Remember kids: if that "security researcher" is at every con and community event, there's no time left for research. They are a "security entertainer" masquerading as a "researcher".
Whoa. Wait. What? Lenovo quietly released a new X1 Carbon that is absolutely KILLIN most high end "gaming" laptops.
* 6 core i7
* 64 (I repeat) 64 gig of ram
* GTX 1050Ti
* Four lane thunderbolt 3
* a buncha TypeA USB ports
...
...
IN AN ULTRABOOK
Tech-savvy millenials click the link with zealous anticipation...
"what a clever hack!" they exclaim as they tweet and reshare.
"What genius to encode data as Sound!?" they cheer.
Sullen narrator: "alas they have never had to use a modem."
"Quiet for Android - TCP over sound" "org.quietmodem.Quiet allows you to pass data through the speakers on your Android device. This library can operate either as a raw frame layer or as a UDP/TCP stack."
Now that so many new laptops are USB-C and there is a new cottage industry of low cost "expansion hubs", I don't think it'll be long before we see supply-chain malware/spyware. These things are a ripe environment for all kinds of attacks: PCIe, BadUSB, and ARM controllers
The Computer Hack That Saved Apollo 14. All program code was physically woven in ROM (yes woven... like needle and thread)..so the "hack" wasnt a matter of radio uploading new firmware. opcodes were manually entered through the UI. Neat watch.
"Why Is My Perfectly Good Shellcode Not Working?" (ARM & MIPS)
There are A LOT of talks and trainings about exploitation by folks who have never written real-world exploits...omission of CRITICAL details like this are a VERY common "tell".
Been making my way through this over the last few weeks of travel....and holy sh*t this book is a home run
@billpollock
! huge props (and thanks) to
@veorq
for a much needed book.
For everyone that cared about the SuperMicro Bloomberg story: turn off notifications, hide in a bathroom or do whatever it takes to get 30mins for this
@BlueHatIL
talk by
@bunniestudios
. It's a must.
Supplement w/
@qrs
's CCC talk:
On OSX, find and rename all pdfs in the current directory to the file's md5sum(.pdf). Added bonus is that it deduplicates.
find ./*.pdf -type f -exec bash -c 'echo "${1%.*}.${1##*.} --> $(md5 -q "$1").${1##*.}"; mv "${1%.*}.${1##*.}" "$(md5 -q "$1").${1##*.}"' bash {} \;
This guy built a fully off-grid home and automated everything (climate control, water, sewage, solar power, etc.) using microcontrollers and firmware he developed...but get this: he started all this in the 80's, BEFORE cheap SoCs and personal computers.
So, all of the pivotal cultural things that came to define the 60s, 70s, and partially the 80s and are seemingly disconnected were in-fact all ACTUALLY incubated within like a 10 block radius.
No big deal, this is only *THE* standard hard drive encryption solution made by some no-name company (Microsoft) for their niche OSes. It's probably fine. Probably not very many government, financial, medical, and legal documents using it.
Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently relies totally on the SSD encryption if you have it. via
@ProfWoodward
Here is an archive of slides from ARM, explaining the Pointer Authentication exploit-prevention feature that they quietly snuck into ARMv8.3 last year this time.
Beethoven's Fifth starts as "ba ba ba buuum".
"ba ba ba buuuum" is "dot dot dot dash" in Morse code.
"dot dot dot dash" is the letter "V" in English.
"V" is the Roman Numeral "5".
Beethoven's 5th starts as "ba ba ba buuum".
I share this here cuz many of you knew him. At 1AM on 4June2019, Sammiches aka Spanky, aka Sergeant Spankx, used the last of his strength to crawl into my lap. He took his last breath at exactly sunrise a few hours later. He was 8 years old. He was my first dog.
Cybersecurity Irony:
Cybersecurity's first leaders were attracted to the field because it was a pseudonymous meritocracy. Your work stood alone.The anonymity and LACK of identity was liberating.
Now, the opposite is true. "Identity" and personal branding are the currency.
WANTED: a thin little "laptop" about the size of the old Mac Air (or thinner). Monochrome, eink, or character display. x86 or x64 for running modern Linux. USB charger. Wifi off switch. TPM. Can boot into "tty" mode and act like a dumb wyse/uart terminal. Days of battery.
Over the years I've been wary of the ESP8266 and ESP32 architectures (opting for MSP430 and ARM) but the form factor of this
@M5Stack
is undeniably close to a perfect platform for Hackers..
CANbus, i2C, SPI, UART, RS485, LORA, tons of GPIO... let the games begin.
People come to infosec thinking that knowledge of exploitation is tablestakes. It is not.
Exploitation is an art. And like an art, it can be self-taught or learned through apprenticeship. Or by rubbing up against other *real* artists.
But real artists are rare in this field.
