Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Darkarnium
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Darkarnium
-
Prikvačeni tweet
Note to self: No tweets before coffee.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Retweet for those in North America, and the those up early in Oz :)https://twitter.com/Darkarnium/status/1224338921603174406 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This is to say: Groups or individuals who become unofficial points of escalation for 'ghost in the machine' type issues. Similar to what occurred previously in organisations where network, compute, or build teams were ticketed for issues loosely related to their discipline.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DevOps and DevOps adjacent folks!
A quick question for those of you who work in, or with, teams who practice end-to-end ownership (where there is no SRE function, nor a standard 'platform'):
Have you observed the organic growth of 'linchpin' teams?Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"This morning I'll just reset and root an old test handset so I can patch out the SSL pinning in the Sonos Android Controller..."pic.twitter.com/v6pmLzQdzo
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Here's the code. It's janky, but it works. I'll add to the Sonor repository with the next push :)https://gist.github.com/darkarnium/fa7be5363de2cdfa0a08376fc57b2f9e …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I spent way too much time manually annotating the Kernel dumped from this Sonos device. This morning I realised I could just dump kallsyms from the target and automatically mark all procedures - including setting their names - with about 60 lines of Python. I am not a smart man.pic.twitter.com/BRqlNyOovz
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Darkarnium proslijedio/la je Tweet
the future of users not having control of their own systems is a cure worse than the disease
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A big thanks to
@LargeCardinal and co for their amazing work in putting on#BSidesLeeds, it was a brilliant event. It was also great to meet a few of y'all there :)Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Y'all should go and work with Phil, he's a good dude!https://twitter.com/pvachonnyc/status/1217575762083172352 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
For clarification: The software itself is far from a nightmare, Sonos have done an incredible job here. In addition, none of the issues with U-Boot have a network vector, nor do they work on a patched up-to-date retail unit. Just FYI. I'm not going to drop 0days on Twitter :')https://twitter.com/Darkarnium/status/1216135517663834112 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Darkarnium proslijedio/la je Tweet
<looks askance at security training programs>pic.twitter.com/7RvGFRMgij
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I've basically been a recluse as far as conferences go for the last year. So this year I'll try and do the opposite, starting with this month. I just managed to nab a ticket for BSides Leeds in a couple of weeks, so I suppose I'll see a few of y'all there :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Darkarnium proslijedio/la je Tweet
Now that Twitter has changed how it handles uploaded images, this unexpected behavior is perhaps more important now than before. Your challenge: Tell me what I've redacted from this image. (Anybody I've talked to about this so far is ineligible to play) It can be done w/o tools.pic.twitter.com/Gg4WXFBljR
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
An example of the process has been included in the Sonor GitHub repository. However, these should be considered 'scratch' notes at best right now...https://github.com/darkarnium/sonor/blob/master/devices/S18-One/KERNEL.md …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sonos Fun - Day 10: Gotcha! A shell in Linux land required unpacking the initramfs, modifying init, and repackaging. All sizes had to be kept identical due to the initramfs being embedded in the FIT. This is all despite code execution in the boot loader... What a nightmare.pic.twitter.com/vtN2oz4We3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Why is this interesting? Well, after hot-patching U-Boot we now have the ability to load from arbitrary memory locations. As a result, we can just SKIP the 'Sox' header and the 364-Byte signature, and boot the FIT image directly without any validation :D (2/2)pic.twitter.com/Na4arjsEpE
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It appears that Sonos may have created their own image format (Sox) which encapsulates a FIT image, and a signature. This gets verified by their custom loader ('sonosboot') before the image is loaded. This MAY be to prevent tampering, as FIT has its own checksum mechanisms (1/2)pic.twitter.com/lDL6iA5Chr
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
An additional hot-patch is required in U-Boot, as it looks like Sonos have patched setenv to disallow specification of bootargs - with the following message :')pic.twitter.com/vlatYLWkzz
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sonos Fun - Day 9: After dumping the Kernel a few days ago I've managed to get U-Boot to load it via TFTP. This allows for specification of the kernel command line without hot-patching U-Boot - which is slow. It also paves the way to boot a modified Kernel image ;)pic.twitter.com/Tn1Kl8LfKF
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sonos Fun - Day 8: Dumped the MDP from U-Boot - including the LUKS keys for the MMC... buuut the keys are ALSO encrypted. Decryption appears to be AES-GCM performed in the trusted world. Could it be? Hardware trust anchors in a consumer grade IoT device? WHAT IS THIS SOURCERY!pic.twitter.com/BawzLBNvbT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.