Darkarnium

Reverse engineering a Novation FLKey - Part I. Alternatively titled: Turning a Novation FLKey into a Launchkey. kernelpicnic.net/2023/03/25/Rev…

STACS 0.4.11 has been released! This version includes support for Apple Disk Images (DMGs), and zlib compressed data. github.com/stacscan/stacs…

@nastradinhoxha0 Nope :( You'd likely need to pin it out from the circuit it's present in. Unfortunately, this one ended up in my parts drawer and I never finished pinning it out or I'd share my notes.

@Darkarnium Hey, have you managed finding datasheet on that MCU? I have one gateway on my desk and was wondering what the pinout is.

Okay, so now I actually have the looms, the gateway, the instrument cluster, ECU, "Vehicle Electrical System Control Module", and the correct wiring diagrams, it's time to get this party started! (1/N) youtube.com/watch?v=Y5JxIr…

Hard to believe it's been a year. Want to gamble on fat bears for charity again? #FatBear2022 is here, fill out your brackets by the 5th, send me hashes. More details here: gist.github.com/yrp604/788c649…

@yrp604 660afb5f4d0c940b221e4652721eb54966dae5c26baaf1248a182a859a43b68e fat-bear-week-2022.png

Yet another instance of a company trying to use bug bounties to force their disclosure terms onto potential bugs.🤦‍♂️

The Big Four of Thrash Metal as Dragon Ball Z villains

Today marks the official public release of "unblob", a firmware extraction tool we've developed internally and used in production for a while now. Let's explore what it is in this 🧵(1/12)

Gave this album another few spins recently, and holy shit there are some brilliant tracks on it. For example, this one absolutely fucking rips. youtube.com/watch?v=8cT9BT…

Danzig’s first vocal take on “Mother”

@QuinnyPig Nice you meet you. I'm XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Hi, my name is X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* and if your Twitter client just exploded, your corporate IT department sucks.

The take away for defenders is the same as it ever was: Don't rely on just a firewall for security, and STOP TRUSTING YOUR VENDORS NETWORKS.

As a concrete example: I've used this trick to grab AWS keys from otherwise inaccessible Jenkins build farms. Although a properly configured Jenkins instance should prevent this, the target in this case... wasn't. Using this trick I could view all jobs and their build logs.

Given I don't do many bug bounties these days, I thought I'd share an old trick that I've used a few times to compromise externally hosted build farms: Github Webhooks. Using Github webhooks, you can use Github to proxy requests into target organisations via web-browser.

There's no better feeling than hearing back from a vendor that an exploit chain that took months of effort to build is working in their environment.

Is it just me, or of all of the delivery companies in the UK, is @DHLParcelUK the most unreliable? Whether listing international shipments to the US as being delivered to the wrong state, or _consistently_ losing and delaying "overnight" parcels in the UK. Holy shit.

@Ryan_Jarv That said, the big issue with this approach is you need to stuff the machine full of GPUs, and assign them to each VM. As the GPUs required are cheap it's a viable approach today. If I need more than 4x users per hypervisor, then I'll need to look at better set of GPUs :)

@Ryan_Jarv That's a fair question. In this environment right now there's only one user (me). However, planed isolation is via mapping is 1:1 between user and VM. The analysis VMs are built using Terraform and libvirt, so new VMs can be created by just incrementing a counter :)

Just a reminder that X11 is still cool, and works brilliantly with @vector35's BinaryNinja. JupyterLab, BinaryNinja, X11, Terraform, Ansible and KVM results in amazing analysis environments ♥. Keeping analysis off of your workstation, and allowing complete rebuilds in minutes.