Ok wow. BitWarden is an open-source "zero knowledge" password manager that syncs across all your mobile devices and desktop. BUT they take it a step further and released a docker container that allows you to host your own server if you dont trust theirs.
It has been 10 years since we reverse engineered the MS08-67 patch and published the FIRST public vuln PoC (which was used by the Confiker Worm authors). BUT, it has only been about a year since we got an angry email blaming us for the Confiker worm.
@aloria
I recently started explaining how "shift registers" work by asking "Have you seen human centipede?"... everyone was appalled...but they told me it IMMEDIATELY explained the concept and that they'd never forget it.
When I tweeted out about "USB Condoms" I was bringing as gag gifts for friends at Defcon/BH. I never expected it to go viral that weekend 5 years ago. It was the first circuit board I ever designed. Lesson: share your side projects no matter how silly!
An all-in-one machine-learning/deep-learning docker image with everything pre-installed (numpy, scikit, jupyter, matplotlib, et al). It is also highly compatible w/
@aureliengeron
's book & companion github repos )
When you start to really learn how all this technology *actually* works, you become increasingly amazed that all this technology actually works at all.
Exclusive: Aspartame, one of the world's most common artificial sweeteners, is set to be declared a possible carcinogen next month by a leading global health body, pitting it against the food industry and regulators
Been looking for a ultraportable monitor for a while now. This wierd off-brand one was the only one I could find that was USB bus-powered but with real hdmi/vga (requiring no sketchy drivers like all the others). Got. Love it. HIGHLY recommend.
Everyone is being forcibly shown the room temperature superconductor. If real, most still shrug it off. Here is a demo of superconductor "quantum locking" aka "quantum levitation".
Ok so now imagine the superconductor didnt need to be cooled.
(credit: )
We put down some thoughts on how this SuperMicro hardware backdoor may work (based on how we've been able to build hardware backdoors). Also ruminations on supply-chain security. Starts off for laymen, ends pretty technical.
"Impervious Implants & the Splintery Supply-Chain" What are implants? how do they work? And our opinion on how this recent one likely works. A longish-braindump from our team.
Jet lagged in a hotel in Germany and learned they have a TV station called Bayern that plays a show called "Space Night". It plays downtempo/triphop on top of astronomy videos all night every night commercial free. Wow Germany.
Ok Joplin is amazing.
Wiki meets Trello, Evernote, GitHub Gists.
Stores your notes in Mardown.
Supports clientside wiki encryption.
Can "backend" to DropBox, WebDAV, etc.
Or you can host it.
Apps for iOS, Android, Windows, Linux, OSX
(Thnx
@Dr_n0psl3d
!)
We've built a simple convolutional neural network to do a really cool kind of detection. We are likely going to open-source it (cuz it's also a banger of a learning tool). Will likely release it as a module of our Discovery app. Can't WAIT to show everyone
Not sure what's on your network? Now you can build a searchable, human-readable inventory of all your things...from raw network data.
From your desktop. For free! Senrio Discovery is now available for OSX, Windows, and Linux!
🙏Please oh please let this become a thing.🙏
You thought insecure copypasta code was bad?
Vulnerability researchers gonna be partying like it was 1999 again.
This is just insane…
My GPT-4 coding assistant can now:
- build and design a frontend
- create a backend with working db
- correctly hook them up
- upload code to GitHub
- deploy it to Vercel
I can now build *complete* apps with nothing more than my voice.
The future is here!
In 2016 Adam Curtis (BBC) released a revealing documentary called "Hypernormalization". Covers everything from Russia to 9/11. Rare perspective. Eye-opening. The full film is free on youtube and
Here is the segment on Blackrock's Aladdin. the "system"…
It took a few mins of being back on Twitter to remember why I'd been away for a couple weeks.
It really is...just aweful these days.
RIP infosec twitter.
My 2.5 year old daughter is enamored with the original Robotech. Absolutely obsessed. She just chose it over Dora The Explorer.
"Christmas came late this year" I whisper solemnly to myself, wiping away a single tear of joy.
I will not go there on a boat
I will not go there with a goat
I will not go there on a train
I will not go there on a plane
I will not go to some events
...the ones that evoke sad laments
I will not go to these...no way.
I will not go to RSA.
--
@natashenka
22Apr2015 (w/ edits)
Why is there not a "Github" for legislation.
So we can see line-for-line "track changes" on bills.
See who changed what/when.
We could watch them push 3,000 page bills just a few hours before the vote.
Where are the TikTok video demos showing AI summarizing 1,000+ page bills?
Ok, I think the
@M5Stack
might finally be the perfect little Hardware Hacking platform everyone has been searching for. Modular. Sharable. Imagine the PocketCHIP, GoodWatch, TI Chronos, Teensy, Aduboy, and MetroM0 had a lovechild. (Shame it's ESP32 tho :)
Thanks
@Dr_n0psl3d
!!!