Stefan Gast

PhD Candidate in the CoreSec group at #TUGraz, focusing on side-channel security. Apart from that, I also post #Linux and #privacy related stuff.

Opinions posted here are my own and do not necessarily reflect those of my employer.

Stefan Gast boosted:
2025-06-14

Hola again graphics peeps! 😊

I found myself with enough bits and pieces related to text rendering to warrant a write-up. So here it is! 😱

osor.io/text

Spiced up with direct vector rendering, sub-pixel anti-aliasing, run-time atlas packing, temporal accumulation, and more!

I hope you enjoy it! 🧡

Stefan Gast boosted:
Hannes Weissteinerhweissi@infosec.exchange
2025-06-13

I am happy to announce that my first paper has been accepted at USENIX Security!

We propose TEEcorrelate, a mitigation that statistically decorrelates reported performance counters from real ones during TEE execution.
It protects against fine-grained performance-counter attacks on TEE's, while keeping coarse-grained trends intact for legitimate use cases.

hannesweissteiner.xyz/pdfs/tee

Thanks to Fabian Rauscher, @supersingular, Jonas Juffinger, @notbobbytables, Jan Wichelmann, Thomas Eisenbarth and @lavados for the great collaboration!

Stefan Gast boosted:
Bailiff of Gradecalekov@fosstodon.org
2025-06-10

Today my hometown was shaken to the core by unspeakable horror. A frenzied attacker and former student shot eleven people including himself at a grammar school. My deepest condolences to the bereaved.

orf.at/stories/3396391/ (GER)

#graz #amok #graz1006

Stefan Gast boosted:
Nikolaj SchlejCodeRush
2025-06-10

The embargo is over, so here it is: coderush.me/hydroph0bia-part1/

I can't stress the "NEVER USE NVRAM AS TRUSTED STORAGE" part harder, but now we all have a very nice example of a thing to not ever do, or have your SecureBoot and FW updater signing being vulnerable to all people who can set non-volatile RT variables by calling a dedicated OS API.

Stefan Gast boosted:
2025-06-09

Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit.

bleepingcomputer.com/news/secu

Stefan Gast boosted:
Zack Whittakerzackwhittaker
2025-06-09

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account.

TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

techcrunch.com/2025/06/09/goog

Stefan Gast boosted:
2025-06-09

DIMVA '25 takes place in Graz this year!
It’s the 22nd Conference on Detection of Intrusions and Malware & Vulnerability Assessment.

Check out the @DIMVAConf program and register now:
dimva.org/dimva2025/

#DIMVA25

Stefan Gast boosted:
Linux Kernel Securitylinkersec@infosec.exchange
2025-06-09

Bypassing MTE with CVE-2025-0072

Article by Man Yue Mo about exploiting a page use-after-free vulnerability in the ARM's Mali GPU driver in the code that manages userspace-mapped pages.

Author published an exploit for this bug that disable SELinux and gains root privileges on Pixel 8 running from the untrusted_app context. The exploit is not affected by MTE.

Article: github.blog/security/vulnerabi
Exploit: github.com/github/securitylab/

Stefan Gast boosted:
Frederik Braun �freddy@security.plumbing
2025-06-09

Great research by folks from IMDEA Networks, Radboud University, Digital Security Group & iHub, and COSIC, KU Leuven on the "localmess" disclosure (localmess.github.io/).

We have always known that native mobile apps will maximize the data collection and use whatever the operating system gives them as long as it doesn't cause a prompt (and often times even if it causes a prompt). 1/3

Stefan Gast boosted:
2025-06-07
I tried to improve on @carrot_c4k3 's work to bypass Windows KASLR with a prefetch side-channel. I summarized my results in a new blog post, spiced up with some geek art:

https://scrapco.de/blog/visualizing-prefetch-infoleaks-to-defeat-kaslr.html
prefetch instruction timing noise visualized
2025-06-07

@rw Does not seem to be sandboxed properly, though. 🙂

2025-06-05

@mirren Boosted, of course, and best of luck! 🤞

Stefan Gast boosted:
2025-06-05

This is hard to write: My partner got ✨ eigenbedarf ✨ in his Munich flat. He lived there for over 10 years, always paid his rent on time, and adheres to my rather high cleaning standards. He's also quiet, a German citizen and overall a pleasant person. If you have any pointers on a flat in Munich, please let us know (:
(It's for one person; we don't live together and don't necessarily plan to do so. I visit about once a month, never longer than a few days).

Stefan Gast boosted:
2025-06-05

OMG, GSW is back!

Our annual summer school on cybersecurity will open its doors in September!
You can look forward to five days of interesting talks, practical lab sessions, and a big social event. 😎☀️
📅 September 1st–5th, 2025

📍Aula, TU Graz, Rechbauerstraße 12

Register now!
securityweek.at/

Stefan Gast boosted:
2025-06-04

🚨 #Messengerüberwachung in #Österreich

"@rene_mobile von der Universität #Linz sah die von Regierungsseite gewollte #Überwachung nur möglich, wenn #Sicherheitslücken genutzt würden, die man quasi staatlich fördere. Es werde damit in IT-Unsicherheit aller Geräte investiert, anstatt diese laufend zu verbessern."

👉
orf.at/stories/3395791/

Stefan Gast boosted:
2025-06-04

Content-Type: text/shitpost

Stefan Gast boosted:
Vorinstanz :mastodon:Vorinstanz@social.tchncs.de
2025-05-31

#Messenger -Überwachung in #Österreich... Kritik an breiter Front #Datenschutz

orf.at/stories/3395340/

Stefan Gast boosted:
2025-05-30

Local vulnerabilities in Kea DHCP

lwn.net/Articles/1023093/ #LWN

Stefan Gast boosted:
2025-05-30
"[Qualys] discovered a vulnerability in apport [...], and a similar vulnerability in systemd-coredump [...]: a race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"

https://www.openwall.com/lists/oss-security/2025/05/29/3

CVE-2025-5054 CVE-2025-4598

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst