So I Guess This Happened
LZO Exploit, You Say?What's that, you say? No functional exploits for LZO or LZ4? I guess both are proven, now. Sorry, folks, but we had to wait for a bit to let people get patched. We're kind to the...
View ArticleThe LZ4-Ruby Two Hour Challenge
I'm a Ruby VirginSo, I never found Ruby all that intriguing. It's just not that exciting to me. Sure, I can audit your Ruby on Rails app, but have I ever delved into the internals of Ruby to attack the...
View ArticleA Final LZ4 Act - Hacking Erlang
Killing MoneyI've been getting a lot of emails, DMs, PMs, etc, congratulating me on my perseverance through the P.R. mess that has been the LZO/LZ4 bugs. Thanks for your support! But, let's be...
View ArticleBla Bla LZ4, Bla Bla GoLang Or Whatever
I Was Coerced A lot of people don't know this, but I've known Jaime Cochran for almost fifteen years. We've been friends as long as I've been on the Internet. So, when she jabbed me earlier tonight...
View ArticleNo Thing Left Behind
You're Damn RightAdorable Crochet Puppy Mauls ResearcherMost of what we've heard about the Internet of Things (IoT) has been pushing fear, uncertainty, and doubt with regard to security. But, the...
View ArticleStart-Ups, Information Security, and Budgets
Start Up, not Down. The 80's Were Ok, I GuessAs a child of the 80's, I was raised with a lot of mixed messages. These messages took a lot of bizarre forms. I distinctly remember Poison's "Open Up and...
View ArticleThe Internet of Us
It'll all be OK, little guy. It's Not Me, It's YouI've been analyzing and building Internet of Things technology since 2009. At the time, my wife Jessica and I were living in a condo building in...
View ArticleGoLang Debugging - Turning Pennies Into G's
GDB Ain't GreatOur favorite application debugger is awesome. Don't get me wrong, I use it often. Almost daily. But, the fact remains that GDB is dependent on a predefined legacy application...
View ArticleIf You Haven't Pen-Tested Now, Wait
Abstinence Or WhateverThis morning, my esteemed peer Shawn Moyer referred to a blog post he wrote in September 2013 on waiting for pen-testing until Q1, but buying in Q4. He's not wrong. Shawn makes...
View ArticleThe Internet of Us - Hardware Nowhere
Never leave your buddy behind in Houston, Texas!The Holy Trinity of HackMy friends and I used to joke around that there was a "holy trinity" in hacking. You had to understand software, firmware, and...
View ArticleCloudless Skies: On Leaving Team Revolar
On Wednesday, April 15th, I officially left the Revolar team. Though the execution of my decision was swift, I had been contemplating it for several weeks, but, not for the usual reasons you might find...
View ArticleMicky Mouse Hacks: Password Cracking is A Waste of Energy
Get Disney On `EmIn the past year or so I've noticed a growing number of people stumbling on the same issues when getting into embedded systems design and hacking. It's odd how very few blogs are...
View ArticleNo More Free Thoughts - The Cost of Professionalism
"I'm Flying High Over Tupelo, Mississippi With America's Hottest Hacker, and We're All About To Die"There are a lot of things Denver is known for being high on, mostly altitude. But, lately, it isn’t...
View ArticleProtecting the Internet? Or, Protecting Interests.
Protecting Interests From AnyoneToday Senator Ted Cruz announced his new initiative, the Protecting Internet Freedom Act (PIFA), which aims to ensure the United States maintains "control of the...
View ArticleThis Old Vulnerability #1: Plan 9 devenv Integer Overflow
It's Been a WhileAround 2005, the infamous Matasano security team launched their blog, Chargen. Out of all the blogs and e-zines I've read over the years, their This Old Vulnerability (TOV) posts were...
View ArticleQuick PokemonGO Threat Modeling
Why I Caught Pokemon All Day Long TodayMost of y'all know by now I've got a four week old little man by my side 24/7, and it's the best thing ever. It also means that almost 100% of my time consists...
View ArticleThis Old Vulnerability: Guest Post: Vineetha Paruchuri on Modeling How...
[Editor's Note: Vineetha's guest blog is a companion piece to the Lab Mouse post found here]It all started on Twitter when I called Bailey out on his crappy taste in music (naturally, he vehemently...
View ArticleThis Old Vulnerability #2: NetBSD and OpenBSD kernfs Kernel Memory Disclosure...
Time is an Illusion[Editor's Note: This is part one of a two part post, the second of which is Vineetha Paruchuri's guest co-post, which can be found: here]It makes sense to me that physicists have...
View ArticleCheck Your (Root) Privilege - On CVE-2016-4484
A Cryptsetup Initrd Script FlawRecently, a programming flaw was found in the init scripts for certain Linux distributions. These scripts handle decryption of the system volume when full disk encryption...
View ArticleThe RISC-V Files: Supervisor -> Machine Privilege Escalation Exploit
The DemoThe following video demonstrates my original proof-of-concept exploit for the RISC-V privilege escalation logic flaw in the 1.9.1 version of the standard. The exploit lives in a patched Linux...
View ArticleThe RISC-V Files: On Princeton MCM and Linus' Law
Princeton and RISC-V MCMIn the past week, a research team from Princeton's school of engineering released details on flaws they uncovered in the RISC-V memory consistency model (MCM). This is exciting...
View ArticleOpen Source Healthcare
No Matter What Side You're On, Admit It: You're SickEarlier today I became quite frustrated with the state of our social discussion on insurance, ACA, AHCA, and politics in general. Every day we read...
View ArticleAn Eulogy for Infosec
Sam's FuneralLast night I watched one of the best episodes of television to ever grace the liquid crystal affixed to the center of my living room. The episode "Eulogy" from season two of Pamela Adlon...
View ArticleThe Story of the Ghost
I Feel I've Never Told You...the Story of the Ghost...It was 1999... or 2000... I don't quite remember. We never slept. We would audit source code for days on end, mostly the OpenBSD or Linux kernel,...
View ArticleAbusing Blockchain Transparency for Good
In 2013, I had just completed a year working on my DARPA Cyber Fast Track grant, creating a holistic threat model of the entire IoT landscape. The result of this research wasn't simply a threat model...
View Article