PhD Student at QwietAI and TU Berlin
Capturing Flags for ENOFLAG
I'm over at blueksy, come say hi!
preferring ui/ux over any mastodon (and its clients) and also more peeps from my non-infosec bubble made the switch from the that other site to bsky than to there.
but I know there are still some awesome people mostly here, would love to see you on the other side!
I talked to @jackrhysider for an episode of his podcast Darknet Diaries that tells the Welcome to Video story from my book, TRACERS IN THE DARK.
Jack says it’s the darkest episode he’s ever done. But as in the book, it has—to the degree it’s possible with this kind of story—a happy ending.
Our application window for security engineer interns will open very soon: https://careers.google.com/jobs/results/139765941031314118/ apply and come spend some time in Zürich at an amazing workplace with fantastic colleagues. Reach out if you have any questions, and don't wait to get your application in!
Infosec Christmas read
I love it when a real life story is more captivating than any thriller could be.
The Android Team has open sourced our internal Rust Training! It's a four day course covering the full spectrum of Rust, from basic syntax to advanced topics like generics and error handling. It also includes Android-specific content on the last day such as:
- Building Android components in Rust.
- AIDL servers and clients.
- Interoperability with C, C++, and Java.
@stacksmashing @G33KatWork what happened to that Hack-a-Sat cubesat? :D
We are looking for a PhD student and a PostDoc to join our new research group at BIFOLD and TU Berlin! Both positions will explore the combination of machine learning and security. They are fully funded. More information is available at https://mlsec.org/jobs/#jobs
This modified version of the famous ‘turn #chatGPT into a pretend Linux system’ prompt is also my prototype for a product that will sell millions.
@dennisfaucher @malwareunicorn those are nice, for art in general I prefer midjourney
I wrote a three part series on how to reverse and #exploit iOS for beginners 😈
Part 1: How to Reverse & Patch iOS Apps https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
Part 2: Exploiting iOS binaries: #arm64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
Part 3: Heap Overflows on ARM64: Spraying, UAF
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
imho, the lack of quote tweeting and the allowance of more than 280 characters increase the signal-to-noise-ratio on mastodon..
Some promising memory safety trends demonstrated here for Android: https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
Two big question: 1) can the ratio of Rust to C/C++ for new code be sustained in the long haul, and 2) can OEM vendors like Samsung and Xiaomi follow this trend?
The goal here is to force attackers to compete in a gradually smaller pool of C/C++ code -- the theory being that increased contention means higher rates of bug collision (both with other attackers, and defenders) and shorter bug lifetimes.
But if you aim to achieve this primarily through from-scratch development rather than big re-rewrites (as is claimed), then I imagine you could run out of clearly delineated projects to build in Rust, and you're left with maintaining and adding features to the "legacy" C/C++ codebase, which is proportionally much larger still.
I suspect to maintain the kind of ratio of Rust-to-C/C++ being shown here, eventually that strategy will need to change to incorporate some sort of re-write plan, and that's where the complexity ratchets up quite quickly, and for incrementally smaller gains.
And again, all of this is potentially moot if the major vendors (like Samsung and Xiaomi) and their technology providers (like Qualcomm) don't show up to the party. Differentiation is a huge theme for Android OEMs, which necessarily means adding a lot of new code on top of the base of AOSP.
There's no requirements for memory safe languages in the Android Compatibility Definition Document (the policy that decides whether a vendors device is truly "Android"), and vendors are running these device development programs on paper-thin margins. Without a clear economic incentive to build new Rust development efforts, I can't see a clear pathway to Android OEM adoption of Rust.
In other words, it's great if your UWB stack is written in Rust, but if, for example, your flagship device is shipping an unmaintained and untested proprietary image library written in C [1], it probably doesn't have as much impact as you'd like.
[1] https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
cc @jeffvanderstoep -- thanks for the great blog!
OK, here it goes. Why quote-posting is a critical positive feature we need to get on this platform. A 🧵 of uses (I'll start; feel free to add)
okay, this is pretty interesting:
coupling strategic reasoning with Natural Language Processing to achieve dialogue-aware planning and winning 'Diplomacy'.
https://ai.facebook.com/blog/cicero-ai-negotiates-persuades-and-cooperates-with-people/
Trying to use Twitter Spaces one last time while it's still running for the reverse engineering adventures. Tune in tomorrow at 8PM Berlin time. Tell us about the most expensive thing you bricked during security analysis and ask any question you want 💻 💥 📱
For binary-only emulation in #LibAFL qemu, you can now dump DrCov traces to see in #idapro (lighthouse), #binaryninja (bncov), or #ghidra (dragondance) which paths the executions took.
This helps you understand where your fuzzer gets stuck, develop the harness further, and reach greater depth in the binary, eventually.
Binary-only modes of #AFLplusplus ( #qemu / #frida ) and libafl_frida also support DrCov output, already.
#fuzzing #fuzzingTips
https://github.com/AFLplusplus/LibAFL/pull/878
Oh, this triggers me! I really don't understand why information is so often conveyed in videos.
Of course there are some practical things that fit the video format, like soldering some resistors or setting up a scene for a photo shoot. But for most other things, a text is so much more efficient. First, I can consume it in any order. I can read the introduction, review the end, and so on. Second, I can easily search for important keywords to focus on what's important to me.
Happy to announce the release of swSIM and swICC by Tomasz Lisowski, two open source repositories to enable SIM card emulation: https://github.com/tomasz-lisowski/swicc & https://github.com/tomasz-lisowski/swsim.
Among others, we attached the emulator to a physical phone via SIMTrace2 and interact with test networks!
new GitHub code view, navigation and search are such a huge quality of life improvement
