| Tweetovi |
| ~ proslijedio/la je tweet | ||
|
Brandon Azad
@_bazad
|
24 h |
|
If you're interested in bootstrapping iOS kernel security research on A13, keep an iPhone 11 on iOS 13.3. I will be releasing a proof-of-concept exploit that provides kernel read/write on iPhone12,3 17C54.
|
||
|
||
|
~
@xerub
|
4. velj |
|
You were wearing them wrong™
I imagine Apple would ship the next AirPods with ultra-strong neodymium magnets inside, so as to attract each other and keep them *firmly* affixed to the user's head. Problem solved. /s
|
||
|
|
||
|
|
~
@xerub
|
4. velj |
|
you don't need to learn C++ for that. In fact, C++ on such an exploit is as useless as pants on a hooker. Eg: thank god @Jakeashacks removed all that unnecessary crap for his sock_port, so we can have nice things ;-P
|
||
|
|
||
| ~ proslijedio/la je tweet | ||
|
0x41con
@0x41con
|
2. velj |
|
|
||
|
|
~
@xerub
|
31. sij |
|
single malt scotch, of course.
|
||
|
|
||
|
|
~
@xerub
|
31. sij |
|
nostalgia, perhaps. long time ago, the paper *was* the code (punchcards ftw) ;-P
|
||
|
|
||
|
|
~
@xerub
|
30. sij |
|
|
||
|
|
~
@xerub
|
28. sij |
|
a special kind of fuck-up. most sec measures amount to nil, without proper isolation (xtreme thought experiment: think of all processes sharing the same address space)
there's nothing inherently wrong with arbitrary addresses, especially now that all dominant ISAs support pc-rel
|
||
|
|
||
|
|
~
@xerub
|
28. sij |
|
in this day and age, aslr shouldn't be touted as anything special, but instead the other way around: non-aslr code should be called "retarded" or whatever...
|
||
|
|
||
|
|
~
@xerub
|
28. sij |
|
it adds real protection, even though sometimes it's easily bypassed (mostly developer fuck-ups). that is, there is no intrinsic *bypass*, most often than not you'd need another bug and/or an extra step in the chain
|
||
|
|
||
|
|
~
@xerub
|
24. sij |
|
lol. if you think "search using hardcoded gadgets like this" is of any importance, you're missing the point. completely. here: github.com/xerub/acorn/bl…
|
||
|
|
||
|
|
~
@xerub
|
21. sij |
|
for the thousandth time: The cloud is just someone else's computer. twitter.com/nitoTV/status/…
|
||
|
|
||
| ~ proslijedio/la je tweet | ||
|
argp
@_argp
|
21. sij |
|
|
||
| ~ proslijedio/la je tweet | ||
|
|
0x41con
@0x41con
|
21. sij |
|
|
||
| ~ proslijedio/la je tweet | ||
|
|
0x41con
@0x41con
|
21. sij |
|
0x41con 3rd [time is a charm] edition: 1-2 May 2020, Thessaloniki, Greece /cc @_argp
|
||
|
|
||
| ~ proslijedio/la je tweet | ||
|
WarCon
@WarConPL
|
16. sij |
|
Whoever fights monsters should see to it that in the process he does not become a monster. And if you gaze long enough into an abyss, the abyss will gaze back into you.
WarCon V (Pentagram Edition) scheduled for 29 & 30th May 2020 \m/
|
||
|
|
||
|
|
~
@xerub
|
17. sij |
|
then the monster gazes back into you
|
||
|
|
||
|
|
~
@xerub
|
16. sij |
|
however, the new phones are a different beast: twitter.com/mattsta/status…
|
||
|
|
||
|
|
~
@xerub
|
16. sij |
|
these were the last circulated estimates: twitter.com/matthew_d_gree…
|
||
|
|
||
| ~ proslijedio/la je tweet | ||
|
Siguza
@s1guza
|
7. sij |
|
New blog post. ARM hardware bug. In the specification.
siguza.github.io/PAN/
|
||
|
|
||