aurelsec

USENIX WOOT Conference 2026: two submission deadlines this year!

- Cycle 1: December 12, 2025 *only one month away* !
- Cycle 2: March 3, 2026

WOOT still has a SoK track and an "Up-and-coming track" (~Industry), CFP for details:
www.usenix.org/conference/w...

« Faut leur tirer dans la gueule ! » : la manifestation de Sainte-Soline vue par les gendarmes Mediapart et « Libération » révèlent des images inédites du 25 mars 2023, filmées par les caméras-piétons des gendarmes. Elles montrent des consignes prohibées et dangereuses données par la hiérarchi…

C'est un document sans précédent : les caméras-piétons des gendarmes mobiles engagés à Sainte-Soline en 2023 dévoilent un maintien de l'ordre fascisant où tous les excès sont permis avec les encouragements de la hiérarchie. À partager. www.mediapart.fr/journal/fran...

(Self-)Nomination for the USENIX Security '26 Artifact Evaluation Committee (AEC) For the seventh year, USENIX Security allows the evaluation of artifacts that support a paper: software, hardware, evaluation data and documentation, raw measurement data, raw survey results, mechaniz...

Last chance to (self-) nominate for USENIX Security'26 Artifact Evaluation Committee!
You should expect a low load of ~1 artifact for functionality/reproducibility assessments per cycle (max 3 for the whole year).

Please support Open Science and fill the form by Oct 17: forms.gle/WoYRX4govNY1... 🚀

Merci pour le post :)

À #SecSea2k5 Aurélien Francillon d'Eurecom relate les expériences hallucinantes d'écoutes en reconnectant avec les documents NSA déclassifiés en parallèle 😁
✅ Bluetooth 😧
✅ JTAG fait tout fuiter "quand le 𝑗𝑖𝑡𝑡𝑒𝑟 révèle le calcul de la puce" 👏🏻
Génial 👍🏻

Chat Control Is Back on the Menu in the EU. It Still Must Be Stopped The European Union Council is once again debating its controversial message scanning proposal, aka “Chat Control,” that would lead to the scanning of private conversations of billions of people. Chat

The Danish Presidency is pushing a dangerous proposal in the EU that would allow the government to scan all our private communications. www.eff.org/deeplinks/2...

Signal calls on Germany to vote against ‘Chat Control,’ saying it would leave EU market The head of the Signal Foundation raised concerns around Germany now refusing to say whether it will support Chat Control in an upcoming vote.

Signal to leave EU rather than comply w/ Chat Control, which would scan all messages sent over end-to-end encrypted platforms. Vote on Chat Control's future Oct 14. Germany is the swing vote. Officials there opposed the measure in past but new govt silent re position
therecord.media/signal-calls...

Source: American Cryptology During the Cold War, 1945-1989 Book III: Retrenchment and Reform, 1972-1980 (declassified)
archive.org/details/cold...
Which I found thanks to this nice article by @hashbreather.bsky.social
blog.cr.yp.to/20251004-wea...

Interesting story how DES 56 became a 56-bit key algorithm (while having a 64-bit block size):
"NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately, they compromised on a 56-bit key."

Emmanuel Macron écarte l'option d'un gouvernement de gauche au nom de "la stabilité institutionnelle" | TF1 INFO [VIDÉO] Emmanuel Macron a exclu lundi soir l'idée de nommer un Premier ministre issu du Nouveau Front populaire. Les représentants de l'alliance de gauche dénoncent "un coup de force" et appellent à u...

Archives du 26 juillet 2024 : Emmanuel Macron écarte l'option d'un gouvernement mené par @luciecastets.bsky.social au nom de "la stabilité institutionnelle".

Stop Chat Control: Why scanning all our private messages is a very bad idea 🔴 Webinar - Tue 30 Sep 18.30h CEST

Tomorrow at 6:30 PM the EU Green Parliament group holds a webinar on #ChatControl
act.greens-efa.eu/chatcontrol

The battle to stop Chat Control continues, act now! Unfortunately, the battle against Chat Control continues this month. For human rights, for civil liberties, for safety, and for democracy, this privacy-wrecking proposal must be stopped. We need your ...

