🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

No surprises here, but CrowdStrike confirms Tavis Ormandy's analysis, that the bug was indeed not due to a NULL-pointer deference 🧠 ...but rather "an out-of-bounds memory read"

I wasted a bunch of time trying to figure out why xterm starts so slowly on Windows... and solved it with a dumb LD_PRELOAD hack 😆 lock.cmpxchg8b.com/slowterm.html

This morning, we published the Root Cause Analysis (RCA) detailing the findings, mitigations and technical details of the July 19, 2024, Channel File 291 incident. We apologize unreservedly and will use the lessons learned from this incident to become more resilient and better

CrowdStrike This 100% matches our/Tavis Ormandy's conclusions derived from analyzing the crash report/disasm 🧠 RAX: input pointer array R11: index (0x14/20d) Accessing Array[20] retrieved the 21st item (as arrays are 0-based). This returned an invalid memory address that 💥'd when deref'd!

Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU😀

Hey! I made a game in Bash with raylib! It's a "bullet hell" game featuring beloved penguin Tux vs an evil mutant Window! Bash is a simple scripting language, so simple it doesn't have floating point variables/arithmetic! So how was this game possible? 👇

welp, it looks like an OEM leaked the patch for "AMD Microcode Signature Verification Vulnerability" 🔥 The patch is not in linux-firmware, so this is the only patch available😡

Fuzzing Windows Defender in the Honggfuzz+IntelPT (hardware) mode scrapco.de/blog/fuzzing-w… by @[email protected]

The recording of our OffensiveCon presentation about EntrySign is live! youtu.be/sUFDKTaCQEk Slides at entrysign.top Eduardo Vela spq

Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have