New blog post "Google: Stop Burning Counterterrorism Operations"
My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it.
I lost a friend last week. Sophia was one of the most incredible people I’ve ever met in so many ways. I’m still trying to find the words, but her passing is nothing short of a tragedy. She touched so many lives and was a force in this industry. We miss you Sophia.
Time and time again I find relaxing with a notepad + pen, going to the gym, taking a walk, literally anything but sitting staring at a computer is one of my best work habits. 95% of my good ideas come during this time, and my stress is significantly reduced.
My team at Trenchant (formerly Azimuth) is hiring! If you’re a baseband or cellular researcher and want to work alongside some of the most talented hackers in the industry, send me a DM.
🌠🦊*Starfox* A Case Study in Exploiting Impractical Bugs
@mncoppola
will walk through his first project at
@TrenchantARC
at the
@MidnightSunCTF
Conference.
Turning terrible primitives into a crazy Rube Goldberg exploit with reliable
#iOS
persistence as a side-effect. 📲😎
Once again had an awesome time at
@hexacon_fr
! It’s quickly become one of my favorite conferences. Great people, great talks, great location, and the team at
@Synacktiv
did an amazing job organizing it
I’d rely on an LLM like an intern: where its output can only be an added benefit, where mistakes will reduce its effectiveness but not fail its purpose, where it’s low-cost to validate its results, for automation of tedious tasks, and as an “intelligent” source of randomness.
@udunadan
In many cases with modern VR you can’t just spend time and expect success. You need some sort of edge- a novel idea of how things can be broken, a deeper understanding of a subsystem, an unknown attack surface, or a unique exploit technique.
Really enjoyed reading this rebuttal. It touches on a topic I hope to write more about in the future, that offense and defense are both necessary and must exist in balance with one another.
New blog post: "The Case for Burning Counterterrorism Operations"
My thoughts on why defenders should always report exploits and operations, even when they originate from "friendly" entities. This follows the recent debate in the community.
I’m an LLM skeptic (for vuln research), but I enjoyed this discussion. I do not want one for bug detection, but there are some applications they’re well-suited for, either as a human aid or operating as certain components of certain tools.
@mdowd
@udunadan
In the hands of a skilled researcher, that’s absolutely true and spending a lot of time is usually necessary as a first step. But I think how you spend that time is a crucial factor, and your ability to later turn that mental model into unique ideas. A junior might burn a year on
I'm working through the
@newaetech
ChipWhisperer labs this weekend, and as a (primarily) software person it's just plain exciting performing hardware attacks like this.
Lab 2_1B uses power analysis to leak a password from a target MCU. By collecting power traces of login attempts, I could identify the single unique traces and programmatically brute force the password character-by-character.
@udunadan
I’ve always thought that talks should spend more time on the journey, not just the results. I want to learn about the failed ideas as much as the successful ones- the wrong turns and near misses. And the incremental building up of understanding about a target.
@mboehme_
I’m not on the LLM hype train. But I think it might have interesting applications in mutation or testcase generation in fuzzing. I’d otherwise rather invest in better static analysis tools.
I have acquired the fabled NSA "FURBIE ALERT" memo.
I have a significant amount of documentation that came back on an FOIA and I'll be scanning it in the coming days.
Stay tuned.
If you're interested in the ethics of drone warfare, I highly recommend the movie "Eye in the Sky." It does an impressive job showcasing the moral, legal, and operational calculus surrounding collateral damage in a neutral manner. (Also, Aaron Paul)
@udunadan
The thought process and approach that led to success is one of the more valuable things a researcher can convey, rather than just a list of dead bugs.
@guyru_
@0x41con
A few thoughts:
1. If the seller thinks that exploitation is viable, why would they sell it as a primitive for a (much) smaller amount?
2. Lag time between primitive offer and exploit delivery introduces risk when buyer's needs and market availability can shift rapidly. Unless a
@HollaWaldfee100
1/ With new codebases I start by scanning for dumb traditional bugs (e.g. overflows, basic logic bugs). I know where user input starts but I don’t know how the code works yet and I’m making lots of assumptions along the way.
Finished reading ‘Battle of Wits’ - it’s a phenomenal, unexpectedly hilarious, book about British and US codebreakers in WWII. There are tons of parallels between 1940s cryptanalysts and hackers today, decades before anything even resembling a modern computer
Finally learned z3 this weekend to solve a puzzle at MIT
#MysteryHunt
. It’s a seriously cool tool (and way easier than expected) and I regret not learning it sooner