It's official. No hacker summer for me due to family health complications. I will miss everyone but hope you have a great (and safe) time!! ❤️

I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/ Please follow our workshop account @sureworkshop and RT it for visibility :).

We're proud to announce the release of Binary Ninja 5.0. Here's some highlights: Union Support, Dyld Share Cache & Kernel Cache, Firmware Ninja, Auto Stack Arrays, Stack Structure Type Propagation, and so much more. Check out the blog post for more information: binary.ninja/2025/04/23/5...

Does using #rustlang really make your software safer? tweedegolf.nl/en/blog/152/...

I'm proud to announce that I, through my company @magnetitesec.bsky.social, donated to the Redox OS project! If you're not familiar, Redox OS is a pure Rust Micro kernel based operating system. This donation allows them to sponsor one additional student for their Summer of Code!

I played @defcon.bsky.social CTF quals with @shellphish.bsky.social this year! I'm really impressed with the difficulty levels Nautilus Institute put forth. Making CTF challenges in the AI era has... special considerations... but they nailed it :-) Thanks to everyone involved for a great weekend!

There is a small bug in the signature verification of OTA packages in the Android Open Source Framework. Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be. Jérémy Jourdois explains it here: blog.quarkslab.com/aosp_ota_sig...

"Building a Linux Kernel Driver using Rust": rust-exercises.ferrous-systems.com/latest/book/...

Our Call for Presentations & Events is now open! Got cool research, a fresh exploit, or a unique cybersec insight? Submit your talk & be part of Australia’s biggest hacker con! cfp.bsidescbr.com.au/bsides-canbe...

github.com/ariel-os/ari... /via @mattkeeter.com #rustlang

Don't forget, the CFP for the 40th anniversary issue of Phrack is open until June 15th 2025. You can be someone's favorite article in the future!! bsky.app/profile/phra...

Having some fun with EM measurements today - side-channels are awesome!

Paged Out! #6 has arrived! And it's jam-packed with content! You can download it here: pagedout.institute?page=issues....

Tonight. AHA 0xDE. If it is your first time attending, you will give an “intro talk”. This is an opportunity to share about yourself and allow us to get to know you. This is an important part of the new attendee process. Please take it seriously. If you’ve given an intro talk before, but have […]

Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...

The sedexp Linux malware was disclosed in late 2024. In my talk at @kernelcon.bsky.social, I will present my own deep dive of the malware, including many parts that have not been made public, such as loading of a memory-only rootkit. Be sure to attend for a teardown with @volatilityfoundation.org 3!

Has anyone else seen m.imdb.com/title/tt0218... ? Eerie

Last week I attended Vector35 @re-verse.io RE//verse conference and it was great! Excellent food, high signal to noise (RE/VR), and great people. I scored some amazing schwag including a SIM transposer and a @binaryninja.bsky.social hacky sack! w00t!

On March 29th, I will be speaking at @bsidessd.bsky.social on Volatility 3, including all its new features and plugins. Be sure to attend to catch a sneak peak at the new framework before the major release later this Spring! www.bsidessd.org #DFIR #infosec

Digital vs film X-ray . Film offers higher resolution and better dynamic range with the same settings, but slightly longer exposure time (and more tedious image acquisition). Comes in handy when it comes to tiny electronics. Images of an Abbott Lingo continuous glucose monitor.

BlackHoodie will be back at @ringzer0.bsky.social Bootstrap conference in Austin, TX 🤠 On Friday March 21st I'll be teaching Compiler Internals for Security Engineers, a class for women by women, and it's free. Register here blackhoodie.re/Ringzer0_Boo...

Tamme is giving a talk at Embedded World 2025! He shows how Rust’s type system and package manager can help to improve development speed and code quality. Also visit us at our booth, or book a time slot for a private chat: https://buff.ly/4308AWE  @diondokter.nl #ew25 #embeddedworld #rustlang

Greg KH is a voice of reason downthread: lore.kernel.org/rust-for-lin...

I'm giving a talk at BOOTSTRAP25 in Austin! Hope to see y'all there! ringzer0.training/bootstrap25-...

It is EXTREMELY cool to me that: * Use of Rust on Embedded platforms is such a high percentage of the ecosystem (16.8% bare metal, 12.9% with an OS) * The usage is increasing year over year Check out the survey results! blog.rust-lang.org/2025/02/13/2...

