Bas Alberts

@basalberts

Recreational strangler & Parentheses enthusiast. Keeping exploit chains out of supply chains . Personal account.

Joined October 2010

Tweets

You blocked @basalberts

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @basalberts

  1. Pinned Tweet
    18 Nov 2019
    Replying to

    my floating point quality of life improved drastically when I learned to say "I-tripple-E" instead of "AYEEEEEEE" in conversation

    Undo
  2. 16 hours ago

    Code is a moving target and audits are never complete ... even though the initial audit bootstrap may be annoying for a large or complicated surface .. and you may come up empty that first pass, it pays dividends to your time to keep up with that surface continuously

    Undo
  3. Jan 31

    This sticker situation is escalating rapidly

    Undo
  4. Jan 30

    Does anyone remember any explicit (or highly suspected/suspicious) bugdoor attempts in OSS history besides the = vs == uid thing in the Linux kernel?

    Undo
  5. Jan 30

    TIL that the laf-intel comparison splitting strategy is eerily similar to how you used to bruteforce a static cookie with a repeatable 1-byte granular memory corruption primitive ... which makes perfect sense I suppose

    Undo
  6. Retweeted
    Jan 29

    Here's the bibliography for an automatic exploit generation talk I'm giving tomorrow. If you're looking for a reading list on the topic, this should have almost everything for historical context and state of the art

    Show this thread
    Undo
  7. Jan 29

    Can any of my friends at Apple go check the warehouse and guesstimate when they’re gonna run out of touchbars?

    Undo
  8. Retweeted
    Jan 29

    Hugely impressive amount of work in a very short amount of time. The github looks like a great resource for people to learn from:

    Show this thread
    Undo
  9. Jan 29

    Confused xdev sitting in SCIF: “but it said you offered remote work in the ad!” ... “correct, now get to it”

    Undo
  10. Jan 28

    Bonus points for the Wargames references

    Show this thread
    Undo
  11. Jan 28

    Any advisory that contains the line “to overcome this limitation we drew inspiration from the Morris worm” in 2020 is pure gold. Team Qualys continues their retro onslaught vs OpenBSD.

    Show this thread
    Undo
  12. Jan 28

    Captain’s log, 01/28/2020: “turn it off and on again” is still the best advice for modern mobile device security

    Undo
  13. Retweeted
    Jan 27

    Finally, the disclosure is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs via cache eviction despite current mitigations: , Andrew Kwong, Daniel Genkin and

    Undo
  14. Jan 27
    Undo
  15. Retweeted
    Jan 27

    Today is my first day with !

    Undo
  16. Jan 26

    Who knew that changing ALL the things could be so liberating? Suspiciously optimistic about life ... even as the Dutch in me runs through all the nightmare scenarios on a mind-loop, the prospect of no longer being stuck in this Florida-man groundhog-day hellhole is amazing.

    Undo
  17. Retweeted
    Jan 23

    New blog post: The Life of a Bad Security Fix: We'll do more shorter-form blogs like this rather than just tweet into the void over several months about the journeys of bad fixes:

    Undo
  18. Jan 23

    You can catch the rerun of last night’s lightning talks here. TL;DR: fancy grep with CodeQL, backdoor grep with MSFT, Windows RPC wrapping for fun and convenience, and a game of “who’s SAML key is it really tho?”

    Undo
  19. Jan 22

    "New pwn, who dis?"

    Undo
  20. Retweeted
    Jan 22

    uLisp - ARM Assembler in Lisp

    Undo
  21. Jan 22

    In celebration of Nico’s use-after-freedom, make sure you tune in for some cool talks by some cool cats

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·