cleptho
@cleptho.bsky.social
Offensive Security | Вічна пам'ять / Вечная память
https://twitter.com/cleptho | https://infosec.exchange/@cleptho
https://twitter.com/cleptho | https://infosec.exchange/@cleptho
Reposted by cleptho
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com/2025/11/defe...
googleprojectzero.blogspot.com/2025/11/defe...
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...
googleprojectzero.blogspot.com
November 3, 2025 at 6:17 PM
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com/2025/11/defe...
googleprojectzero.blogspot.com/2025/11/defe...
Reposted by cleptho
🎥 Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.
October 23, 2025 at 11:10 AM
🎥 Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.
Reposted by cleptho
Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:11 PM
Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
Reposted by cleptho
New blog post: Exploiting the Synology TC500 at Pwn2Own Ireland 2024
We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study.
blog.infosectcbr.com.au/2025/08/01/e...
We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study.
blog.infosectcbr.com.au/2025/08/01/e...
Exploiting the Synology TC500 at Pwn2Own Ireland 2024
Introduction In October 2024, InfoSect participated in Pwn2Own – a bug bounty competition against embedded devices such as cameras, NAS’, and smart speakers. In this blog, I’ll di…
blog.infosectcbr.com.au
August 1, 2025 at 5:18 AM
New blog post: Exploiting the Synology TC500 at Pwn2Own Ireland 2024
We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study.
blog.infosectcbr.com.au/2025/08/01/e...
We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study.
blog.infosectcbr.com.au/2025/08/01/e...
Reposted by cleptho
Documented instructions for setting up KGDB on Pixel 8.
Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.
xairy.io/articles/pix...
Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.
xairy.io/articles/pix...
📲 Debugging the Pixel 8 kernel via KGDB
Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8
xairy.io
July 28, 2025 at 8:20 PM
Documented instructions for setting up KGDB on Pixel 8.
Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.
xairy.io/articles/pix...
Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.
xairy.io/articles/pix...
Reposted by cleptho
Dumping firmware from JieLi chips
JieLi chips are fairly common in Bluetooth audio devices, but they are also becoming more common in miscellaneous devices. Fortunately, retrieving the firmware is mostly straightforward.
JieLi chips are fairly common in Bluetooth audio devices, but they are also becoming more common in miscellaneous devices. Fortunately, retrieving the firmware is mostly straightforward.
April 14, 2025 at 5:22 PM
Dumping firmware from JieLi chips
JieLi chips are fairly common in Bluetooth audio devices, but they are also becoming more common in miscellaneous devices. Fortunately, retrieving the firmware is mostly straightforward.
JieLi chips are fairly common in Bluetooth audio devices, but they are also becoming more common in miscellaneous devices. Fortunately, retrieving the firmware is mostly straightforward.
Reposted by cleptho
On the anniversary of the sinking of the Titanic, we thought we'd answer a question that's often asked,
"If they raised the Mary Rose, why not raise the Titanic?"
Allow our scaled diagram to explain...
"If they raised the Mary Rose, why not raise the Titanic?"
Allow our scaled diagram to explain...
April 15, 2025 at 8:21 AM
On the anniversary of the sinking of the Titanic, we thought we'd answer a question that's often asked,
"If they raised the Mary Rose, why not raise the Titanic?"
Allow our scaled diagram to explain...
"If they raised the Mary Rose, why not raise the Titanic?"
Allow our scaled diagram to explain...
Reposted by cleptho
I grew up on a diet of Scary Stories to Tell in the Dark... I swear these vines covering a lamppost in Wroclaw, Poland are straight out of my childhood nightmares.
April 10, 2025 at 7:27 AM
I grew up on a diet of Scary Stories to Tell in the Dark... I swear these vines covering a lamppost in Wroclaw, Poland are straight out of my childhood nightmares.
Reposted by cleptho
v happy to finally share my slides for my @reconmtl.bsky.social 2024 talk “GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev.” Really proud of this talk + v grateful to the amazing REcon team for another incredible con 🖤
github.com/ic3qu33n/REc...
github.com/ic3qu33n/REc...
GitHub - ic3qu33n/REcon2024-GOP-Complex: REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""
REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev"" - ic3qu33n/REcon2024-GOP-Complex
github.com
March 31, 2025 at 8:51 PM
v happy to finally share my slides for my @reconmtl.bsky.social 2024 talk “GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev.” Really proud of this talk + v grateful to the amazing REcon team for another incredible con 🖤
github.com/ic3qu33n/REc...
github.com/ic3qu33n/REc...
Reposted by cleptho
This is fake but if we boost it enough someone from the administration will claim it’s true during the congressional hearings so you know what to do
March 27, 2025 at 9:47 AM
This is fake but if we boost it enough someone from the administration will claim it’s true during the congressional hearings so you know what to do
Reposted by cleptho
Reposted by cleptho
We heard you needed some more time, so we wanted to let you cook.
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
March 17, 2025 at 1:58 PM
We heard you needed some more time, so we wanted to let you cook.
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
Reposted by cleptho
For $20,000/month, I will personally google stuff and paraphrase it for you into mostly-accurate answers.
Source: OpenAI executives have told some investors about plans for a $2,000/month agent, a $10,000/month agent for coding, and a $20,000/month PhD-level agent (The Information)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
March 5, 2025 at 6:57 PM
For $20,000/month, I will personally google stuff and paraphrase it for you into mostly-accurate answers.
