JavaScript is not available.

github.com/googleprojectz

Sep 24, 2018

I finally wrote a small tool I've wanted for a long time: A parallel testcase minimizer. It's called halfempty, and I'm already finding it useful as part of my fuzzing workflow. /cc

@lcamtuf

435

1,416

FYI, I decided to report this to the FTC Inspector General. I doubt anything will happen -- too much time has passed, but I believe there was very clearly misconduct involved when I was threatened with criminal action on behest of friends at Cloudflare. 🤷‍♂️

Quote Tweet

Sep 5, 2022

I've been told something improper may have happened here. Thank you, I'm looking into it. twitter.com/taviso/status/…

102

Compiler Explorer - C (x86-64 gcc 12.2)

Jan 12

Is some state be leaking across a context switch? ...from where? 🤷‍♂️

Weird x86 Question: I've been tracking down flakey in a checkpointing library. It turns out XINUSE flags seem to be changing non-deterministically... what is causing that? (click recompile ↻ and notice the number of tests change) godbolt:

godbolt.org

#if !defined(__AVX__) # error You must compile this with -mavx to get the needed intrinsics #endif struct i387_fxsave_struct { uint16_t cwd; /* Control Word */ uint16_t swd; /* Status Word */...

I think it never been archived, but I found a demo version in a shareware archive. I wasn't sure if it would work in the UNIX version, but it does seem to! It's an interactive puzzle game built with 1-2-3 macros... amazing lol😂 3/3

I've been reading back issues 😆 In the December 1987 reviews section it mentioned "Templates of Doom" - a text adventure game that runs inside a spreadsheet??? This was a real game you could buy for $49.95?? 2/3

Section of an article about "Templates of Doom"

read image description

ALT

read image description

ALT

I've mentioned before I'm a Lotus 1-2-3 history nerd. In the 80s there was a Lotus magazine. Yeah, a monthly print magazine about spreadsheets... believe it or not, it had a respectable 8 year run lol. 🧵1/3

Three covers of Lotus magazine.
The first features a bearded man leaning on a monitor displaying a DOS spreadsheet. There is a flask of beer to the side, the headline reads "Distillery thrives with 1-2-3".
The second has an illustration of a circus, the headline is "A carnival of features".
The third has an illustration of a suited man parting a sea to reveal some forms. The headline is "17 tax tools put you in charge".

read image description

ALT

107

Fuzzing the Shield: CVE-2022–24548

Daejin Lee

@dj_s2w

Dec 13, 2022

My first blog post about analyzing windows defender is out! Fuzzing the Shield: CVE-2022–24548 -

medium.com

Author: Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang

194

487

Dec 14, 2022

Hey Windows admins, I found this Word doc that makes the Windows Search Indexer use 100% cpu forever lol. I'm curious what happens if you upload it to SharePoint....? 🙈 virustotal.com/gui/file/53f44

606

Seth Jenkins

@__Roguebantha

Dec 8, 2022

Excited to announce my first ever P0 blogpost is now public! It details a new exploit strategy on Linux kernel that Jann and I worked together to invent. Thanks to everyone on the P0 team for giving me the opportunity to achieve this dream! googleprojectzero.blogspot.com/2022/12/exploi

104

319

Adam 'pi3' Zabrocki

@Adam_pi3

Nov 30, 2022

"It exploits CVE-2021-42298, a bug in the JavaScript engine of Microsoft Defender Malware Protection that was fixed in November 2021." Good time to quote

twitter.com/taviso/status/ blog.google/threat-analysi

Quote Tweet

Feb 19, 2018

Replying to @taviso and @martijn_grooten

Here is the problem, if antivirus *just* didn't work, nobody would care. The problem is it doesn't work *and* makes people with targeted attackers unsafe. If you fixed that second problem, fair enough. But is there *any* vendor in your industry who will implement sandboxing?

I'm looking for a new watch, but should I go homebrew, retro or hybrid? lock.cmpxchg8b.com/watch.html

Nov 10, 2022

Hey, help me codegolf this! 😂 c='children';[...document.querySelectorAll('div:has(>svg[aria-label="Verified account"])')].filter(b=>{for(p in b)if(p.match(/^__reactP/))return b[p][c].props[c][0][0].props.isBlueVerified}).map(b=>b.style.backgroundColor='red')

GuidedHacking

@GuidedHacking

Nov 7, 2022

bypassing anticheat is harder than bypassing EDR infosec is cucked by cheat engine users your entire industry is a joke

413

Nov 2, 2022

Dang, wish I had! I was too excited and sold after the market realized

@bw

had been had 😂 (also, still no retraction lol)

Quote Tweet

alex lanstein

@alex_lanstein

Nov 2, 2022

Replying to @taviso

did you happen to hang onto $smci?

Oct 31, 2022

This sounds like a Halloween story, but I got an email with just an audio attachment. I don't speak the language, so fun opportunity to try out #whisper translation, right? Well, it was just creepy gibberish...🎃 This better not be like that tape from The Ring 😂

Machine transcription of an audio file in an xterm. The first line is "Yesterday I asked for a needle, how much do you need to go to lose the blood?"

read image description

ALT

Oct 28, 2022

Interesting bug of the day, user reported some code was hanging if they had recently rebooted. Turns out it was calibrating a delay loop using times().... which counts ticks since "(2^32/HZ) - 300 seconds before boot time", 300 seconds after boot it started working fine 😂

123

Oct 16, 2022

Here are full details from Alex twitter.com/alexstamos/sta

This Tweet is unavailable.

