Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
Great 20 minute talk by Robert Watson on CHERI If you're not familiar with CHERI, this is a good bite-sized primer video to watch :) Touches a bit on the Arm Morello board which should be really fun to play funhttps://vimeo.com/376177222
-
Lots of goodness in this 20 min talk by Matthew Parkinson from Microsoft Research Cambridge :) He touches on vulnerability mitigation, new safer language research (with Project Verona), and finer-grained compartmentalization (with CHERI)https://vimeo.com/376180843
-
Coin project milestone achieved: E2E automation that captures high resolution images of coins (both sides) Next milestone: polish things up and build a training set to produce ML model for coin recognition & grading Fun hobby project that
@adamcecc & I have been working on :) https://twitter.com/epakskape/status/1042295598295146496 …pic.twitter.com/P0Zvt9DwbuPrikaži ovu nit -
@JosephBialek also cited this in his CppCon presentation on killing uninit bugs :) Citations++ https://github.com/microsoft/MSRC-Security-Research/blob/master/presentations/2019_09_CppCon/CppCon2019%20-%20Killing%20Uninitialized%20Memory.pdf …pic.twitter.com/18vktdnMq7
-
-
Speaking of zero day trends... since 2015: Q1: How many zero day exploits for Windows CVEs worked against the latest version of Windows at that time? A1: ~40% Q2: If the exploit did not work against the latest version, why not? A2: ~66% did not work due to exploit mitigationspic.twitter.com/7bjMEULzaD
Prikaži ovu nit -
-
Inspired by
@jonmasters, the Son of Flynn track by Daft Punk is what I think sequential fuzzing of a nested switch statement might sound like :) https://www.youtube.com/watch?v=mqgEYRtWMJU …https://twitter.com/jonmasters/status/1145742825805553664 … -
Intel published an updated spec for Control-flow Enforcement Technology (CET) https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf …pic.twitter.com/ImagARBY9e
-
-
I just consider them to be exploitation primitives :)pic.twitter.com/VG0lvho40a
-
Recovered this hilarious relic from a 3.5" floppy today. 1700 lines of C++ I wrote when I was 12 (1995). I hadn't figured out functions yet, so it's one huge main function. Sweet features: a calculator, an "RPG", and an IRC simulator :)pic.twitter.com/w7wScMB0Wb
-
No spoilers ;) But even something like
@xoreaxeaxeax's movfuscator is likely to use all 256 bytes by default, e.g. here's the unique byte count for the primes example POCpic.twitter.com/vvqhKt5b2b
-
Here's the video recording for my presentation at
#bluehatil last week on "Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape"https://www.youtube.com/watch?v=PjbGojjnBZQ …Prikaži ovu nit -
Slide 7 acknowledges that this data only measures known exploits. It's fair to assume there are zero day exploits out there that we don't know about, but I assert that the economics around zero day exploitation have shifted to favor selective use and lower-cost attack methods.pic.twitter.com/2URXPkJHr4
-
Speaking of safe languages, I just finished reading Programming Rust and thought it was excellent, thanks
@snfernandez for the recommendation! Now to Rust all the things :)pic.twitter.com/BzoqJrUOAD
-
Q: are certain months more likely to have a security update that fixes a zero day? A: see chart Interesting, but prob not all that useful :) Maybe helpful for risk mgmt planning? Thoughts on causes for this distribution? Or uses for the data? Bonus points for creativity :)pic.twitter.com/UsqLWnKSzF
-
-
Armed with this, I was able to better visualize & reason about the impact of heap randomization in various scenarios. Moral of the story: ask for help, generalizations are good, and abstract modeling is fun
pic.twitter.com/83bs1ZJSrq
Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.