June 4, 2024
June 4, 2024
I recently found an exploitable timing leak in the reference implementation of Kyber (ML-KEM), the soon-to-be NIST standard for post-quantum key encapsulation.
— Antoon Purnal (@PurnalToon) June 3, 2024
Let’s see if you can spot it in the source code - msg is secret: pic.twitter.com/rAhmc9n9oF
Thread by @PurnalToon on Thread Reader App – Thread Reader App
@PurnalToon: I recently found an exploitable timing leak in the reference implementation of Kyber (ML-KEM), the soon-to-be NIST standard for post-quantum key encapsulation. Let’s see if you can spot it in the source...…
Short introduction to Linux kernel exploitation for beginners
— 0xor0ne (@0xor0ne) June 3, 2024
Series by @k3170Makan
Debugging with QEMU: https://t.co/MFkoXhjCXP
Stack Overflows: https://t.co/E6meVjl5ub
RIP control: https://t.co/mIdgQs4F0f#Linux pic.twitter.com/teFwBbrTUS
I actually take the existence of the database as a good sign. They are systemically tracking where they have problems. It’s a demonstration of a culture looking to do things right and improve. The leaking of the database is another issue, however.
— Rob Joyce (@RGB_Lights) June 3, 2024
I agree with Rob here. I would be concerned if Google or any other company were not tracking privacy incidents.
— Steve Weis (@sweis) June 3, 2024
Privacy and security incidents occur in every product. Nobody is getting it perfect all the time. Responding to them and fixing issues is what makes a difference.
Chaining hardcore bugs to take over chromium renderer. Always exciting :)https://t.co/8kPhl872Jf
— Gil Dabah (@_arkon) June 2, 2024
Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.
— Kevin Beaumont (@GossiTheDog) June 2, 2024
Guide from @thebookisclosed
The devices launch THIS MONTH to customers so I suggest people look at this. https://t.co/Uj4YjcQBiN
—
On challenges to quantum-resistant encryption. "the conclusion was pretty devastating, breaking essentially all of the lattice-based...encryption schemes and coming significantly closer to attacks against the recently proposed (& NIST-approved)...schemes" https://t.co/DviWz5QHdH pic.twitter.com/kdTaWTG9gU
— Shashank Joshi (@shashj) June 3, 2024
Here's the code (circa XP) that determines whether or not you can kill a Windows process. Of course, you need to have sufficient rights, but if it's not in this list of 5 important processes, you can kill it.
— Dave W Plummer (@davepl1968) June 1, 2024
Task Manager goes to significant lengths to be able to kill a… pic.twitter.com/cmUUOpUtsO
We usually think of HDMI in a video sense, but did you know it can also be used as a general-purpose high speed data transfer?
— LaurieWired (@lauriewired) June 2, 2024
Steve Markgraf made a really interesting project using cheap, hdmi capture dongles for fpga data acquisition.https://t.co/ICDfGkzNDn pic.twitter.com/WIgXvIf9dU
This is the definition of a hacker in the purest sense.
— LaurieWired (@lauriewired) June 2, 2024
Using a protocol in a way the original engineers probably never even dreamt of, but extremely useful nevertheless. You can find his full talk at CCC here:https://t.co/xejvmXknDn
The average Microsoft Developer Community experience 🤖 pic.twitter.com/mnYOWrBdo5
— Joshie 🐸✨ 🐀 (@phys_ballsocket) June 3, 2024
🚨🚨🚨 PoC DROP! Full Details of the CVE-2024-4358 are out now!, a deserialization issue 🔥 chained with an authentication bypass 🪲 leading to pre-auth RCE🩸, This research would've not been possible without the help of my dear friend Soroush @irsdl 💪https://t.co/qb1noefRtE
— SinSinology (@SinSinology) June 3, 2024
Protip: If you find a malicious script ITW using webhook[.]site, you can add '/#!/view/' to the URI path ahead of the attacker's GUID and see all of their webhook requests. It is not uncommon for the first checkin to be the actor testing. pic.twitter.com/fYSLou1gOj
— Paul Melson (@pmelson) June 2, 2024
🚀 EDR Telemetry Project Update: New Comparison Feature
— Kostas (@Kostastsale) June 1, 2024
Thanks to one of our contributors, we now have a way to compare the EDRs in this project!
