|
Bas Alberts
@
basalberts
|
|
Recreational strangler & Parentheses enthusiast. Keeping exploit chains out of supply chains @GitHub. Personal account.
|
|
|
73
Tweetovi
|
367
Pratim
|
1.067
Osobe koje vas prate
|
| Tweetovi |
|
Bas Alberts
@basalberts
|
2. velj |
|
Code is a moving target and audits are never complete ... even though the initial audit bootstrap may be annoying for a large or complicated surface .. and you may come up empty that first pass, it pays dividends to your time to keep up with that surface continuously twitter.com/0xdea/status/1…
|
||
|
|
||
|
Bas Alberts
@basalberts
|
31. sij |
|
Hahaha awesome
|
||
|
|
||
|
Bas Alberts
@basalberts
|
31. sij |
|
I believe it was an internal run, I got it at HQ from the design team lead
|
||
|
|
||
|
Bas Alberts
@basalberts
|
31. sij |
|
Space-to-space manned combat is wide open though! #spaceforce
|
||
|
|
||
|
Bas Alberts
@basalberts
|
31. sij |
|
This sticker situation is escalating rapidly pic.twitter.com/1yrq6A3SpN
|
||
|
|
||
|
Bas Alberts
@basalberts
|
31. sij |
|
I think all of it is interesting, but specifically interested in backdoor commits that were being snuck in with hijacked commit access or seemingly legitimate bugs that were almost too good to be true (i.e. the exploitation stars lined up suspiciously well)
|
||
|
|
||
|
Bas Alberts
@basalberts
|
31. sij |
|
ah yeah I remember @grsecurity had some fun with that one grsecurity.net/~spender/explo…
|
||
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
Nope mostly looking for breadth of examples, thanks!
|
||
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
Does anyone remember any explicit (or highly suspected/suspicious) bugdoor attempts in OSS history besides the = vs == uid thing in the Linux kernel?
|
||
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
TIL that the laf-intel comparison splitting strategy is eerily similar to how you used to bruteforce a static cookie with a repeatable 1-byte granular memory corruption primitive ... which makes perfect sense I suppose securitylab.github.com/research/fuzzi…
|
||
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
Haha it’s more a product of me going from gung ho to hobby status I think
|
||
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
I used to but it dissipated around mid-brown :) Now I’ll ponder my rolls on the drive home but by the time I arrive my brain is mostly all “food?”
|
||
|
|
||
|
Bas Alberts
@basalberts
|
30. sij |
|
Affleck was the bomb in Phantoms yo
|
||
|
|
||
| Bas Alberts proslijedio/la je tweet | ||
|
Sean Heelan
@seanhn
|
29. sij |
|
Here's the bibliography for an automatic exploit generation talk I'm giving tomorrow. If you're looking for a reading list on the topic, this should have almost everything for historical context and state of the art gist.github.com/SeanHeelan/99b…
|
||
|
|
||
|
Bas Alberts
@basalberts
|
29. sij |
|
Can any of my friends at Apple go check the warehouse and guesstimate when they’re gonna run out of touchbars?
|
||
|
|
||
| Bas Alberts proslijedio/la je tweet | ||
|
grsecurity
@grsecurity
|
29. sij |
|
Hugely impressive amount of work in a very short amount of time. The github looks like a great resource for people to learn from: github.com/SerenityOS/ser… twitter.com/awesomekling/s…
|
||
|
|
||
|
Bas Alberts
@basalberts
|
29. sij |
|
The whole thing
|
||
|
|
||
|
Bas Alberts
@basalberts
|
29. sij |
|
Confused xdev sitting in SCIF: “but it said you offered remote work in the ad!” ... “correct, now get to it”
|
||
|
|
||
|
Bas Alberts
@basalberts
|
29. sij |
|
I am assuming it is a certain very skilled french person but since they decided to not put their name on the work I think they prefer to remain anonymous :) As far as process, “90ies UNIX hacking” sums it up nicely I suppose?
|
||
|
|
||