November 13, 2024

                            November 13, 2024

                November 13, 2024

                        November 13, 2024

Uploaded my slides from POC2024. I'll soon be giving a slightly shorter version of the same talk on CODE BLUE 2024 too.https://t.co/ZnWJXYC7LD https://t.co/H2hYrceA1V
— Xion (@0x10n) November 12, 2024

  talks/poc2024 at main · leesh3288/talks · GitHub
Repo for talk slides & materials. Contribute to leesh3288/talks development by creating an account on GitHub.

Backdoor attempt on @exolabs through an innocent looking PR.

Read every line of code. Stay safu. pic.twitter.com/M0WHoCF5Mu
— Alex Cheema - e/acc (@alexocheema) November 12, 2024

https://samy.pl/poisontap/

🚨Nam3L3ss wants you to know the following pic.twitter.com/2v0AEHZXLg
— Dark Web Informer (@DarkWebInformer) November 11, 2024

The entire 3rd-edition of @rossjanderson's "Security Engineering" is available free as PDFs now!https://t.co/4Mjd9TOzUp
— Dino A. Dai Zovi (@dinodaizovi) November 12, 2024

https://www.cl.cam.ac.uk/archive/rja14/book.html

love this ubuntu desktop LPE chain by @PsychoMario, reminds me quite a bit of his chromeOS chains :) https://t.co/IUYVoxv2mf
— blasty (@bl4sty) November 12, 2024

Excited to share my latest blog post: "Breaking Control Flow Flattening: A Deep Technical Analysis"

I showcase usage of formal proofs and graph theory to automate CFF deobfuscation, among other things !
Might make it a talk...? 👀https://t.co/iWoP9GeZhX
— Zerotistic (@gegrgtezrze) November 12, 2024

Citrix RCE en EoP overview

Blog post:https://t.co/VFaw2w2FkF

PoC:https://t.co/GG3p6PKpuM

Citrix support article:https://t.co/bWEippuH8V

Credits:@watchtowrcyber @SinSinology https://t.co/uKpCwL8Dry pic.twitter.com/nwWQGxfbjW
— 🕳 (@sekurlsa_pw) November 12, 2024

   Breaking Control Flow Flattening: A Deep Technical Analysis | Zerotistic's blog
Control flow flattening (CFF) is an interesting form of code obfuscation. While most obfuscation techniques focus on making individual operations hard to understand, CFF goes for something more ambitious - it tries to hide the entire flow of program execution (or, at a minimum, a function’s). Today, I want to dig deep into a Binary Ninja plugin I’ve been building that automatically defeats this obfuscation. Not just what it does, but why it works and the mathematical foundations that make it pos...

Microsoft patched one of my bugs today. I found this shortly after reading blogpost https://t.co/znMv8LpFr2 by @KeyZ3r0 😆 pic.twitter.com/7apYQDBQrf
— chiefpie (@cplearns2h4ck) November 12, 2024

Rooting an Android POS "Smart Terminal" to steal credit card information:✅

Paper "Exploring and Exploiting an Android 'Smart POS' Payment Terminal", by Jacopo Jannone.Paying with a POS will never feel the same for me.

PDF: https://t.co/mZqbgoZZyh
Video: https://t.co/V98uJ4MH0m pic.twitter.com/JsszytldAr
— Denis Laskov 🇮🇱 (@it4sec) November 12, 2024

New from 404 Media: got hundreds of internal Secret Service emails where it said tracking peoples' location without a warrant was okay because citizens have clicked 'accept' on app terms of service. This is the data that powers tools like Locate X https://t.co/kwvFo1eNom
— Joseph Cox (@josephfcox) November 12, 2024

New APT marketing dropped https://t.co/WSfgbxin2f
— Greg Linares (Laughing Mantis) (@Laughing_Mantis) November 12, 2024

                            Don't miss what's next. Subscribe to the grugq's newsletter: