockett) August 10, 2023
1. Your Theory is Wrong: Evidence From My Work
2. Your Theory is Right: Evidence From My Work
3. Your Theory is Actually Just My Theory, Published In 1985
Another great writeup by @assetnote
— raptor@infosec.exchange (@0xdea) August 14, 2023
Chaining our way to Pre-Auth #RCE in #Metabase (CVE-2023-38646)https://t.co/secgPHInOJ
I've just published the paper "Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication" . Thanks for your interest on this research. https://t.co/bfxusH0bBd
— reversemode (@reversemode) August 14, 2023
Please read this & forward it to everyone you know who cares about technology in the UK.https://t.co/sBBOp7sQYr
— Alec Muffett (@AlecMuffett) August 13, 2023
The BBC have finally said it:
It's not just that the #OnlineSafetyBill risks everyone's privacy.
The Goverment are killing the tech industry in the entire UK.
Findings won’t be made public until about February. And even then, fixing flaws in these digital constructs — whose inner workings are neither wholly trustworthy nor fully fathomed even by their creators — will take time and millions of dollars. #defcon https://t.co/JMKxykWmcE
— Chris Wysopal (@WeldPond) August 14, 2023
Memory corruption, XSS, deserialization https://t.co/JluW4SxhXH
— joernchen (@joernchen) August 14, 2023
Jae Bochs: "@chris_kirsch @dangoodin since we’re starting to …" - Infosec Exchange
@chris_kirsch @dangoodin since we’re starting to wind down, I’ll come clean: it me. Also to offer some reassurance: this was built with two purposes - to remind people to really shut off Bluetooth (I.e. not from control center) and to have a laugh. There’s no data collected, it’s just sending out BLE advertisement packets that don’t require pairing (and as such aren’t stopped by the control center toggle). Hoping by next DC to have it working with the new iOS17 “NameDrop” features, and po...
Making this deck for my Defcon AI Village keynote took an inordinate amount of time because it meant publicly murdering my darlings: the ~80% of MLsec R&D efforts I worked on over ~10 years and which never reached deployment🧵 pic.twitter.com/TCS8AinwIu
— Joshua Saxe (@joshua_saxe) August 13, 2023
Great IOActive research https://t.co/I5aWfIhF57
— Matt Suiche (@msuiche) August 13, 2023
Nobody has figured out how to make money from AI/ML other than by selling you a pile of compute and storage for your AI/ML misadventures.
— Corey Quinn (@QuinnyPig) September 15, 2019
Start the conversation: