December 29, 2023
December 29, 2023
Follow up on Triangulation’s hardware bypass
Hector Martin: "So some fun stuff was just presented at 37C3, and…" - Treehouse Mastodon
So some fun stuff was just presented at 37C3, and... I bet I have some answers. https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ First, yeah, the dbgwrap stuff makes perfect sense. I knew about it for the main CPUs, makes perfect sense it'd exist for the ASCs too. Someone had a lightbulb moment. We might even be able to use some of those tricks for debugging stuff ourselves :) Second, that "hash" is almost certainly not a hash. It's an ECC code**. I bet this is...
No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability
ASCII art: From a Commodity Into an Obscurity
A group of security researchers from Technical University in Berlin managed to get root access to @Tesla's Autopilot computer by exploiting Secure boot mechanism with voltage glitching. #37c3 #tesla #carhack pic.twitter.com/S4QBXWPJ5B
— Bogdan Djukic (@bdjukic) December 28, 2023
gonna take this opportunity to plug my nspredicate/nsexpression talk again. https://t.co/xi3zRz0GKg pic.twitter.com/mNks5Sz28P
— 𝚊𝚕𝚔𝚊𝚕𝚒 (@alkalinesec) December 28, 2023
HMS Wellesley - a ship of the line launched in 1815. Sunk by the Luftwaffe - 24 September 1940.
— Jimmy Bagpuss (@Jim_Bagnall) December 28, 2023
She was the last ship of the line to be sunk and the only one to have been sunk by air. pic.twitter.com/I3OMNIySQO
Indirect Prompt Injections in the Wild: real world exploits and mitigations 🧐🧵
— Ekoparty | Hacking everything (@ekoparty) December 28, 2023
Con el rápido crecimiento y el uso generalizado de la inteligencia artificial y los Modelos de Lenguaje Extensos (LLMs), los usuarios se enfrentan a un mayor riesgo de seguridad: estafas,… pic.twitter.com/1XfDyhJpvO
Microsoft (December 2021): Hey everybody, we've fixed CVE-2021-43890!
— Will Dormann (@wdormann) December 28, 2023
Microsoft (December 2023): Hey everybody, CVE-2021-43890 is being exploited in the wild!
The unspoken part (as far as I can tell): Whoops, we accidentally unfixed CVE-2021-43890 in April 2023.
🤦♂️ https://t.co/OOlBDY0g9O pic.twitter.com/TP7ZRcCBVF
I'm a big fan of how Glock would have been 69-70 and his assassin was 67. The mental image of an elderly weapons designer and an elderly French mercenary beating the shit out of each other with fists and a rubber mallet in a parking garage https://t.co/TvIEL44gGL
— TWINKDEFCON (@twinkdefcon) December 27, 2023
Oh ....... pic.twitter.com/o9g2uIFNAg
— TWINKDEFCON (@twinkdefcon) December 27, 2023
spy vs spy
— Rory Blank (@BoneJail) December 28, 2023
(2023 redraw) pic.twitter.com/tsQiCCFEtH
BurpSuite plugin for discovering AuthZ/AuthN vulnerabilities
GitHub - Quitten/Autorize: Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa...
“You are what you eat”
— Stone Cold Jane Austen (@AbbyHiggs) December 28, 2023
Me: pic.twitter.com/RHWyTcNLC0
Start the conversation: