Matt Miller

@epakskape

Killing bug classes and breaking exploits as part of . Adding more entropy to the Internet.

Vrijeme pridruživanja: prosinac 2009.

Medijski sadržaj

  1. 5. pro 2019.

    Great 20 minute talk by Robert Watson on CHERI If you're not familiar with CHERI, this is a good bite-sized primer video to watch :) Touches a bit on the Arm Morello board which should be really fun to play fun

  2. 2. pro 2019.

    Lots of goodness in this 20 min talk by Matthew Parkinson from Microsoft Research Cambridge :) He touches on vulnerability mitigation, new safer language research (with Project Verona), and finer-grained compartmentalization (with CHERI)

  3. 15. stu 2019.

    Coin project milestone achieved: E2E automation that captures high resolution images of coins (both sides) Next milestone: polish things up and build a training set to produce ML model for coin recognition & grading Fun hobby project that & I have been working on :)

    Prikaži ovu nit
  4. 7. stu 2019.
    Odgovor korisnicima
  5. 24. lis 2019.

    BlueHat Seattle time

  6. 22. kol 2019.
    Odgovor korisniku/ci
  7. 23. srp 2019.

    Speaking of zero day trends... since 2015: Q1: How many zero day exploits for Windows CVEs worked against the latest version of Windows at that time? A1: ~40% Q2: If the exploit did not work against the latest version, why not? A2: ~66% did not work due to exploit mitigations

    Prikaži ovu nit
  8. 10. srp 2019.

    Found a picture of my rig from the 90’s

  9. 5. srp 2019.

    Inspired by , the Son of Flynn track by Daft Punk is what I think sequential fuzzing of a nested switch statement might sound like :)

  10. 23. svi 2019.
  11. 14. svi 2019.
    Odgovor korisnicima i sljedećem broju korisnika:

    You're in there too, Brandon :)

  12. 25. tra 2019.
    Odgovor korisniku/ci

    I just consider them to be exploitation primitives :)

  13. 22. ožu 2019.

    Recovered this hilarious relic from a 3.5" floppy today. 1700 lines of C++ I wrote when I was 12 (1995). I hadn't figured out functions yet, so it's one huge main function. Sweet features: a calculator, an "RPG", and an IRC simulator :)

  14. 15. ožu 2019.
    Odgovor korisnicima

    No spoilers ;) But even something like 's movfuscator is likely to use all 256 bytes by default, e.g. here's the unique byte count for the primes example POC

  15. 14. velj 2019.

    Here's the video recording for my presentation at last week on "Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape"

    Prikaži ovu nit
  16. 12. velj 2019.
    Odgovor korisnicima

    Slide 7 acknowledges that this data only measures known exploits. It's fair to assume there are zero day exploits out there that we don't know about, but I assert that the economics around zero day exploitation have shifted to favor selective use and lower-cost attack methods.

  17. 6. sij 2019.

    Speaking of safe languages, I just finished reading Programming Rust and thought it was excellent, thanks for the recommendation! Now to Rust all the things :)

  18. 4. sij 2019.

    Q: are certain months more likely to have a security update that fixes a zero day? A: see chart Interesting, but prob not all that useful :) Maybe helpful for risk mgmt planning? Thoughts on causes for this distribution? Or uses for the data? Bonus points for creativity :)

  19. 30. pro 2018.
    Odgovor korisniku/ci

    Except when referring to

  20. 20. pro 2018.

    Armed with this, I was able to better visualize & reason about the impact of heap randomization in various scenarios. Moral of the story: ask for help, generalizations are good, and abstract modeling is fun 😊

    Prikaži ovu nit

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·