Now, the results are displayed in an easy-to-read table right in the terminal. Each EDR is ranked and scored based on its… pic.twitter.com/KkwpWeKeuY
Today we announce our audit of OpenSSL, thanks to the help of @openssl_ and @trailofbits! This collab was a huge effort, centered around new provider architecture and 8 new cryptographic primitives- read all about it at https://t.co/o8wfdnf1nu pic.twitter.com/ZRxlWTQLBg
— OSTIF Official (@OSTIFofficial) June 3, 2024
We see malware being delivered by ads on Google, Bing, and hijacked websites every day at @HuntressLabs. My fellow US analysts can attest to the fact that I regularly say, "As Taylor Swift says, 'you deploy adblock or you deploy ransomware'". https://t.co/8tf1e0RGE6
— Tanner (@wbmmfq) June 2, 2024
The program starts a TCP listener, and when a connection is received it writes the TCP data into a file. This same file is read by the counterpart program, which establishes a TCP connection and onforwards the TCP data. To avoid the shared file growing indefinitely, it is purged whenever it gets larger than 10 MB.
GitHub - fiddyschmitt/File-Tunnel: Tunnel TCP connections through a file
Tunnel TCP connections through a file. Contribute to fiddyschmitt/File-Tunnel development by creating an account on GitHub.
I got no idea. Just seems kinda funny
Making USB devices - end to end guide to your first gadget
Introduction to implementing USB devices. Minimal overview of hardware and software with an example with STM32 microcontroller. Also contains an index to very detailed guides for more information.
electromagnetic radiation - How many photons are received per bit transmitted from Voyager 1? - Physics Stack Exchange
As of 2024, according to https://voyager.jpl.nasa.gov/ , Voyager 1 is around one light·day away from Earth and still in radio contact. When Voyager 1 sends messages to Earth, roughly how many photo...
IT Pros, InfoSec researchers: NTLM is now officially deprecated in Windows Server: https://t.co/DdVZCBX0P3. This includes all variants. The Windows page is coming soon /1
— Ned Pyle (@NerdPyle) June 3, 2024
(CVE-2024-26926)[Binder]Craft malicious binder object with misaligned offsets -> send object through IPC -> binder_get_object() copies object using copy_from_user() without alignment check -> misaligned object bypasses alignment validation -> ... -> EoPhttps://t.co/wi8U1jWopC https://t.co/TTYjptwGdb pic.twitter.com/JuWFZUqxRO
— xvonfers (@xvonfers) June 4, 2024
Do you need thousands of free VMs running your code? It requires some work, but it’s relatively simple if your code seems to be interesting. AV sandboxes around the world are offering a lot of computing power for you and the only thing you need to do is to feed them with…
— Grzegorz Tworek (@0gtweet) June 3, 2024
Gavin Wilde argues that fears of hostile foreign powers subverting democracy by spreading false, misleading, and inflammatory information may be misplaced and misguided. https://t.co/3MdbNe5wGo
— Texas NatSec Review (@TXNatSecReview) June 4, 2024
Best Buy employees say they are being forced to recommend PCs with Copilot+ Recall https://t.co/6ptMgxpz8H
— Kevin Beaumont (@GossiTheDog) June 3, 2024
No days like 0days!
— Interrupt Labs (@InterruptLabs) June 4, 2024
Recently we've been speaking at conferences about the logic bugs we've been using at the Pwn2Own contests against Samsung and Xiaomi phones for a very long time. Our @offensive_con slides are up now:https://t.co/QSGgpnIte1