liba2k

One of our security researchers demonstrated a local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path. We call it DirtyCBC: a sibling to DirtyFrag in the broader CopyFail / DirtyFrag / Fragnesia family. The issue is fixed on mainline. The candidate path was surfaced through Delphos’s agentic analysis workflow, then manually verified and exploited end to end. AES-256 was not broken. It just wasn’t the boundary that mattered. RxGK decrypted data in place before authentication completed. Under the right conditions, that write could land in the page cache. The HMAC check still failed and the connection was aborted, but the page-cache mutation had already happened. Two RESPONSE packets were enough to place a tiny ELF into the cached first page of a readable SUID-root binary. The file on disk stayed unchanged. The next exec produced a root shell. Full writeup and PoC on the Delphos Labs GitHub. delphoslabs.com/blog/36142374-…

We’re hiring 🚀 Security Researcher & Software Engineer @ Delphos Labs Build AI-powered systems for reverse engineering — tools where AI understands software, automates binary analysis, and scales how we reason about code. 🔗 jobs.ashbyhq.com/delphos-labs/a… #securityresearch #hiring

XZ backdoor (liblzma.so.5.6.1) fully exposed in minutes with Delphos Labs. Black-box binaries? No more. Traditional tools would still be unpacking. That’s software, verified.

Binary highlight: “Cyberpunk 7777 / QubePi” ELF. Text-menu game with hard-coded Postgres creds. Every login/chat/coord sent in clear on 5432—no TLS, no sanitization. Delphos auto-exposed the creds & flow in minutes. Sample: delphoslabs.com/uploads/26cc38… #ReverseEngineering

At @DelphosLabs, we're building tools to automate reverse engineering, no source code required. Help shape what we build next 👇 docs.google.com/forms/d/e/1FAI… It takes just a few minutes. Anonymous unless you opt in. Thanks for your input! 🙏

Machine Learning Meets Malware. If cognition becomes an API call and malware can be reverse-engineered by an LLM, then what’s left of “zero trust”? Caleb Fenton joined @patio11 for a chat on AI, nation-states, and the new front in software security. 🎧complexsystemspodcast.com/episodes/machi…

@sysxplore grep

What is your favourite Linux Command?

@Coheninon1 youtube.com/watch?v=8TPIyM…

יש הרבה סטנדאפיסטים גרועים, אבל אדיר מילר הוא הגרוע שבהם

If you like building platforms and infrastructure and want to get in on the ground floor of a cyber security startup doing AI and reverse engineering, DM me.

Of course the code doesn't work, but it's a start :D

Why not 3d printing #ChatGPT

Happy Friday everyone! Want a ProcMon for macOS? Ever wish you had your own Endpoint Security client you could task? Want to peer behind the macOS EDR curtain? Have a go and let us know what you think! github.com/redcanaryco/ma…

New Tiny #tinyML #AIoT module M0S coming out~ Based on BL616, WiFi6+BT5.2+Zigbee, 384MHz #RISCV RV32GCP, 4MB Flash + 512KB SRAM, and USB2.0 HS in tiny 10x11mm stamp module! It would be <2$ ~

My project is on hackaday 😀hackaday.com/2022/10/17/cus…

A device that no one REALLY needs, but fun project anyway. Here is my Caliper/Digital indicator WiFi adapter. github.com/liba2k/VINCA_r…

@caleb_fenton Depending on your point of view. Since it's all a simulation, everything is a dream. Saying that, in this iteration of the simulation I did use my Heelys in the office. Now we have carpets and I need to take them to Costco.

@liba2k You got them also? I think I remember you wearing them in the office but that was the before times and I can't be sure I didn't dream it.

The talk that @assaf_carlsbad and I presented at #INS22 is up on youtube. youtube.com/watch?v=ge_TnL…

Yesterday @liba2k and I presented our talk "Breaking Secure Boot with SMM" at @1ns0mn1h4ck. The slides, exploit code, and some additional resources are now online and available here: github.com/liba2k/Insomni… Thanks to everyone who attended, we hope to see you all again next time!

@retrage Are you planning to submit a PR to DSecurity? You should it's a useful feature.

My Weekend Project: Ghidra version of efiXplorer vulnerability scanner. I reimplemented the SMM callout checker as an extension of efiSeek. It can detect CVE-2021-3452. github.com/retrage/efiSee…