I couldn't understand why AVX registers were randomly going back in time on Ryzen, turns out it's a known CPU errata 😬
lkml.org/lkml/2023/2/22
Follow
Tarjei Mandt
@kernelpool
Senior Security Researcher
Tarjei Mandt’s Tweets
Random thought. I wonder if has listened to any of ’s music. His artist albums are really good. Melodic death metal ftw.
2
3
Pulling this one from the vault… I’ll be presenting about my first ever project I worked on at Azimuth! I’m excited to share it, come check it out!
Quote Tweet
*Starfox* A Case Study in Exploiting Impractical Bugs
@mncoppola will walk through his first project at @TrenchantARC at the @MidnightSunCTF Conference.
Turning terrible primitives into a crazy Rube Goldberg exploit with reliable #iOS persistence as a side-effect. 
2
7
27
Some things never change 😆
Quote Tweet
Ok, it’s that time of the year again #nosleep
6
trenchant.io/expanding-the- finally up!
1
60
182
For the past 10 years, I have been honored to be part of a team with some of the best vulnerability researchers on the planet. Trenchant (formerly Azimuth) is always looking for elite research talent. DM me if you would like to join us.
2
14
45
It is so sad to see the history of the 2000 hacking culture slowly fading away. So many good stories gone, incredible exploits and learning lessons
7
12
99
Quote Tweet
That time I hacked a @Trezor and recovered $2 million... youtube.com/watch?v=dT9y-K
8
Weekend project
Quote Tweet
developer.apple.com/news/releases/ with our love, as usual.
7
Our brand new Twitter account is live!
Trenchant is the byproduct of the L3Harris acquisition of Azimuth Security and Linchpin Labs.
Check out our blog on trenchant.io!
5
20
The hardest aspect about hacking is not typically what’s technically challenging, but deciding what to hack first.
1
3
24
So, another IOMFB vulnerability was exploited ITW (15.0.2). I bindiffed the patch and built a POC. And, because it's a great bug, I just finished writing a short blogpost with the tech details, to share this knowledge :) Check it out! saaramar.github.io/IOMFB_integer_
34
388
980
DAWs such as Ableton Live and Logic Pro need an out-of-process plugin model. Third party plugins randomly crashing on a daily basis is pretty disruptive to your workflow.
4
6
72
156
A friend has started a community website for technical articles/discussions on various low level subjects. I hope to contribute some interesting articles here some time soon. Let me know if you would too: driverentry.com - has already done one!
3
44
126
Probably no better way to insult the French
1
1
Always think twice about your exploit strategy if you enjoy and appreciate power user features in your OS
Quote Tweet
Replying to @s1guza and @_saagarjha
On release kernels I think so yes. Blame the people who use it to detect when a zone GC happened :p
1
2
11
1
11
Not sure how many old school CTF players like me still out there, but if you want to waste 24 hours in March - linectf.me
LINE will host a CTF, it'll be fun and total $10,000 prize for beer money. Check out the schedule. Let's do some hacks!
1
33
82
A bit late to the game, but how did Norway not vote this song through to Eurovision?!
1
The nail in the coffin for the Australian tourism industry
1
I purposely designed a mechanism so that M1 Macs would retain the capability to boot completely arbitrary code instead of XNU if users wanted. But you have to 1) reboot to recoveryOS with a physical power button press and 2) put in your SEP-backed credentials.
Quote Tweet
Some more context to this: while a customKC (which is basically "something resembling Mach-O kernel file to transfer control to instead of the original kernel") payload is indeed unsigned, it's hash is still signed by machine-specific key, so chain of trust is preserved. twitter.com/never_released…
Show this thread
3
56
383
Show this thread
Pretty cool research by on user mode callback vulns in Windows GDI and user mode printer support. Nice work! i.blackhat.com/eu-20/Wednesda
25
72
Can’t wait for macOS-arm hands on next week. Most exciting hardware update since the iPhone 5S.
1
27
Investors willing to dig deep to break into iPhones
7
Suggestion: Apple employees should be required to download Xcode at least once over 4G mobile broadband before adding any more GBs to the installer size. #justapplethings
6
11
105
Possibly the most left field tweet you will read today...
Whoever is trying to send me Reindeer Salami from Norway, please be aware your goods have been assessed as a bio security risk and sent back to Norway.
222
182
1,743
I wrote a blog post about how Ultimate Mortal Kombat works:
2
17
41
Just pushed a major update to Psychic Paper.
People have informed me that platform-application is no longer enough to use platform task ports. But there's some tricks you can use with exception ports. I built a full message proxy on top of it:
github.com/Siguza/psychic
Quote Tweet
New blog post: "Psychic Paper"
The story of the best. Sandbox escape. Ever.
siguza.github.io/psychicpaper/
Show this thread
3
50
179
Show this thread