Dan Clemente

New blog post: Abusing Intel TSX Instructions for Fun and CTF Flag bugnotfound.com/posts/htb-busi…

@AlexToft @texasaggie1 @JackRhysider @ProtonMail Email is not end-to-end encrypted. Even if the connection is encrypted in transit with TLS (which can be downgraded in some scenarios), the email provider still needs access to the cleartext to determine the recipient whether it’s Gmail, Proton Mail, or any other provider.

@texasaggie1 @JackRhysider @ProtonMail No it isn't. Just sort out your MTA-STS and STARTTLS.

MCP can utilize either stdio or HTTP SSE. In the case of HTTP, how many DNS rebinding vulnerabilities will arise? 🤔

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…

@ifsecure For everyone claiming that it doesn’t handle negative values, the variable type is unsigned, so it can’t be negative. What am I missing? However, nullptr UB optimization makes sense.

Can you spot the bug? The goal is to leak the secret.

@yo_yo_yo_jbo @binarygolf Technique by Michael Schwarz, Samuel Weiser, Daniel Gruss. I was just luck to discovery it while trying to solve a CTF challenge :-)

@binarygolf is upon us, and it's time to blog about some Linux shellcoding! Read how I employed @DaniloNC 's TSX egg-hunting technique, as well as giving up and performing execve eventually, making a 46-byte Linux shellcode that solves the challenge: github.com/yo-yo-yo-jbo/b…

@Malcoreio @uvemode Maybe you should get some clone hw hacking equipment from temu. 😅 (Aliexpress does have some clones, wondering if Temu has too)

@uvemode I don't even know what equipment I need! :D We will learn together

We're going to spend 250 USD on Temu buying the sketchiest things we can. We're then going to test those items out, try and pull the firmware, RE them, and RE the Temu app at the end. This will all be done live. It's going to be a fun series stay tuned for it!

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

@247arjun @semgrep GPT+Semgrep, I am sure that it is something of interest to @DanielMiessler

@Steph3nSims Stack canary using a hardcoded value.

Friday evening challenge on the Off By One Security Discord server.... discord.gg/offbyonesecuri…

@Kevin_Kouketsu @ramalhoorg Configura o Windows e o Linux para UTC. #UTC_in_Microsoft_Windows" target="_blank" rel="nofollow noopener">wiki.archlinux.org/title/System_t…

@ramalhoorg Tenho em discos diferentes e quando entro no linux, a hora do meu Windows fica GMT-0 e o edge meio que fica resetando (um estado bem esquisito, só voltando tudo pra default resolve). E esses bugs so acontecem qd eu logo no Linux, se não, o windows fica normal

O #Windows 11 cometeu um erro fatal. Depois que instalei #Ubuntu 23.10 em dual boot e tudo funcionar 100% por dias, resolvi dar uma olhada no Windows e sem avisar ele mudou as configurações de boot, “escondendo” o #Linux. Resultado: eliminei o vírus chamado Windows da máquina.

@bl4sty @LiveOverflow @wdormann @BufferBandit Technically env vars can be disclosed with arbitrary file read using the /proc/PID/environ too.

@LiveOverflow @wdormann @BufferBandit in a configuration file on disk? would shift the threat model from “anything that leaks (inherited) env vars” to “anything that allows arbitrary file disclosure” 🤔

@meowkoteeq ogram received signal SIGSEGV, Segmentation fault. 0x6161616161616161 in ?? ()

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

@247arjun @MindMacApp @mrhoangnm ChatBoost seems to be the closest to the Mac one you linked before, thanks!

@247arjun @MindMacApp @mrhoangnm I have been trying to find an Android App that supports Azure OpenAI and stores conversation history locally. Shameless asking here in case anyone knows about one. :-) Bonus if supports more than one LLM (such as chathub for chrome): github.com/chathub-dev/ch…

Lazy Internet: is there a Linux package manager similar to Homebrew or Nix but that all packages are statically compiled? Use-Case: you don't have root access on a machine (so no /nix or /home/linuxbrew/) and don't want to recompile everything.

Great blog post: xkyle.com/Advancing-the-…

TIL mount is not the only syscall on modern Linux kernels for mounting file systems. There is also the new fscreate, fsconfig, fsmount and move_mount. move_mount can use flags to not follow symbolic links if the specified target mount point happens to be a symlink.

The cloudflare blog blog.cloudflare.com/zenbleed-vulne… mentions that it might be possible to exploit the Zenbleed via browser. Does anyone have an idea what browser APIs / gadgets give control of AVX instructions?

@pedrib1337 +1 for binary ninja

What do you use to patch instructions in a binary? Both IDA and Ghidra work, but are very clunky