werew

Just published a post on the 𝗽𝗿𝗼𝗺𝗽𝘁 𝗶𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗱𝗲𝗳𝗲𝗻𝗰𝗲 𝗹𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲. This area is growing very quickly, and I wanted to get a clearer picture of the different approaches people are exploring. tinyurl.com/vkzp2wd5 #AISecurity #LLMSecurity

🐛🔍💰 We've increased our bug bounty payout up to 300k for a 0-click RCE chain in our most popular apps including Facebook, WhatsApp, Messenger, and Instagram! See this 👇🏻 page for all the details: facebook.com/whitehat/payou…

Really enjoyed playing with 🍪🌪️at @Blackhatmea CTF Congrats @dicegangctf for the first prize 🏆 great job guys

1/ We just published our first Bug Bulletin, the spot where we aim to share cool bugs we found in our own and external code, and how we found them engineering.fb.com/2022/07/20/sec… 🧵

Some time ago I wrote an exploit as an excuse to play Doom at work 🎮 engineering.fb.com/2022/07/20/sec… @MetaOpenSource @fbsecurity

I had an amazing time collaborating with @xdavidhu, @ElSec_, @rub003, and @_zulln during @fbsecurity's BountyConEdu live hacking event as Team BBAC. So stoked on the #1 finish. Thank you @fbsecurity for hosting the wonderful event. :)

4th place in #BountyConEDU with the iCarramba team. Kudos to @fbsecurity for having organized such an amazing event.

I published a blog article detailing a phishing technique I called Browser in the Browser (BITB) Attack. It's very simple but can be very effective. I also published templates on my Github feel free to test them out. mrd0x.com/browser-in-the…

Though, as technology advances there is very little the human eye can do. Just use common sense, check trusted sources and try to avoid confirmation bias.

Here are some tips on how to spot deepfakes. This is more important than ever considering the recent events in Ukraine sans.org/newsletters/ou…

If you are a student passionate about security, then you should probably check this out: #security #bugbounty #ctf #conference2022 #cybersecurity #cybersecuritytraining #meta #facebook lnkd.in/eV9kdkex

Python trying to be PHP

Glad to have been able to present our work on greybox program synthesis for deobfuscation at #BHUSA21. Feel free to give a look at slides: #greybox-program-synthesis-a-new-approach-to-attack-dataflow-obfuscation-22930" target="_blank" rel="nofollow noopener">blackhat.com/us-21/briefing… code: github.com/quarkslab/qsyn… IDA plugin demo: youtube.com/watch?v=AwZs56… cc @JonathanSalwan @werewtk @quarkslab

Together with @m_u00d8 we are happy to release msynth, our code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions. This work was inspired by @RobinDavid1's and @werewtk's work on QSynth. Check it out: github.com/mrphrazer/msyn…

Ok, I had some time to read the new paper on MBA deobfuscation: usenix.org/conference/use… TL;DR Cool stuff and great contribution, but tarnished by some omissions that make it seem to have a bigger impact and general applicability than it really has, imho. A thread 🧵

@arnaugamez @fvrmatteo @mr_phrazer @is_eqv @RobinDavid1 @_can1357 That's a great summary :) thanks

Yesterday evening I read and played with an interesting paper on MBA expressions de-obfuscation. It's based on a theoretical property derived (and proved) from the original paper by Zhou and describes a novel approach. To be released at USENIX'21: usenix.org/conference/use…

@SkyHelpTeam Seems like a DNS issue. As a temporary solution you can follow this guide to change your DNS on Windows: wikihow.com/Change-Your-Wi…

CUSTOMER INFORMATION We are aware of an issue affecting our Broadband customers. We are currently investigating this and will provide updates once we have more information to share. Customers may not be able to get online or make/receive calls.

@arnaugamez Nice to see an integration of Syntia in r2, looking forward to give it a try :)

📢Just published my Maths & CS BSc thesis: 📄"Code deobfuscation by program synthesis-aided simplification of Mixed Boolean-Arithmetic expressions". Serves as an intro/review to: - Code (de)obfuscation - MBA expressions - Program synthesis 👉github.com/arnaugamez/tfg

Glad to have presented work performed with @werewtk at #bar2020 workshop on QSynth "A Program Synthesis based Approach for Binary Code Deobfuscation". Paper: archive.bar/pdfs/bar2020-p…