Malcolm Stagg

Thank you @GoogleVRP I really like the shirt!

#JusticeForPeanut #Vote

@Jo3Ram Good luck!

@Jo3Ram AFAIK you’ll probably need to see someone with a badge for a hint, unless they added something online since then

@malcolmst Is the phrase obtainable online or do I need to go in-person?

@Microsoft @MicrosoftHelps Is there any way I can have correct formatting without being forced to change my privacy settings @Microsoft?

@Microsoft @MicrosoftHelps the only difference between these two screenshots is turning the privacy setting on or off. This shouldn’t cause the formatting to be completely different.

Apparently if you have the Office 365 privacy setting “Turn on all connected experiences” turned off, the Apsos font no longer renders correctly. It silently uses Apsos Display which is totally different spacing. Is this expected @Microsoft? Why force me to have this turned on?

I have a video demo showing exploitation against an enterprise extension youtu.be/A07CNGXsJ4g?si…

Appreciate @synack @README_Security publishing my writeup about CVE-2024-0333: readme.synack.com/exploits-expla…

(CVE-2024-0333)[1513379][Extensions][Updater ][crx_file]CRX3 File Signature Verification Bypass via Embedded ZIP64 Payload is now open with a PoCs. issues.chromium.org/issues/41485950

Thanks to the Chromium team for their great work on this!

Interesting Google Chrome vulnerability I reported before Christmas was fixed today (CVE-2024-0333). I’ll post more details later after people have a chance to update. chromereleases.googleblog.com/2024/01/stable…

@DARPA @defcon @AnthropicAI @Google @GoogleDeepMind @Microsoft @OpenAI @openssf Will the talk be recorded?

Attending @defcon this year? Check out our panel with #AIxCC program manager and collaborators @AnthropicAI, @Google, @GoogleDeepMind, @Microsoft, @OpenAI, & @openssf at 2:30 p.m. PT on Track 2! More about the competition at: aicyberchallenge.com #defcon31

The new @DARPA challenge from @perribus looks very exciting! Seriously considering coming out of DARPA challenge “retirement” to work on this one.

As we prepare for the holidays, we’re counting down our most popular stories of 2022, starting with “How I hacked my way to the top of DARPA’s hardware bug bounty” by @malcolmst (with art by Si Weon Kim) from January: readme.security/how-i-hacked-m…

Incredibly happy and excited to become an American citizen today! I love this country and all it represents. It is truly the greatest nation in the world. God Bless America!

@Dinosn So now you can just use Notepad to brute-force passwords? That seems convenient 😀

Windows 11 now warns when typing your password in Notepad, websites bleepingcomputer.com/news/microsoft…

@phyr3wall @rustyrazorblade Thanks! Now I can finally get my computer back from vim.

vim tip I learned about 13 years ago from @rustyrazorblade . "Shift ZZ" will save the file and quit vim. I haven't touched ":wq" since 2009

@ryanrutan That looked like a very cool CTF! :) How did it go?

Last day at #defcon30 … taking some “me” time to kick the tires on the IoT #CTF … #cybersecurity #hackersummercamp :)

@mcipekci @synack @SynackRedTeam @bamhm182 @0xteknogeek Congrats @mcipekci! It was great working on it with you!

Thank you @synack @SynackRedTeam for the opportunity to working with @malcolmst @bamhm182 and @0xteknogeek on the PLUOT project, it was really interesting project and thank you so much for the great memorial gift for it!