The Mouse Trap

Channel: The Mouse Trap

So I Guess This Happened

July 8, 2014, 9:43 pm

LZO Exploit, You Say?What's that, you say? No functional exploits for LZO or LZ4? I guess both are proven, now. Sorry, folks, but we had to wait for a bit to let people get patched. We're kind to the...

View Article

The LZ4-Ruby Two Hour Challenge

July 9, 2014, 2:48 pm

I'm a Ruby VirginSo, I never found Ruby all that intriguing. It's just not that exciting to me. Sure, I can audit your Ruby on Rails app, but have I ever delved into the internals of Ruby to attack the...

View Article

A Final LZ4 Act - Hacking Erlang

July 10, 2014, 3:13 pm

Killing MoneyI've been getting a lot of emails, DMs, PMs, etc, congratulating me on my perseverance through the P.R. mess that has been the LZO/LZ4 bugs. Thanks for your support! But, let's be...

View Article

Bla Bla LZ4, Bla Bla GoLang Or Whatever

July 11, 2014, 11:20 am

I Was Coerced A lot of people don't know this, but I've known Jaime Cochran for almost fifteen years. We've been friends as long as I've been on the Internet. So, when she jabbed me earlier tonight...

View Article

Image may be NSFW.
Clik here to view.

No Thing Left Behind

September 23, 2014, 11:01 am

You're Damn RightAdorable Crochet Puppy Mauls ResearcherMost of what we've heard about the Internet of Things (IoT) has been pushing fear, uncertainty, and doubt with regard to security. But, the...

View Article

Image may be NSFW.
Clik here to view.

Start-Ups, Information Security, and Budgets

October 6, 2014, 1:16 pm

Start Up, not Down. The 80's Were Ok, I GuessAs a child of the 80's, I was raised with a lot of mixed messages. These messages took a lot of bizarre forms. I distinctly remember Poison's "Open Up and...

View Article

Image may be NSFW.
Clik here to view.

The Internet of Us

October 7, 2014, 12:02 pm

It'll all be OK, little guy. It's Not Me, It's YouI've been analyzing and building Internet of Things technology since 2009. At the time, my wife Jessica and I were living in a condo building in...

View Article

GoLang Debugging - Turning Pennies Into G's

October 21, 2014, 8:24 pm

GDB Ain't GreatOur favorite application debugger is awesome. Don't get me wrong, I use it often. Almost daily. But, the fact remains that GDB is dependent on a predefined legacy application...

View Article

If You Haven't Pen-Tested Now, Wait

October 23, 2014, 11:04 am

Abstinence Or WhateverThis morning, my esteemed peer Shawn Moyer referred to a blog post he wrote in September 2013 on waiting for pen-testing until Q1, but buying in Q4. He's not wrong. Shawn makes...

View Article

Image may be NSFW.
Clik here to view.

The Internet of Us - Hardware Nowhere

November 6, 2014, 11:35 am

Never leave your buddy behind in Houston, Texas!The Holy Trinity of HackMy friends and I used to joke around that there was a "holy trinity" in hacking. You had to understand software, firmware, and...

View Article

Cloudless Skies: On Leaving Team Revolar

April 20, 2015, 1:44 pm

On Wednesday, April 15th, I officially left the Revolar team. Though the execution of my decision was swift, I had been contemplating it for several weeks, but, not for the usual reasons you might find...

View Article

Image may be NSFW.
Clik here to view.

Micky Mouse Hacks: Password Cracking is A Waste of Energy

May 8, 2015, 5:16 pm

Get Disney On `EmIn the past year or so I've noticed a growing number of people stumbling on the same issues when getting into embedded systems design and hacking. It's odd how very few blogs are...

View Article

No More Free Thoughts - The Cost of Professionalism

May 15, 2015, 4:46 pm

"I'm Flying High Over Tupelo, Mississippi With America's Hottest Hacker, and We're All About To Die"There are a lot of things Denver is known for being high on, mostly altitude. But, lately, it isn’t...

View Article

Protecting the Internet? Or, Protecting Interests.

June 8, 2016, 1:34 pm

Protecting Interests From AnyoneToday Senator Ted Cruz announced his new initiative, the Protecting Internet Freedom Act (PIFA), which aims to ensure the United States maintains "control of the...

View Article

Image may be NSFW.
Clik here to view.

This Old Vulnerability #1: Plan 9 devenv Integer Overflow

July 8, 2016, 3:23 pm

It's Been a WhileAround 2005, the infamous Matasano security team launched their blog, Chargen. Out of all the blogs and e-zines I've read over the years, their This Old Vulnerability (TOV) posts were...

View Article

Image may be NSFW.
Clik here to view.

Quick PokemonGO Threat Modeling

July 12, 2016, 12:21 am

Why I Caught Pokemon All Day Long TodayMost of y'all know by now I've got a four week old little man by my side 24/7, and it's the best thing ever. It also means that almost 100% of my time consists...

View Article

This Old Vulnerability: Guest Post: Vineetha Paruchuri on Modeling How...

July 25, 2016, 12:18 pm

[Editor's Note: Vineetha's guest blog is a companion piece to the Lab Mouse post found here]It all started on Twitter when I called Bailey out on his crappy taste in music (naturally, he vehemently...

View Article

Image may be NSFW.
Clik here to view.

This Old Vulnerability #2: NetBSD and OpenBSD kernfs Kernel Memory Disclosure...

July 25, 2016, 12:20 pm

Time is an Illusion[Editor's Note: This is part one of a two part post, the second of which is Vineetha Paruchuri's guest co-post, which can be found: here]It makes sense to me that physicists have...

View Article

Check Your (Root) Privilege - On CVE-2016-4484

November 18, 2016, 8:57 am

A Cryptsetup Initrd Script FlawRecently, a programming flaw was found in the init scripts for certain Linux distributions. These scripts handle decryption of the system volume when full disk encryption...

View Article

Image may be NSFW.
Clik here to view.

The RISC-V Files: Supervisor -> Machine Privilege Escalation Exploit

April 18, 2017, 9:38 pm

The DemoThe following video demonstrates my original proof-of-concept exploit for the RISC-V privilege escalation logic flaw in the 1.9.1 version of the standard. The exploit lives in a patched Linux...

View Article

The RISC-V Files: On Princeton MCM and Linus' Law

April 29, 2017, 1:56 pm

Princeton and RISC-V MCMIn the past week, a research team from Princeton's school of engineering released details on flaws they uncovered in the RISC-V memory consistency model (MCM). This is exciting...

View Article

Open Source Healthcare

May 5, 2017, 11:05 pm

No Matter What Side You're On, Admit It: You're SickEarlier today I became quite frustrated with the state of our social discussion on insurance, ACA, AHCA, and politics in general. Every day we read...

View Article

Image may be NSFW.
Clik here to view.

An Eulogy for Infosec

October 23, 2017, 6:26 pm

Sam's FuneralLast night I watched one of the best episodes of television to ever grace the liquid crystal affixed to the center of my living room. The episode "Eulogy" from season two of Pamela Adlon...

View Article

Image may be NSFW.
Clik here to view.

The Story of the Ghost

January 9, 2018, 9:01 pm

I Feel I've Never Told You...the Story of the Ghost...It was 1999... or 2000... I don't quite remember. We never slept. We would audit source code for days on end, mostly the OpenBSD or Linux kernel,...

View Article

Abusing Blockchain Transparency for Good

March 6, 2018, 10:04 am

In 2013, I had just completed a year working on my DARPA Cyber Fast Track grant, creating a holistic threat model of the entire IoT landscape. The result of this research wasn't simply a threat model...

View Article

Latest Images