I would like to thank the chairs for letting us use heart emojis in the paper title. I think this is a very important step forward for academia and research. Can't wait to use "👀" for related work and "🤨" for limitations on the next one

Quote Tweet

Mathias Payer

@gannimo

Mar 1

Are you working with stubborn aarch64 code? Check out @cyan_pencil's upcoming @USENIXSecurity #SEC23 paper on efficiently rewriting ARM binaries. Insight: using heuristics for optimization on a safe baseline is key! nebelwelt.net/files/23SEC3.p Comments welcome!

Are you working with stubborn aarch64 code? Check out

@cyan_pencil

's upcoming

@USENIXSecurity

#SEC23 paper on efficiently rewriting ARM binaries. Insight: using heuristics for optimization on a safe baseline is key! nebelwelt.net/files/23SEC3.p Comments welcome!

112

Mystiz strong

Samuel Tang is at mystiz at infosec dot exchange

@mystiz613

Feb 26

Ranked the 0th in

@acsc_asia

. 😲 I am neither qualified with my age or my nationality, but this is a really interest CTF anyways.

RBTree

@RBTree_

Feb 26

If you have a solution on SusCipher which works w/o the knowledge of the S-box and permutation layers, please let me know! I hope you enjoyed my challenges ❤️

The other one is SusCipher from this ACSC 2023. I intentionally put some backdoors in the cipher, and my solution works by using them. But there are various ways to break it by exploiting some of these backdoor properties. I'm gonna explain the official solution next week.

I made two block cipher challenges recently. First one is Blocky, about breaking a AES-like custom cipher implemented over GF(3^5). I thought there must be a decent technique which can be applied to this custom cipher, but I couldn't find a way to do so. 😢

PbCTF's FlipJump1, 1.5, 2 writeup qwerty-po.tistory.com/2

@pb_ctf

Thanks for great CTF!

qwerty-po.tistory.com

PbCTF2023

1. Overview I participated in this CTF as a PLUS, 10th. Among them, I solved FlipJump1, FlipJump1.5, and FlipJump2 and plan to write a writeup for them. 2. FlipJump1 (29 solved), FlipJump 1.5(11...

The code is here: github.com/pr0cf5/move-by

Thanks for participating in

@pb_ctf

! I was a guest challenge author and made "remake", a hyperelliptic curve challenge based on

@theoremoon

's SECCON 2022 Finals challenge, "hell". It had 4 solves.

The former SEGA turned “GiGO” arcade building 4 in Akihabara that closed down last year will become a Bandai Namco arcade! Before ➡️ After

750

2,537

읽기 27.8GB/s 쓰기 25.7GB/s가 나오도록 삼성 990PRO SSD 8개를 RAID0로 짜서 AMD Ryzen Threadripper PRO 5995WX, 256G RAM 기기에 연결해보니 4K RAW 영상을 10 스트림 동시에, 혹은 니콘Z9으로 찍은 8.3K RAW를 1화면에 8개 띄우고 편집 돌려도 쾌적하더라…는 결과.

akiba-pc.watch.impress.co.jp

リード27GB/s超え！SSD 990 PRO×8 RAID搭載のモンスターマシンは8K RAW動画も軽々編集OK 64コアのRyzen Threadripper PRO搭載のハイエンドワークス...

　今回編集部にやってきたのは、ツクモのBTO PC「ワークステーションモデル WA9A-D223/WB」を超豪華仕様にカスタマイズしたハイエンドPC。

who wants osint ctf challenges 🤔

RBTree

@RBTree_

Feb 16

I'm gonna recruit some people who may want to discuss with my ideas after the CTF...

Suffered for a loooooong time to solve my challenge and just realized that there's a cheese to solve it and it deserves nothing :sob:

It's finally happening! pbctf 2023 is here 🗓️ Feb 18th, 14:00 UTC to Feb 20th 02:00 UTC (36 hours) 🎁 A $10,000 prize pool Proudly sponsored by

@Zellic_io

ctftime.org/event/1763

書きました / author's writeup of my two crypto jeopardy challenges of SECCON CTF 2022 Finals; authenticator, and hell SECCON CTF 2022 Finals (international/domestic) 作問感想 - ふるつき

furutsuki.hatenablog.com

SECCON CTF 2022 Finals (international/domestic) 作問感想 - ふるつき

こんにちは。SECCON CTF 2019以来のオンサイトでありSECCON CTF 2019以来の決勝であるSECCON CTF 2022 Finals (international/domestic) が開催され、無事閉幕しました。私はSECCON CTF 2022 Quals から引き続きCTF WGとして作問に…

RBTree

@RBTree_

Feb 13

I really enjoyed challenges from this SECCON CTF finals! I hope we can win next year 😎

yay

寒ぃ

My old domain rb-tree.xyz will be expired soon. Good bye :cry:

RBTree

@RBTree_

Feb 4

Finally finished thinking out challenge ideas… It was full of pains. My crypto challenges in this pbctf will be fun, but not that difficult [1]. At least it will be better than my pbctf 2021 challenges which I just directly copy-pasted from some papers 🥲 [1] Maybe false.

