Shift

@moyix @mboehme_ interesting. i'm down to try new things.

@Shiftreduce @mboehme_ Hmm, the one I was working on was an alive2/LLVM based pipeline and it was pretty nice

Did you guys realize that it's now possible to just tell an agent "hey go grab this ICSE 2024 paper, get their artifact working, and then apply it to formally verify <my specific situation>" ?

@Manitcor @moyix very interesting, can you share this?

i have a research set i build mostly from vibes right here 1. induct-research - reads, summarizes on a 15 point template 2. bilbilo and cite forward and back ref 3. 4 different indices updated At any time i can ask for something and have it quickly checked against the growing corpus and the internet. If anything new is found in the process I hoover it up. This process is very good at making slop into real work.

permalink: guysrd.github.io/epoll-uaf rss available too.

We live in interesting times. Last month Linux patched a core uaf in the epoll subsystem, we rarely see these kind of bugs. As i like these kind of bugs, i wrote a few words about it here: guysrd.github.io

@C2IRIS at 50 you start organizing the parties and events.

One thing I’ve always found interesting about vulnerability research, is how it seems to almost always be very age-bounded. You will meet the occasional 15 year old all-star. But usually it takes several years of serious experience to reach Jedi levels. But you almost never meet a 50 year old who still churning out bugs day to day. People “age out” for a lot of difference reasons.

I tried working on this bug only without an infoleak and tried to turn it into a one shot universal root primitive but I did not succeed, I never managed to leak data. You can read the blog and see my attempts at exploiting this, i encourage anyone to try too.

The race itself is pretty tight, but with the right IPI interrupts and some magic it is possible to take control of ep->refs or a mutex_unlock slowpath (providing u an arbitrary kfree primitive), there are other paths available for exploitation.

@layle_ctf life goals

at family dinner, my dad (he's a nerd too) told me about a new emulator he downloaded... it was mine lol

@RenwaX23 @YordanStoychev hard truth

"Dad, what was it like playing CTFs before AI?"

@marver 👀

Running FastAPI or another python ASGI framework? Then patch Starlette now, chances are high it's in your supply chain! A host header parsing issue can lead to vulnerabilities leading from auth bypass up until RCE! Examples for affected packages are liteLLM, vllm, etc... Here is the X41 Advisory: x41-dsec.de/lab/advisories…

@bl4sty this is hilarious :')

im celebrating the release of the new openbsd but the usb rndis driver, extremely fragile! if someone walks up to your OpenBSD 7.9 thinkpad in starbucks tomorrow and tries to plug in a suspicious usb device into your daily driver whilst yelling "please run `ifconfig urndis0 up` as soon as possible! this is a matter of life and death!" don't fall for it, you've been warned.

I broke Kindle's DRM protection tonight through a mix of static and dynamic analysis. AES key is derived from accountSecrets, kindle device ID, and voucher path. Book is decrypted in parts using OpenSSL from Ion blobs and then decompressed with LZMA.

@terrynini38514 flex

since I saw this post, I’ve been planning to tweet this

It’s time to reveal our secret AI model which we’ve been using for years even back when the ChatGPT wasn’t a thing. Let me introduce you the top-secret model trained in Taiwan, It’s security-focused, fully automated, requires no prompting, and is ready to use out of the box. That is: OrangetsAI !