I have completed the FORCED ENTRY RCE + SBX chain with a PAC bypass. The calculator payload can be found here: https://t.co/voZRBSdgdD. I learned a lot about iOS exploitation and can't wait to share that in a blog post, which I'll release along with the code to generate this PDF. pic.twitter.com/sKNYU1ueX4

— jeff (@jeffssh) August 13, 2023

So many good Blackhat talks my reading list is long. Loved the Tesla talk - Physical attack mitigation is becoming more and more important https://t.co/xABJj3hJsW

“Furthermore, the ASP attack opens up the possibility of extracting a TPM-protected attestation key Tesla uses to…

— David Weston (DWIZZZLE) (@dwizzzleMSFT) August 13, 2023

Wow, so the judge overseeing the Google Search monopoly case is admitting that Google is too big NOT to be invested in.

Google is too big for Judge Mehta to avoid having a direct financial conflict of interest in the outcome of the case. Fascinating. https://t.co/Wd7nWh4otG

— Lee Hepner (@LeeHepner) August 13, 2023

Thanks to everyone who came to my DEF CON talk yesterday. I should have submitted for a 45 minute talk as I didn't have time to cover the DNS update capability of gssapi-abuse tool. DNS mode is super handy if you want to apply instant updates to AD DNS https://t.co/syW5QtTliw

— CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 (@EthicalChaos) August 13, 2023

Cult of the Dead Cow releases Veilid: A secure open-source Peer-to-Peer network for apps that flips off the surveillance economy

See https://t.co/xy5SMFgFW5#technology #privacy #opensource #socialnetworks #P2P pic.twitter.com/x8ieKCTncZ

— GadgeteerZA (@GadgeteerZA) August 13, 2023

Types of Target Article Responses, a 🧵:

1. Your Theory is Wrong: Evidence From My Work

2. Your Theory is Right: Evidence From My Work

3. Your Theory is Actually Just My Theory, Published In 1985

— M.J. Crockett (@mollycrockett) August 10, 2023

Another great writeup by @assetnote

Chaining our way to Pre-Auth #RCE in #Metabase (CVE-2023-38646)https://t.co/secgPHInOJ

— raptor@infosec.exchange (@0xdea) August 14, 2023

I've just published the paper "Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication" . Thanks for your interest on this research. https://t.co/bfxusH0bBd

— reversemode (@reversemode) August 14, 2023

Please read this & forward it to everyone you know who cares about technology in the UK.https://t.co/sBBOp7sQYr

The BBC have finally said it:

It's not just that the #OnlineSafetyBill risks everyone's privacy.

The Goverment are killing the tech industry in the entire UK.

— Alec Muffett (@AlecMuffett) August 13, 2023

Findings won’t be made public until about February. And even then, fixing flaws in these digital constructs — whose inner workings are neither wholly trustworthy nor fully fathomed even by their creators — will take time and millions of dollars. #defcon https://t.co/JMKxykWmcE

— Chris Wysopal (@WeldPond) August 14, 2023

Memory corruption, XSS, deserialization https://t.co/JluW4SxhXH

— joernchen (@joernchen) August 14, 2023

Making this deck for my Defcon AI Village keynote took an inordinate amount of time because it meant publicly murdering my darlings: the ~80% of MLsec R&D efforts I worked on over ~10 years and which never reached deployment🧵 pic.twitter.com/TCS8AinwIu

— Joshua Saxe (@joshua_saxe) August 13, 2023

Great IOActive research https://t.co/I5aWfIhF57

— Matt Suiche (@msuiche) August 13, 2023

Nobody has figured out how to make money from AI/ML other than by selling you a pile of compute and storage for your AI/ML misadventures.

— Corey Quinn (@QuinnyPig) September 15, 2019