2/2はkurenaifの誕生日！cat kurenyaif をお送り致しますまだの人はチャンネル登録、グッズ購入とかしてくれると嬉しいです！（ほしいものリストもよかったら|дﾟ)） youtube.com/channel/UCM--u utme.uniqlo.com/jp/front/mkt/s suzuri.jp/kurenaif amazon.jp/hz/wishlist/ls

RBTree

@RBTree_

Jan 29

Finally read a post from

@mystiz613

. both challs are super interesting

mystiz.hk

HKCERT CTF 2022 Postmortem (III): The Remaining Challenges

In the last part, I will include the two non-crypto challenges I wrote for HKCERT CTF 2022: Numbers go brrr and Minecraft geoguessr.

Code Lifespan xkcd.com/2730

1,857

11.7K

In this post I'll use CVE-2022-38181, a use-after-free I reported last year in the Arm Mali GPU driver to gain arbitrary kernel code execution and root from untrusted Android app. Not sure if the bug or the disclosure is more interesting:

github.blog

Pwning the all Google phone with a non-Google bug | The GitHub Blog

It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the...

145

372

か、かわいいいいいい！！！！！！めちゃめちゃきれいにかわいく描いていただいてありがとうございまます！！！😍

Quote Tweet

雨宮れい

@Rei_Amamiya_y

Jan 21

kurenaif（ #fwarashi ）さん！

Show this thread

RBTree

@RBTree_

Jan 15

코리안이 국내 보안 프로그램 취약점 찾아도 아무 일도 없던데 아 ㅋㅋ

enewstoday.co.kr

‘취약점’ 저격 당한 국내 보안업계 “국내 환경 이해 부족” - 이뉴스투데이

[이뉴스투데이 김영욱 기자] 세계 점유율 1위 광고차단 프로그램 ‘애드블록 플러스(Adblock Plus)’ 개발자 블라디미르 팔란트(Wladimir Palant)가 국산 보안 프로그램 취약점을 공개하며 국산 보안 솔루션 문제...

RBTree Retweeted

@decoder_it

Jan 10

We did it again with #LocalPotato! A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM. Tracked as #CVE-2023-21746 - Windows NTLM EoP Soon more details --> localpotato.com cc

@splinter_code

295

776

I spent New Years building GPTZero — an app that can quickly and efficiently detect whether an essay is ChatGPT or human written

1,431

6,652

34.5K

ZKPs can be *very* tricky! Read on to learn more about a subtle bug in Circom-pairing and how a Veridise audit managed to catch it:

medium.com

Circom-Pairing: A Million-Dollar ZK Bug Caught Early

This blog post is also available in the following languages: 简体中文.

134

RBTree

@RBTree_

Jan 4

I'm not sure it's true, but somehow it seems reasonable in some ways...

RBTree

@RBTree_

Jan 4

Prolly a good timing to discard RSA keys :P schneier.com/blog/archives/

I am happy to announce that I am going to be an author for the real World CTF this year... Also, I heard that

@Strellic_

is up to something too👀. Come and play it this January 6th because the challenges are going to be🔥 #ctf #bugbountytips

Quote Tweet

Real World CTF

@RealWorldCTF

Jan 3

We are glad to announce that The 5th Real World CTF held by Chaitin Tech is about to start. Online Jeopardy will still be the game model.More information can be found in our Website(realworldctf.com), CTFtime(ctftime.org/event/1797). Looking forward to having you on board

2022 회고 및 2023년 목표

우울함의 고리를 끊으며 작년 회고 글을 보니 엄청 힘들었던 거 같습니다. 사실 이 상태가 올해 들어서도 많이 나아지지 않았었는데, 훈련소를 다녀온 전후로 뭔가 깨달음이

Security Engineering Internship application will be open soon! Please apply 📝! careers.google.com/jobs/results/1 (Ping me if you are interested in speculative execution bugs or virtualization security)

careers.google.com

Build for Everyone - Google Careers

Careers at Google - find a job at Google. Look inside engineering jobs at Google.

279