🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Da uma lida lá pessoal, deu trabalho escrever kkk, e fica ligado q logo tem mais posts sobre browser internals

XSS 2 RCE on Flipper Zero Got RCE through an XSS on lab.flipper.net , here's the writeup thread github.com/caioluders/poc… (PoC Video, printing 1337 on the flipper screen)

Bugs properly reported, time to go drink and celebrate all the blessings of the year, pray for the dreams to keep coming true and for health to family and loved ones. And for peace in the world.

Apparently naming bugs really works on getting attention. So much that the name becomes the focus and folks fail to realize it is literally just a parody. Our industry is doomed.

It turns out that the user-mode spectre-BTI mitigations were slightly broken since four years ago when they were introduced in prctl syscall... github.com/es0j/CVE-2023-…

This finding by Esoj and I just demonstrates how much the side channel issues are still misunderstood.

So, Esoj and I found another linux kernel spectre v2 mitigation problem (lkml.org/lkml/2023/2/20…). At this point: is there anyone who actually care? No one is testing?

Google embargo on another linux kernel issue found by Esoj and I finally lifted... here is the advisory: github.com/google/securit…

Found some Spectre-v1/MDS gadgets in the Linux kernel at work with Alexandra Sandulescu, including one in ‘copy_from_user’ 😁😁 github.com/google/securit…

Novo artigo em parceria com Mente Binária (ONG) ! É sobre segurança de OAuth 2.0! Confiram! Está bem legal! Autor: @vrechson.bsky.social mentebinaria.com.br/artigos/segura… Toda a produção da parceria está em epicleet.team/articles Se quer ler algo específico nos nossos artigos, comenta aí!

In RET2ASLR we can leak ASLR from the BTB in under a minute. Plz use the speculation control feature for userspace applications dealing with sensitive data. docs.kernel.org/userspace-api/…

The slides for my keynote at Hardwear.io are available (as all others) - it has a few less known stories on uarch/HW security: bit.ly/HardwearKeynot… hardwear.io

The video for the talk is available. I hope folks enjoy and feel free to send me feedback, comments, criticisms (privately or publicly, either way is welcome!)

Tavis found a fascinating architectural CPU bug 🐞

Explorando técnicas de engenharia reversa em jogos: blog.gris.dcc.ufrj.br/blog/2023-08-0…

Junte-se ao GRIS: Se você é estudante ou entusiasta da segurança da informação e deseja participar ativamente de pesquisas inovadoras ou competições de CTF, o GRIS é o lugar certo para você. Link do forms - docs.google.com/forms/d/19Cffu…