Carl Hurd

Since the #VPNFilter malware several years ago, our vulnerability research team has looked into several popular wireless routers used in homes and small businesses. Now, we have a rundown of all the vulnerabilities we discovered as part of this research cs.co/6018PwImO

@cketcham I have indeed made a working client for the camp chef api. I am happy to collab, what are you interested in? Feel free to DM

@c_hurd Wondering if you've made any more progress on the campchef app? I was able to get the info required to authenticate with Cognito if you want to work together.

By hooking the Hilbert function drawer up to a live debug target, you can literally see the functions responsible for power pill and eating the cherry! github.com/Vector35/debug…

Want to combine binary analysis efforts from multiple databases? As an early step in the direction of full collaboration, Binary Ninja now has a database merging tool on the dev channel! It can be found under "Tools > Collaboration"

Originally found by @pat_r10t

Here's a talk I gave a few years back at @EmpireHacking on 10 different binary code coverage mechanisms (specifically for use from hypervisor level) youtube.com/watch?v=4nz-7k… . So many unique ways to gather coverage, all with their own tradeoffs!

@elonmusk are there any plans to allow the 3D to upgrade to a P3D via a software purchase?

Had so much fun giving a talk on Vectorized Emulation at @reconmtl ! Here are the slides github.com/gamozolabs/vec… ! Of course always more info on my blog gamozolabs.github.io/fuzzing/2018/1… and gamozolabs.github.io/fuzzing/2018/1… . Thanks everyone for coming!

@GMTA_Marshall @awilliams I did as well. Sounds like it needed a cooler major.

This is super cool. What did you do in college ... 'Well, I ran a nuclear reactor in my sophmore year'. youtube.com/watch?v=5QcN3K…

My colleague Brandon Stultz worked night and day on a PoC for BlueKeep after Microsoft announced the vulnerability. He does some of the best work around so I strongly I recommend checking out his blog on detecting BlueKeep using Cisco Firepower. blog.talosintelligence.com/2019/05/firepo…

We recently discovered several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450. Check out all the details on potential exploitation here, as well as the coverage we have available cs.co/6017E5NMV

First coordinated disclosure public release here @TalosSecurity! 13 vulnerabilities affecting 11 products. blog.talosintelligence.com/2019/04/vulner…

VPNFilter: Deep Dive on the module with Modbus with Carl Hurd/Talos at #S4x19 bit.ly/2UZN8Lu A lot of intent questions with this module only being written for one specific device, requiring dest IP, and only minimal Modbus logging.

@gamozolabs Does this mean we may see a continuation of the gamozolabs blog posts?

Further the organization this team is being created under has already embraced the open sourcing of tooling and knowledge. Whether it be through full open sourcing of tooling, personal blogs, or talks.

I'm excited to start a new Software Metrology team at Microsoft. Our focus is to develop and open source multiple tools for fuzzing, debugging, and reproducing bugs. I'm lucky to start off the team with a great group of people, providing for a great internal group and community!

Today is the LAST day to send us submissions to speak at our second annual Talos Threat Research Summit. Here's all the information you need if you want to present in front of an amazing group of dedicated defenders #CLUS cs.co/6019E3QAU

VPNfilter redux - Malware with (limited) modbus attacks. Also extra capabilities for other protocols and features that enhances the attack. Very capable - 75+ destinct target device types incl weird architectures! #S4X19

We recently disclosed three vulnerabilities in a TP-Link VPN router. Here, we take a deep dive into how we discovered the bugs, and how we arrived at our proof of concept code cs.co/6011E3LKT

Verifying myself: I am c_hurd on Keybase.io. jhr_X6haNpo8HBF9sMR_s6WTF4MvGQEibCu2 / keybase.io/c_hurd/sigs/jh…

@swagitda_ @INL Glad someone is finding it useful!

Found a dope survey by @INL on security tools for ICS environments (& they def know what’s up in that arena). The money shot is on numbered page 6 mapping each tools’ capabilities to their purpose & ICS zone: osti.gov/servlets/purl/…

@lacosteaef Badge drop @ BH possibly?