IAmMandatory
@mandatory.bsky.social
Reposted by IAmMandatory
We just dropped 3 more challenges for today, we don't plan to release more for today. More to come tomorrow at 9am! #BSidesSF #CTF
Check out our Chrome Extension challenge, "moa-station", at ctf.bsidessf.net.
Check out our Chrome Extension challenge, "moa-station", at ctf.bsidessf.net.
April 26, 2025 at 2:53 AM
We just dropped 3 more challenges for today, we don't plan to release more for today. More to come tomorrow at 9am! #BSidesSF #CTF
Check out our Chrome Extension challenge, "moa-station", at ctf.bsidessf.net.
Check out our Chrome Extension challenge, "moa-station", at ctf.bsidessf.net.
Reposted by IAmMandatory
You are in for a punny time until launch!
Join us at ctf.bsidessf.net/register, the #BSidesSF #CTF kicks off at 4:00pm PDT tomorrow!
Join us at ctf.bsidessf.net/register, the #BSidesSF #CTF kicks off at 4:00pm PDT tomorrow!
April 25, 2025 at 3:52 AM
You are in for a punny time until launch!
Join us at ctf.bsidessf.net/register, the #BSidesSF #CTF kicks off at 4:00pm PDT tomorrow!
Join us at ctf.bsidessf.net/register, the #BSidesSF #CTF kicks off at 4:00pm PDT tomorrow!
Reposted by IAmMandatory
What's in the cards for this year? Join us next week at ctf.bsidessf.net and find out! #CTF #BSidesSF
April 19, 2025 at 2:45 AM
What's in the cards for this year? Join us next week at ctf.bsidessf.net and find out! #CTF #BSidesSF
This shitpost may be a little too niche, but it's how the scraping struggle be these days (turn video audio on).
March 26, 2025 at 5:07 PM
This shitpost may be a little too niche, but it's how the scraping struggle be these days (turn video audio on).
Looks like DEF CON talks are up on YouTube! If you want to see a fun talk on crawling online markets for the spicy silicon, check mine out here: youtu.be/QgeEHdAmJDg
DEF CON 32 - Secret Life of Rogue Device: Lost IT Assets on the Public Marketplace - Matthew Bryant
YouTube video by DEFCONConference
youtu.be
October 20, 2024 at 5:03 AM
Looks like DEF CON talks are up on YouTube! If you want to see a fun talk on crawling online markets for the spicy silicon, check mine out here: youtu.be/QgeEHdAmJDg
Reposted by IAmMandatory
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
my immediate reaction to this site
June 22, 2023 at 5:23 AM
my immediate reaction to this site