Reposted by cleptho
Pumpkin (@u1f383 on X) does cool work. Here is another cool read about an interesting race condition involving signal handling
u1f383.github.io/linux/2025/0...
u1f383.github.io/linux/2025/0...
February 26, 2025 at 8:42 AM
Pumpkin (@u1f383 on X) does cool work. Here is another cool read about an interesting race condition involving signal handling
u1f383.github.io/linux/2025/0...
u1f383.github.io/linux/2025/0...
Reposted by cleptho
Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to @offensivecon.bsky.social and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at www.zerodayinitiative.com/blog/2025/2/...
Zero Day Initiative — Announce Pwn2Own Berlin and Introducing an AI Category
If you just want to read the contest rules, click here . Willkommen, meine Damen und Herren, zu unserem ersten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). ...
www.zerodayinitiative.com
February 24, 2025 at 4:48 PM
Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to @offensivecon.bsky.social and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at www.zerodayinitiative.com/blog/2025/2/...
Reposted by cleptho
I made an ImHex pattern file for the ftab file format used for Apple C1 firmware and Apple accessories
gist.github.com/matteyeux/d1...
gist.github.com/matteyeux/d1...
February 21, 2025 at 6:41 AM
I made an ImHex pattern file for the ftab file format used for Apple C1 firmware and Apple accessories
gist.github.com/matteyeux/d1...
gist.github.com/matteyeux/d1...
Reposted by cleptho
OpenSSH 9.9p2 has just been released with fixes for two security problems reported by the Qualys Security Advisory Team: a denial-of-service in the default configuration and a host impersonation by on-path attackers when VerifyHostKeyDNS is enabled (off by default).
www.openssh.com/releasenotes...
www.openssh.com/releasenotes...
OpenSSH: Release Notes
OpenSSH release notes
www.openssh.com
February 18, 2025 at 9:37 AM
OpenSSH 9.9p2 has just been released with fixes for two security problems reported by the Qualys Security Advisory Team: a denial-of-service in the default configuration and a host impersonation by on-path attackers when VerifyHostKeyDNS is enabled (off by default).
www.openssh.com/releasenotes...
www.openssh.com/releasenotes...
Reposted by cleptho
Microsoft's own research confirms something that was already pretty obvious: relying on a text generating machine to come up with answers erodes critical thinking, and is a method favoured by those who never liked doing critical thinking in the first place
advait.org/files/lee_20...
advait.org/files/lee_20...
advait.org
February 9, 2025 at 10:15 AM
Microsoft's own research confirms something that was already pretty obvious: relying on a text generating machine to come up with answers erodes critical thinking, and is a method favoured by those who never liked doing critical thinking in the first place
advait.org/files/lee_20...
advait.org/files/lee_20...
Reposted by cleptho
They found a way to litter from space
Something else to thank EM for.
"The sustained rate of daily reentries is unprecedented," says Jonathan McDowell, an astronomer at the Harvard Center for Astrophysics who tracks satellites. "They are retiring and incinerating about 4 or 5 Starlinks every day."
@planet4589.bsky.social
#astronomy
"The sustained rate of daily reentries is unprecedented," says Jonathan McDowell, an astronomer at the Harvard Center for Astrophysics who tracks satellites. "They are retiring and incinerating about 4 or 5 Starlinks every day."
@planet4589.bsky.social
#astronomy
February 6, 2025 at 12:16 AM
They found a way to litter from space
Reposted by cleptho
for anyone interested in linux kernel or android security research, i'm experimenting with a custom feed here bsky.app/profile/did:...
December 3, 2024 at 7:45 PM
for anyone interested in linux kernel or android security research, i'm experimenting with a custom feed here bsky.app/profile/did:...
Reposted by cleptho
Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months.
osec.io/blog/2024-11...
osec.io/blog/2024-11...
November 28, 2024 at 12:54 PM
Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months.
osec.io/blog/2024-11...
osec.io/blog/2024-11...
Reposted by cleptho
New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Introducing NachoVPN: One VPN Server to Pwn Them All
AmberWolf Security Research Blog
blog.amberwolf.com
November 26, 2024 at 10:47 AM
New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Reposted by cleptho
Interesting paper by Erin Avllazagaj to automatically find Linux kernel objects being potentially useful for privilege escalation, tool is called SCAVY. www.usenix.org/system/files...
www.usenix.org
November 22, 2024 at 9:44 AM
Interesting paper by Erin Avllazagaj to automatically find Linux kernel objects being potentially useful for privilege escalation, tool is called SCAVY. www.usenix.org/system/files...
Reposted by cleptho
Qualys is at it again:
https://seclists.org/oss-sec/2024/q4/108
LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)
Original post
https://seclists.org/oss-sec/2024/q4/108
LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)
Original post
November 19, 2024 at 9:07 PM
Qualys is at it again:
https://seclists.org/oss-sec/2024/q4/108
LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)
Original post
https://seclists.org/oss-sec/2024/q4/108
LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)
Original post
Touching grass
What else to remain sane?
What else to remain sane?
November 18, 2024 at 4:18 PM
Touching grass
What else to remain sane?
What else to remain sane?