Karsten
@gr4yf0x.bsky.social
VR. Can cook a decent Cacio e Pepe. Physicist in a former life.
Reposted by Karsten
The next battleground is in sight, and things are going to move fast. Half-baked tech pitched as transformational will be quickly adopted and thrown in front of children without any validation, but the demos will be amazing!
May 19, 2025 at 12:32 PM
The next battleground is in sight, and things are going to move fast. Half-baked tech pitched as transformational will be quickly adopted and thrown in front of children without any validation, but the demos will be amazing!
Reposted by Karsten
We just published @firefox.com updates to fix the exploits used at the Pwn2Own contest yesterday and today. Both contestants achieved RCE in our content process but did not escape the sandbox.
blog.mozilla.org/security/202...
blog.mozilla.org/security/202...
Firefox Security Response to pwn2own 2025 – Mozilla Security Blog
At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also mature ...
blog.mozilla.org
May 17, 2025 at 9:22 PM
We just published @firefox.com updates to fix the exploits used at the Pwn2Own contest yesterday and today. Both contestants achieved RCE in our content process but did not escape the sandbox.
blog.mozilla.org/security/202...
blog.mozilla.org/security/202...
Reposted by Karsten
It’s only Tuesday but the first night of Lobbycon has already started! 🍻
May 13, 2025 at 8:59 PM
It’s only Tuesday but the first night of Lobbycon has already started! 🍻
Reposted by Karsten
the takeover has begun..
trainings start tomorrow morning!
trainings start tomorrow morning!
May 11, 2025 at 5:39 PM
the takeover has begun..
trainings start tomorrow morning!
trainings start tomorrow morning!
Reposted by Karsten
RUMOURS are TRUE 🤷♀️
PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 at www.offensivecon.org BERLIN ("The 𞅀-Day Edition").
Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️
PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 at www.offensivecon.org BERLIN ("The 𞅀-Day Edition").
Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️
April 28, 2025 at 10:16 AM
RUMOURS are TRUE 🤷♀️
PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 at www.offensivecon.org BERLIN ("The 𞅀-Day Edition").
Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️
PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 at www.offensivecon.org BERLIN ("The 𞅀-Day Edition").
Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️
Reposted by Karsten
April 25, 2025 at 7:58 PM
Reposted by Karsten
To prevent deer from being hit by cars Finland has tried using reflective paint. (https://www.smithsonianmag.com/smart-news/avoid-deer-strikes-finland-painting-deer-antlers-reflective-paint-180949792/)
File this under "solutions to modern problems that summon the old gods."
File this under "solutions to modern problems that summon the old gods."
April 20, 2025 at 10:12 AM
To prevent deer from being hit by cars Finland has tried using reflective paint. (https://www.smithsonianmag.com/smart-news/avoid-deer-strikes-finland-painting-deer-antlers-reflective-paint-180949792/)
File this under "solutions to modern problems that summon the old gods."
File this under "solutions to modern problems that summon the old gods."
Reposted by Karsten
April 18, 2025 at 5:25 AM
Reposted by Karsten
The BlackHoodie training at OffensiveCon has a whole of 2 seats left, and we will have a special give-away with this edition :) blackhoodie.re/Offensivecon...
Blackhoodie OffensiveCon 2025
Hackers around the globe, listen, BlackHoodie will be at OffensiveCon this year :) For the very first time we’re offering a 1-day free training, for women, by women, at the most prestigious offensive ...
blackhoodie.re
April 1, 2025 at 8:28 PM
The BlackHoodie training at OffensiveCon has a whole of 2 seats left, and we will have a special give-away with this edition :) blackhoodie.re/Offensivecon...
Reposted by Karsten
Don't forget, the CFP for the 40th anniversary issue of Phrack is open until June 15th 2025. You can be someone's favorite article in the future!!
bsky.app/profile/phra...
bsky.app/profile/phra...
We heard you needed some more time, so we wanted to let you cook.
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
March 24, 2025 at 11:31 PM
Don't forget, the CFP for the 40th anniversary issue of Phrack is open until June 15th 2025. You can be someone's favorite article in the future!!
bsky.app/profile/phra...
bsky.app/profile/phra...
Reposted by Karsten
Save the date - @blackhoodie.bsky.social is partnering with
@offensivecon.bsky.social this year to bring a BlackHoodie training to Berlin! Students will learn how to place compiler backdoors in innocent code. Mark your calendars for May 15th! Registration opens tomorrow, space is very limited ☺️
@offensivecon.bsky.social this year to bring a BlackHoodie training to Berlin! Students will learn how to place compiler backdoors in innocent code. Mark your calendars for May 15th! Registration opens tomorrow, space is very limited ☺️
March 26, 2025 at 9:04 PM
Save the date - @blackhoodie.bsky.social is partnering with
@offensivecon.bsky.social this year to bring a BlackHoodie training to Berlin! Students will learn how to place compiler backdoors in innocent code. Mark your calendars for May 15th! Registration opens tomorrow, space is very limited ☺️
@offensivecon.bsky.social this year to bring a BlackHoodie training to Berlin! Students will learn how to place compiler backdoors in innocent code. Mark your calendars for May 15th! Registration opens tomorrow, space is very limited ☺️
Reposted by Karsten
Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...
