June 9, 2024
June 9, 2024
As another dinosaur who knows the ancient dance, I feel you @daveaitel. While I get the need for better tooling, the modern approach of internalizing all buggy code that ever existed can't be the solution. We need interfaces, specifications, or compartmentalization. pic.twitter.com/SYltUEXInT
โ Mathias Payer (@gannimo) June 9, 2024
Brezhnev won the Afghan War (the Taliban government is overtaken by the bureaucracy)
โ geodome โซ๏ธ๐ฟ (@spewingfluids) February 28, 2023
The libarchive e8 vulnerability is actually really cool, but the ZDI advisory doesn't explain why it's so wild lol. For some reason, I know about RAR filters, so let me provide the background. ๐งต 1/n
โ Tavis Ormandy (@taviso) June 6, 2024
Thread by @taviso on Thread Reader App โ Thread Reader App
@taviso: The libarchive e8 vulnerability is actually really cool, but the ZDI advisory doesn't explain why it's so wild lol. For some reason, I know about RAR filters, so let me provide the background. ๐งต 1/n E8...โฆ
I found this with libfuzzer and a corpus chosen by coverage feedback. The project has been on OSSFuzz but has poor coverage with their harness/corpus.
โ shuffle2 (@shuffle2) June 7, 2024
The KGB interrogation room in Riga. Untouched since the end of the Soviet occupation.
โ Rory Cormac (@RoryCormac) June 7, 2024
Moving pic.twitter.com/igDpMFpvjk
I didn't know you could get a PhD in @CTFtime analytics: https://t.co/Iixemr0FWv
โ blasty (@bl4sty) June 9, 2024
.. jokes aside, interesting read and overall exhaustive research ๐
Two parts series introducing inner working of System Management Mode (SMM) isolation on Intel platforms
โ 0xor0ne (@0xor0ne) June 9, 2024
Credits @standa_t
Part 1: https://t.co/D44CbBrDCj
Part 2: https://t.co/mEnnZBngOb#ssm pic.twitter.com/j40tMrJfRl
Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't.
โ Greg Linares (Laughing Mantis) (@Laughing_Mantis) June 8, 2024
This was a story I was gonna save for a book but fuck it, I ain't gonna write it anyways.
Thread by @Laughing_Mantis on Thread Reader App โ Thread Reader App
@Laughing_Mantis: Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't. This was a story I...
"We will lie to customers unless legally obligated not to" is an uncharitable yet accurate reading of AWS's position here. pic.twitter.com/QR8mDFztpq
โ Corey Quinn (@QuinnyPig) June 7, 2024
The Atredis team has released a combination IDA Pro plug-in and LLM fine-tuned on Hex-Rays pseudocode named aiDAPal.
โ Pedram Amini (@pedramamini) June 8, 2024
Github Repo: https://t.co/d8I0R4DSRu
Blog: https://t.co/j7wUSgs5if
Hugging Face: https://t.co/SGlBB2gcxW
Ollama model file: https://t.co/ZicoqKYegR pic.twitter.com/qFqfC3anNV
https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/CyberDefenseReport_%20From%20Vegas%20to%20Chengdu.pdf
https://actes.sstic.org/SSTIC24/sstic-2024-actes.pdf