Qiling and Friends 3: Learn how to pwn EFI with Assaf Carlsbad and liba2k youtube.com/watch?v=BOFG5G…

[TALK ANNOUNCEMENT] Breaking SecureBoot with SMM Vulnerability by Itai Liba & Assaf Carlsbad insomnihack.ch/confirmed-spea… #INS22 #INSO22 #Talks

This is a really handy script to automatically create a ghidra project and import/analyse the target binary, by liba2k 🔥 gist.github.com/liba2k/d522b4f…

New on SentinelLabs! Part 5 of @Assaf Carlsbad & liba2k series on #UEFI security research. #smm #cybersecurity #infosec sentinelone.com/labs/zen-and-t…

Zen and the Art of SMM Bug Hunting: me and liba2k wrote yet another entry in our blog post series about UEFI firmware security. This time we cover SMM bug classes, discuss potential mitigations and reveal some tools & tactics we employed to uncover them. sentinelone.com/labs/zen-and-t…

Yet another batch of SMM vulnerabilities. Blog post to be published soon. support.hp.com/us-en/document…

In what seems like nearly perfect conjunction with the latest BINARLY🔬 disclosure, today we publish the 6th installment of our UEFI blog post series where we dissect 6 new vulnerabilities in HP's firmware that allow privilege escalation to SMM. sentinelone.com/labs/another-b… liba2k

Yesterday liba2k and I presented our talk "Breaking Secure Boot with SMM" at Insomni'hack. The slides, exploit code, and some additional resources are now online and available here: github.com/liba2k/Insomni… Thanks to everyone who attended, we hope to see you all again next time!

The talk that Assaf Carlsbad and I presented at #INS22 is up on youtube. youtube.com/watch?v=ge_TnL…

A device that no one REALLY needs, but fun project anyway. Here is my Caliper/Digital indicator WiFi adapter. github.com/liba2k/VINCA_r…

My project is on hackaday 😀hackaday.com/2022/10/17/cus…

New Tiny #tinyML #AIoT module M0S coming out~ Based on BL616, WiFi6+BT5.2+Zigbee, 384MHz #RISCV RV32GCP, 4MB Flash + 512KB SRAM, and USB2.0 HS in tiny 10x11mm stamp module! It would be <2$ ~

Happy Friday everyone! Want a ProcMon for macOS? Ever wish you had your own Endpoint Security client you could task? Want to peer behind the macOS EDR curtain? Have a go and let us know what you think! github.com/redcanaryco/ma…

If you like building platforms and infrastructure and want to get in on the ground floor of a cyber security startup doing AI and reverse engineering, DM me.

Machine Learning Meets Malware. If cognition becomes an API call and malware can be reverse-engineered by an LLM, then what’s left of “zero trust”? Caleb Fenton joined Patrick McKenzie for a chat on AI, nation-states, and the new front in software security. 🎧complexsystemspodcast.com/episodes/machi…

At Delphos Labs, we're building tools to automate reverse engineering, no source code required. Help shape what we build next 👇 docs.google.com/forms/d/e/1FAI… It takes just a few minutes. Anonymous unless you opt in. Thanks for your input! 🙏

Binary highlight: “Cyberpunk 7777 / QubePi” ELF. Text-menu game with hard-coded Postgres creds. Every login/chat/coord sent in clear on 5432—no TLS, no sanitization. Delphos auto-exposed the creds & flow in minutes. Sample: delphoslabs.com/uploads/26cc38… #ReverseEngineering

XZ backdoor (liblzma.so.5.6.1) fully exposed in minutes with Delphos Labs. Black-box binaries? No more. Traditional tools would still be unpacking. That’s software, verified.