Interesting question for exchange admins! There's a discussion about whether a heavily redacted video of an email is authentic. In the video (3:47), part of a Thread-Index is briefly visible. The timestamp is a week later than the Date header, is that possible?

180

I found this old screenshot of my desktop from 2003. That's fvwm on Linux. For some reason I really wanted it to look like QNX photon! 😂

Screenshot of a Linux desktop. Xmms and a terminal is open.

read image description

ALT

239

Oct 3, 2022

The remind(1) man page turned out to be quite an adventure, there are sections explaining how the Hebrew calendar works and how to calculate with nautical and lunar events, etc... surprisingly fascinating! 😂

I've been reading man pages on my kindle lately, it works great! I think the secret to getting something readable is MANROFFOPT="-rS12 -rIN=0.25i -dpaper=a5 -P-pa5" man -Tpdf page > page.pdf

Photo of a Kindle displaying a UNIX man page for the remind(1) command.

read image description

ALT

260

I asked on an Archimedes fan forum, other people report a different starting location, and there is YouTube footage confirming that. Now I'm thinking it's maybe punishment if an anti-piracy check fails? Totally evil if true 😈 3/3

Screenshot of a youtube video playing the game UIM, the current location is hilighted and "Suspected punishment start location" is written in red text.

read image description

ALT

Screenshot of a youtube video playing the game UIM, the current location is hilighted and "Suspected correct start location" is written in red text.

read image description

ALT

Except... something isn't right, it's like the most boring game of all time. The starting location requires hours and hours of grinding math heavy trading runs to escape...I was a nerdy kid, but there is absolutely no way I had that much patience? 😂 2/3

screenshot of riscos with icons visible and the "UIM" game manual open. The icon bar is visible along the bottom of the screen, similar to the task bar in Windows.

read image description

ALT

When I was a kid my friends and I played this rare Archimedes game called U.I.M. together, it was like Elite but with submarines. Something about it just captured our imagination 🤷‍♂️ I found a copy on archive.org and decided to replay it! 1/3 🧵

0:54

3.3K views

Hat-tip to

- you can extract a slice of an array in GDB, e.g. (gdb) print my_array[50] @ 10 will show ten elements starting from element 50. You can even watch a slice of an array (though if it's too big GDB will fall back to horribly slow software watchpoints)

It does make very nice output if you can figure out the right options though!

The par(1) man page is something else... I just wanted my comments wrapped nicely and I need one of those b0rk explainers lol.

Using standard sh only, and without cheating (cheating = perl, cc, dpkg, cap_dac_*, etc), how do you fix this? There are lots of correct answers, it's just for fun 😛

Quote Tweet

Sep 19, 2022

Replying to @singe

Another good one is `chmod 0 /bin/chmod`, it's funny but also a little puzzle

111

Sep 9, 2022

I paid to get this old UNIX manual printed... I may have underestimated the size lol

0:05

9.3K views

142

Brendan Dolan-Gavitt

@moyix

Sep 2, 2022

Turn on "-funsafe-math-optimizations"? Well heck, sure, I *love* fun, safe math optimizations (via

@torresariass

)

219

Sep 5, 2022

I've been told something improper may have happened here. Thank you, I'm looking into it.

Quote Tweet

Sep 3, 2022

Replying to @k8em0

True story: After cloudbleed, cloudflare literally lobbied the FTC to investigate me and question the legality of openly discussing security research. How come they're not lobbying their DC friends to investigate the legality KF?

Sep 5, 2022

Hahaha, someone actually sent me a working Lotus 1-2-3 exploit 😂 github.com/taviso/123elf/

672

raptor@infosec.exchange

@0xdea

Aug 29, 2022

Still catching up with P0’s old blog posts. This one by

is a real gem 💎 Down the Rabbit-Hole… googleprojectzero.blogspot.com/2019/08/down-r github.com/taviso/ctftool

Zoom RCE via XMPP Stanza Smuggling

Ivan Fratric

@ifsecure

Aug 29, 2022

Video demo of a Zoom remote from my Black Hat talk:

youtube.com

Video demo from my talk "XMPP Stanza Smuggling or How I Hacked Zoom" at Black Hat USA 2022

Aug 27, 2022

I tried out imhex, it is a really good hex editor. I really like hiew, it's absurd how powerful it is, but it has a very steep learning curve. You can get started in imhex really quickly. I know about 010 -- hiew and imhex are both better imo! 😛

122

Aug 26, 2022

I've been using the .stabs directives in GNU as to put the symbols back into stripped binaries, I think it's a neat trick! I wrote an article about using it to debug old UNIX binaries in gdb! lock.cmpxchg8b.com/symbols.html

267

Greg Law

@gregthelaw

Aug 15, 2022

GDB Tips: To get the best of both, use -Og while compiling. This gives a good debug experience while optimising to keep the program running (reasonably) fast. -g3 -Og gives an even better debug experience with the benefits of -Og!

🤷‍♂️

I emailed

asking about the suffix. I didn't expect any reply but they did respond... claiming that they have trademarked the letter L 🤔 (I'm not making this up!).

GIF