Tamas K Lengyel

We've just merged support for QUIC and HTTP/3 - @ManuelMeitinger's GSoC project - into @mitmproxy's main branch! 🚀

I didn't know glitch swing is a thing! Some awesome tunes for your enjoyment youtu.be/Pu0Y-DfqwPQ?li…

Next year @intel_owl will participate again for the Google Summer of Code! Don't know what it is and how to get involved? Check the video below! #gsoc #opensource youtube.com/watch?v=7jD2tC…

I have no idea if anyone from Twitter follows me - probably not, because why would they. Anyhow, I have something to share. One of the interesting presentations I've seen at google was titled 'Don't be a hero'.

@richinseattle @NSA_CSDirector @RGB_Lights I don't think you are the target audience. I bet the goal is to try to appear fresh and cool so they can hire more people fresh out of college for their grind.

It’s embarrassing if you ask me. The @NSA_CSDirector feed has more memes and sh*t posts than @RGB_Lights’s own personal account.

Come join a great team of students, faculty, and researchers at an amazing location in the center of Europe and hack some cool stuff! 🐝🐝🐝 Group page: hexhive.epfl.ch

SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects (commonly used for IPC in Windows services) This tool immediately uncovered potential exploitation routes in both Nvidia and Dell Audio services on my system. x86matthew.com/view_post?id=s…

Awesome slides for a very technical topic and by far the best explanation I've seen of how the Linux eBPF verifier internals work. Thanks for sharing @shunghsiyu

KMSAN (github.com/google/kmsan) got merged into Linus' tree today: github.com/torvalds/linux…, fingers crossed to see it in v6.1 KMSAN helped find 300+ bugs in various kernel subsystems, and will certainly help find more.

@danvet @Ivyl There is a wiki for this stuff?!

@Ivyl yeah the internal wiki is pretty much required to read anything here ...

over a decade here at intel and I still don't know the lingo ... is this good or bad?

@mboehme_ printk("here");

Today, 25 years later, how do developers debug?

April 1997, "The Debugging Scandal", Lieberman, CACM

@markrussinovich ohshitgit.com

linux-syscall-support is a very useful single-header C library that I don't see mentioned often: chromium.googlesource.com/linux-syscall-… You can use it to make direct syscalls without a libc - useful for writing compact exploits or shellcode, without resorting to hand-written assembly.

Average day in the lab.

@maximilianhils Congrats!

Successfully defended my PhD thesis!

"Symbolic Execution the Swiss-Knife of the Reverse Engineer Toolbox", a talk by @RobinDavid1 presented at the @kleesymex 2022 workshop. Triton under the hood ❤️. Looks like there is also a teasing about a new DSE fuzzer... 👀 triton-library.github.io/files/KLEE2022…

Always a great read: dolosgroup.io/blog/2021/7/9/… “We took a locked down FDE laptop, sniffed the BitLocker decryption key coming out of the TPM, backdoored a virtualized image, and used its VPN auto-connect feature to attack the internal corporate network.”

Curious about exploiting VMs or memory bugs in a safe language? Read my new blog post, where I attack Firecracker, AWS' VMM written in Rust. Learn about the various layers of virtualization + the attack surface, and how design decisions impact security. graplsecurity.com/post/attacking…

New blog post is live! In which I download 4 TB of Python packages containing native x86-64 libraries and see how many of them use -ffast-math, potentially altering floating point behavior in any program unlucky enough to load them! moyix.blogspot.com/2022/09/someon…

A list of recent conference materials: BlackHat - no videos, but slides blackhat.com/us-22/briefing… BSidesLV youtube.com/channel/UCpNGm… Defcon youtube.com/user/DEFCONCon… Troopers youtube.com/user/TROOPERSc… ARE41 m.youtube.com/c/defconswitze… SANS ransomware summit m.youtube.com/playlist?list=…