cleptho

🎥 Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.

Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own

Exploiting the Synology TC500 at Pwn2Own Ireland 2024 Introduction In October 2024, InfoSect participated in Pwn2Own – a bug bounty competition against embedded devices such as cameras, NAS’, and smart speakers. In this blog, I’ll di…

New blog post: Exploiting the Synology TC500 at Pwn2Own Ireland 2024
We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study.
blog.infosectcbr.com.au/2025/08/01/e...

📲 Debugging the Pixel 8 kernel via KGDB Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8

Documented instructions for setting up KGDB on Pixel 8.

Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.

xairy.io/articles/pix...

Dumping firmware from JieLi chips

JieLi chips are fairly common in Bluetooth audio devices, but they are also becoming more common in miscellaneous devices. Fortunately, retrieving the firmware is mostly straightforward.

A light blue diagram depicting the sea, with the water's surface at the top, and just below it is an outline of the Mary Rose, with the depth (12m, 40ft or 6.7 fathoms). There is a line showing the seabed, which takes a rapid dive into the vertical...

On the anniversary of the sinking of the Titanic, we thought we'd answer a question that's often asked,

"If they raised the Mary Rose, why not raise the Titanic?"

Allow our scaled diagram to explain...

A lamppost covered in dark vines that resemble a creature with long hair bent over. When the light is on, it looks like the head/skull is glowing.

I grew up on a diet of Scary Stories to Tell in the Dark... I swear these vines covering a lamppost in Wroclaw, Poland are straight out of my childhood nightmares.

GitHub - ic3qu33n/REcon2024-GOP-Complex: REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev"" REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev"" - ic3qu33n/REcon2024-GOP-Complex

v happy to finally share my slides for my @reconmtl.bsky.social 2024 talk “GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev.” Really proud of this talk + v grateful to the amazing REcon team for another incredible con 🖤
github.com/ic3qu33n/REc...

This is fake but if we boost it enough someone from the administration will claim it’s true during the congressional hearings so you know what to do

simpsons image. march yelling "war thunder no!" then bart, labelled "war thunder" says "what?" the marge says "sorry, force of habit"

Flyer for the Phrack 40th anniversary edition CFP. It contains the text of the CFP at phrack.org, with additional text "CFP EXTEND!! Papers due June 15 2025" and "Phrack Since 1985"

We heard you needed some more time, so we wanted to let you cook.

We decided to push the Phrack 72 CFP deadline back until June 15th.

Stay tuned for upcoming Phrack events.

Print this flyer out and give it to someone IRL!!

For $20,000/month, I will personally google stuff and paraphrase it for you into mostly-accurate answers.

Pumpkin (@u1f383 on X) does cool work. Here is another cool read about an interesting race condition involving signal handling
u1f383.github.io/linux/2025/0...

Zero Day Initiative — Announce Pwn2Own Berlin and Introducing an AI Category If you just want to read the contest rules, click here . Willkommen, meine Damen und Herren, zu unserem ersten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). ...

Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to @offensivecon.bsky.social and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at www.zerodayinitiative.com/blog/2025/2/...

I made an ImHex pattern file for the ftab file format used for Apple C1 firmware and Apple accessories
gist.github.com/matteyeux/d1...

OpenSSH 9.9p2 has just been released with fixes for two security problems reported by the Qualys Security Advisory Team: a denial-of-service in the default configuration and a host impersonation by on-path attackers when VerifyHostKeyDNS is enabled (off by default).

www.openssh.com/releasenotes...

Microsoft's own research confirms something that was already pretty obvious: relying on a text generating machine to come up with answers erodes critical thinking, and is a method favoured by those who never liked doing critical thinking in the first place

advait.org/files/lee_20...

They found a way to litter from space

for anyone interested in linux kernel or android security research, i'm experimenting with a custom feed here bsky.app/profile/did:...

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months.

osec.io/blog/2024-11...

New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒

Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:

blog.amberwolf.com/blog/2024/no...

Interesting paper by Erin Avllazagaj to automatically find Linux kernel objects being potentially useful for privilege escalation, tool is called SCAVY. www.usenix.org/system/files...

Qualys is at it again:

https://seclists.org/oss-sec/2024/q4/108

LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)


Original post

A view from a lake in the mountains

Touching grass
What else to remain sane?

Patch your crap

It would be really nice to be able to click on a starter pack and instead of just doing “follow all”, turn it instantly into a pinned feed

OpenSSH 9.6 has just been released: openssh.com/releasenotes...

Among other things, this release contains a fix for the so-called Terrapin Attack (terrapin-attack.com)