GitHub - jduck/bs25-slides: Slides from "Musing from Decades of Linux Kernel Security Research" at BOOTSTRAP25
Slides from "Musing from Decades of Linux Kernel Security Research" at BOOTSTRAP25 - jduck/bs25-slides
github.com
March 25, 2025 at 7:26 PM
Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...
Reposted by Karsten
We are proud to announce our first keynote for Offensivecon 2025, Perri Adams! @perrib.us
March 25, 2025 at 8:41 PM
We are proud to announce our first keynote for Offensivecon 2025, Perri Adams! @perrib.us
Reposted by Karsten
Our second keynote for Offensivecon 2025 will be Dino Dai Zovi! @ddz.bsky.social
March 25, 2025 at 6:18 PM
Our second keynote for Offensivecon 2025 will be Dino Dai Zovi! @ddz.bsky.social
Must be @argp.bsky.social and karl's article on the FreeBSD kernel allocator. The first one I worked really through, introduced me to kernel exploitation, and finally helped me with my first real exploit for
FreeBSD-SA-19:02.fd.
phrack.org/issues/66/8#...
FreeBSD-SA-19:02.fd.
phrack.org/issues/66/8#...
March 25, 2025 at 11:47 AM
Must be @argp.bsky.social and karl's article on the FreeBSD kernel allocator. The first one I worked really through, introduced me to kernel exploitation, and finally helped me with my first real exploit for
FreeBSD-SA-19:02.fd.
phrack.org/issues/66/8#...
FreeBSD-SA-19:02.fd.
phrack.org/issues/66/8#...
Good analysis by the syzkaller developer, how some of thr latest ITW vulns could have been found.
Looks like we have a confirmation that Cellebrite uses memory corruptions in Linux kernel USB drivers to unlock Android phones.
First 2 bugs seem easily discoverable by syzkaller/syzbot with a bit of extra descriptions. 3rd one is likely as well ⤵️
First 2 bugs seem easily discoverable by syzkaller/syzbot with a bit of extra descriptions. 3rd one is likely as well ⤵️
securitylab.amnesty.org/latest/2025/...
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
March 5, 2025 at 1:34 PM
Good analysis by the syzkaller developer, how some of thr latest ITW vulns could have been found.
Pumpkin (@u1f383 on X) does cool work. Here is another cool read about an interesting race condition involving signal handling
u1f383.github.io/linux/2025/0...
u1f383.github.io/linux/2025/0...
February 26, 2025 at 8:42 AM
Pumpkin (@u1f383 on X) does cool work. Here is another cool read about an interesting race condition involving signal handling
u1f383.github.io/linux/2025/0...
u1f383.github.io/linux/2025/0...
Really great read by @h0mbre (on X) about his journey to exploit a Linux n-day on kCTF. Not only the exploit but the process to understand the bug including own failures, e.g. deal with CONFIG_DEBUG_LIST, is full of insights. h0mbre.github.io/Patch_Gappin...
Patch-Gapping the Google Container-Optimized OS for $0
Background I’m trying to really focus this year on developing technically in a few ways. Part of that is reviewing kCTF entries. This helps me get a sense of what subsystems are producing the most bug...
h0mbre.github.io
February 17, 2025 at 6:31 PM
Really great read by @h0mbre (on X) about his journey to exploit a Linux n-day on kCTF. Not only the exploit but the process to understand the bug including own failures, e.g. deal with CONFIG_DEBUG_LIST, is full of insights. h0mbre.github.io/Patch_Gappin...
Reposted by Karsten
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
phrack.org
February 15, 2025 at 3:02 PM
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
Reposted by Karsten
To all our Bluesky friends, feel free to follow us here as we will be posting regular updates as the conference gets closer. See you in May!
January 21, 2025 at 3:32 PM
To all our Bluesky friends, feel free to follow us here as we will be posting regular updates as the conference gets closer. See you in May!
As of today I'm not longer with CrowdStrike. Looking forward to new challenges in VR :)
January 1, 2025 at 1:40 PM
As of today I'm not longer with CrowdStrike. Looking forward to new challenges in VR :)
Can recommend Satoshi's training as well, rarely had a training that was such hands-on.
December 14, 2024 at 5:25 PM
Can recommend Satoshi's training as well, rarely had a training that was such hands-on.
Reposted by Karsten
December 3, 2024 at 7:14 AM