Twitter | Search | |
Andrey Konovalov
547
Tweets
265
Following
1,748
Followers
Tweets
Andrey Konovalov retweeted
Grant Hernandez Nov 6
How complicated is cellular baseband firmware? At least this complicated: over 150K debugging messages across 932 directories and 2,775 files! Rebuilding the source code skeleton from Samsung S10's Shannon S5000 baseband debugging messages.
Reply Retweet Like
Andrey Konovalov Jan 28
Replying to @mjg59
Reply Retweet Like
Andrey Konovalov Jan 28
Implemented a PoC for disabling kernel lockdown on Ubuntu via a keyboard emulated through USB/IP, CC
Reply Retweet Like
Andrey Konovalov retweeted
Matthew Garrett Jan 28
My patch to disable PCI device DMA in early boot to avoid gaps in IOMMU coverage just got merged to mainline, so here's a writeup of it:
Reply Retweet Like
Andrey Konovalov Jan 27
Linux kernel 5.5 includes kcov extension that allows to collect code coverage from background kernel threads:
Reply Retweet Like
Andrey Konovalov retweeted
Dmitry Vyukov Jan 27
What I'm thinking reading this sad story of crit remote vuln introduced into all LTS kernels and still unfixed (now in your kernel)- this "forgot to release lock" is mostly solved problem today with static analysis. Kernel absolutely needs it as part of the dev process 1/n
Reply Retweet Like
Andrey Konovalov Jan 25
Ported my old interactive USB keyboard script to the new FaceDancer, sent a PR: CC
Reply Retweet Like
Andrey Konovalov Jan 23
Replying to @NedWilliamson @dvyukov
There are more, see other pages. Not many more though, Gerrit isn't really accepted in the kernel community yet
Reply Retweet Like
Andrey Konovalov retweeted
Dmitry Vyukov Jan 23
Welcome changes for kernel: and the mailing list version for contrast: Gerrit has side-by-side diffs, full expandable context, non-lossy comments attached to lines. Here are docs:
Reply Retweet Like
Andrey Konovalov retweeted
Saar Amar Jan 22
Wow, crazy issue bypasses PAN: Part of the uaccess routines (__arch_clear_user() and __arch_copy_{in,from,to}_user()) fail to re-enable PAN if they encounter an unhandled fault while accessing userspace. Check out the patch:
Reply Retweet Like
Andrey Konovalov retweeted
Dmitry Vyukov Jan 21
I have so many questions right now. You know , right, the thing that runs the universe today? This FOU_ATTR_LOCAL_V6 wanted to say .len instead of .type: This means this thing never-ever worked in any way. Any attempt to pass these args would...
Reply Retweet Like
Andrey Konovalov retweeted
Alexander Popov Jan 23
========================= The Life and Incredible Adventures of One QEMU Bug (Which I Finally Fixed) ========================= A thread [1/n]
Reply Retweet Like
Andrey Konovalov retweeted
Dmitry Vyukov Jan 21
Week has passed... If you said 20+ you were right. 30 on dashboard (open+pending) My local instance has 70(!): All reachable by unpriv users That's not all. To find more we need to fix these first, otherwise it just keep crashing
Reply Retweet Like
Andrey Konovalov retweeted
Arnaldo Carvalho de Melo Jan 16
Got an OOPS? Figured out the type in the variable causing the oops? Got the offset? Deep in a sub struct? Got you covered with a new EXAMPLE:
Reply Retweet Like
Andrey Konovalov Jan 16
Nice talk about CFI in the Linux kernel by Slides: Video:
Reply Retweet Like
Andrey Konovalov Jan 16
Replying to @zhovner @8devices
While I can't recommend a particular chip, mainline kernel driver support would be a huge benefit. Coming from experience of completely failing to build qcacld-3.0 in anything but the default configuration for the last couple of days =/
Reply Retweet Like
Andrey Konovalov retweeted
Vitaly Nikolenko Jan 16
I'll make my tech report and poc public soon. It was a fun bug affecting most major distributions. one exploit to rule them all w/ all kernel expl mitigation bypasses - no rop chains / hardcoded crap
Reply Retweet Like
Andrey Konovalov retweeted
Dmitry Vyukov Jan 15
Brace yourselves, more netfilter bugs are coming! Bets on number of bugs in the first week
Reply Retweet Like
Andrey Konovalov retweeted
MicrosVuln Jan 10
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges (binaries + writeups by hacking topics)
Reply Retweet Like
Andrey Konovalov Jan 8
Linux Kernel Runtime Guard (LKRG) bypass collection by Ilya Matveychikov, CC
Reply Retweet Like