NanoKVM is sketchy. youtu.be/plJGZQ35Q6I

First episode is up! youtu.be/7IHKRzGQeog via @rkl.bsky.social

I'm trying to think of a good way to flex Poststation as a demo for the embedded world booth. Does anyone have ideas of fun, interactive, and maybe mind bending things to have 8-16 independent MCUs do? I plan to fit it all into a eurorack case, as individual cards/modules.

I did the podcast thing! It was great fun chatting with Matthias Endler on his “Rust in Production” podcast. We talked about our little Rust based ECU at Volvo Cars and how it came about. Check it out: corrode.dev/podcast/s03e...

I’ve published CLUES (Custom Lightweight UUID Exchange Schema) and my current data about Bluetooth custom UUIDs to its own repository so that it can easily be incorporated as a git submodule in other research projects. https://github.com/darkmentorllc/CLUES_Schema

I’ve published BTIDES (BlueTooth Information Data Exchange Schema) to its own repository so that it can easily be incorporated as a git submodule in other research projects. I have started using this for crowdsourced BT info sharing. https://github.com/darkmentorllc/BTIDES_Schema

Worst Fit by @orange.tw. Nasty stuff. blog.orange.tw/posts/2025-0...

In this one we learn about using embassy to do embedded development with async Rust: youtu.be/pDd5mXBF4tY

@thejpster.org.uk You don't follow so I can't message but I hear the PR is coming next week

If you haven't seen the Honey tech drama you absolutely have to, it's awesome! youtu.be/vc4yL3YTwWk

Why do vendors claim reliable and secure and then have vulns like this?? Let me guess, ping again?? www.moxa.com/en/support/p...

Why is there no tech/hacker news coverage on Aedan Cullen‘s amazing RP2350 OTP glitch work? It’s weird. Here’s the GitHub: github.com/aedancullen/...

Oh! @raspberrypi.com RP2350 gotcha detailed at CCC. Does he win the prize?? events.ccc.de/congress/202...

Today I used a vinyl sticker from a conference in the place of heatshrink or electrical tape. Gotta do what you gotta do. Can't have this stuff shorting out!

I just disabled Android "Quick phrases" for my alarm clock app after realizing it's causing alarms to be ineffective. Who came up with this feature??? Why is it on by default?? Ensh**tification much?? Is there a class action suit I can join??

📢 It's time for you to MAKE YOUR VOICE HEARD 🗣️ ... ... In the C Survey for the Name of a new Operator!! This one, being something a LOT of you are familiar with! Read up, let us know, and SPREAD THE WORD: thephd.dev/the-big-arra...

Digital license plates, legal to buy in some states and drive with nationwide, can be jailbroken. Hackers can install new firmware in minutes, then change plate numbers via a Bluetooth app to evade surveillance, tolls and tickets—or make someone else pay. www.wired.com/story/digita...

I'm looking forward to that conference badge with CHERI architecture... When is it coming? Hehe

Picking up from last week's thread on overclocking the #RP2350, I'm going to be pushing this Pico 2 further tonight. To start with, I'm doing a run of tests at 576MHz and 1.7V, to see how much difference the cooling has made.

If you're looking for a good time programming, I recommend #adventofcode Day 6. Part 2 took me 4 tries to get a correct and performant solution.

Boot security in the MCU, Daniel & Zoltan Madarassy - BSides Canberra 2024 youtu.be/LXdSVcvhJuI?... #BSidesCbr2024

Is this expected behavior in Go?? I'm seeing the original array get modified by just creating slices from it. pastecry.pt/MMo4dp#Uk_Ha... Output: pastecry.pt/Y1eZuS#Uf7Ge... #AdventOfCode

Positive Technologies has developed a new attack that exploits the SD Express standard to gain access to a device's memory through its SD card reader The DaMAgeCard attack exploits the fact that the new SD Express standard can operate in both SDIO and NVMe swarm.ptsecurity.com/new-dog-old-...

Pretty dope whitepaper from Rapid7's @stephenfewer.bsky.social on 5 new vulnerabilities he chained to achieve unauthenticated RCE on Lorex 2K Indoor Wi-Fi security cameras. Whitepaper: www.rapid7.com/globalassets... Exploit: github.com/sfewer-r7/Lo...