Fuck Cancer.

Some mornings I wake up and can't believe my job is to hack stuff. It's the absolute best. Late 90's me didn't even realize this could be something I could get paid for one day and I'm eternally grateful that our industry was created.

Where can I find a discussion of Reed-Solomon in the presence of malicious share holders? Given modification capabilities over some subset of shares and knowledge of the encoded message, is message modification possible? What’s the computational burden?

no name Dataflow Security the truth is techniques are now more important than single bugs and techniques are too rare to burn in a jailbreak, sometimes even when 1day

Hey so my friend @kclawder works with @UnhousedSTL amd they do a lot of great stuff for our city, and it's getting cold early this year, folks. I'm donation matching up to $1500 for them this week. Just DM or @ me a screenshot of your donation! unhousedstl.org/paypal

OH

For those of you that include source code in your reports written in Word, what are you tricks for getting the code blocks to look good and retain proper syntax highlighting? Can you share screenshots of what you consider "looks good" if you respond?

Ever have too many bugs? Me neither, but Jordan does. It happens so often he developed a bunch of tools to triage and analyze his pile of crashes using symbolic execution. Also, he’s got a training so you can too — check it out.

I have a feeling the “Disgruntled (Ex-)Employees” security threat is about to become very real for Twitter

🤿 Dive into #symbolic #execution and learn how to create custom analysis tooling, with Jordan Whitehead’s (Jordan Whitehead) “Practical Symbolic Execution for VR and RE”! 🎟️ ringzer0.training/trainings/prac…

Of course Elon Musk shut off access to superior 3rd party Twitter clients like Tweetbot by Tapbots… How else was he going to force us to read his shitposts? (Yes, I know, Twitter was likely losing money from the ad-free experience offered by 3rd party clients)

We're excited to see our ChromeOS paper go public! 🎉🥳 We did a deep comparative analysis of ChromeOS' security posture vs MacOS and Windows, with full autonomy to make our own independent conclusions. Paper: bit.ly/43rVzDz ChromeOS blog: bit.ly/3INZ1i7

So, if your debugger crashed in the API “task_set_exception_ports” or “thread_set_state”, try to use the boot args: sudo nvram boot-args="thid_should_crash=0 tss_should_crash=0"

Well, here's a goofy reverse engineering challenge I started a year or two ago and "polished" up last night (I'm sorry it's JavaScript but that's part of the point): gist.githubusercontent.com/justdionysus/d… Please solve it and let me know if it's dumb or boring.

Hey, for anyone who wanted to see this slide deck, it was a keynote about the 0day market, but it commented on public research vs saleable products. I have put it here: github.com/mdowd79/presen… // cc chompie Rodrigo Branco

Here's Chris' slides from his REcon talk on the DA1469x BootROM! bit.ly/3ztw8qe

We're excited to announce that Atredis is 100% employee owned and operated. Here's Shawn with a post about how we got there. bit.ly/4d85Icq

We recently identified a number of privilege escalation vulnerabilities in Lenovo Vantage on Windows; check out our latest blog for a technical deep dive buff.ly/eKMcZLg

Check out our latest blog from Matt Burch (Matt Burch) detailing new supplemental findings from his DefCon32 talk Where's the Money: Defeating ATM Disk Encryption: buff.ly/lBtjQe7

Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie buff.ly/yEWSICJ