"Bad news: The proposal is going forward to be voted on on October 14th, and there's still no blocking minority achieved, as Germany reverted its position to undecided.

Good news: There is still time to fight back!"

Shut this monstrosity down NOW

Le projet de loi pour espionner vos conversations privées WhatsApp revient sur la table, l'opposition se mobilise Le projet de règlement européen CSAR (appelé « chatcontrol » par ses opposants, pour « contrôle des conversations ») revient sur le devant de la scène, et les scientifiques tirent (à nouveau) la sonne...

Le projet de loi pour espionner vos conversations privées #WhatsApp revient sur la table, l’opposition se mobilise 01net.com/actualites/l... via @01net.com
#EURECOM
@aurelsec.bsky.social

The table of contents for Phrack 72 from phrack.org

At long last - Phrack 72 has been released online for your reading pleasure!

Check it out: phrack.org

Phrack 72 released today. phrack.org/issues/72/1

It got me thinking. I first read Phrack back in the 90's as I started hanging out on IRC (maybe '93 or '94?), as I was learning about FreeBSD and later, Linux. It must have been Phrack 43-45 where I started.

What a wild ride on the Internet.

I reverse engineered Lockbit's Linux ESXi variant, also explaining how I did some of the steps! For the fun of it, cause reverse engineering is lots of fun. Enjoy!
hackandcheese.com/posts/blog1_...

@blackhoodie.bsky.social will be at @sec-t.bsky.social on September 10th with a training on Linux Malware Reverse Engineering, for women by women! We have very few seats left 😁 blackhoodie.re/SecT2025/

WOOT '25 Technical Sessions

Discounted early bird registration for WOOT '25 is still open until Monday - www.usenix.org/conference/w... - join us in Seattle on Aug 11/12 (right before USENIX Security) for talks and discussions on great cutting-edge offensive security research. Full program at www.usenix.org/conference/w...

Our research on open tunneling servers got nominated for the Most Innovative Research award :)

The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security

Brief summary and code: github.com/vanhoefm/tun...
Paper: papers.mathyvanhoef.com/usenix2025-t...

Une pétition vient d'être lancée sur le site de l'AN pour demander au gouvernement français d'arrêter d'utiliser X pour ses communications officielles.
Je l'ai évidemment signée.
Avec toi ?
(Et on fait tourner l'info)
petitions.assemblee-nationale.fr/initiatives/...

Détecter les contenus pédocriminels en ligne : quelles options techniques ? Quels risques pour la vie privée ? Peut-on détecter automatiquement les contenus pédopornographiques en ligne sans ouvrir la voie à la surveillance de masse ?

Détecter les contenus pédocriminels en ligne : quelles options techniques ? Quels risques pour la vie privée ?
theconversation.com/detecter-les...

Huge implications from this: Microsoft cut off the email of the chief prosecutor of the International Criminal Court, because of his work on Israel www.nytimes.com/2025/06/20/t...

Zonenberg et al. extract its one-time programmable memory through passive voltage contrast 🔬 using a focused ion beam ⚡: www.usenix.org/conference/w...

Two winners of the RP2350 Hacking Challenge will present their results at WOOT!

Muench et al. break its secure boot guarantees through voltage, electromagnetic, and laser fault injection 💥 techniques: www.usenix.org/conference/w...

YouTube video by OffensiveCon OffensiveCon25 - Daniel Klischies and David Hirsch

Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...

“Google wanted that”: Nextcloud decries Android permissions as “gatekeeping” Without full file access, it’s kind of hard to use your own cloud.

Since mid-2024, Google has refused to reinstate the access Nextcloud needs for uploading and syncing other file types to its host-your-own cloud platform.

Haven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!

📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going public this week. Dyon will present at IEEE S&P on Monday 3pm, while David and I will be on stage at @offensivecon.bsky.social on Saturday 11am with even more details! 1/6

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs Despite their misleading marketing, TeleMessage, the company that makes a modified version of Signal used by senior Trump officials, can access plaintext chat logs from its customers. In this post I ...

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs. My findings are based on TM SGNL's source code, and they are corroborated by hacked data micahflee.com/despite-misl...

TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials Yesterday, a Reuters photographer captured a photo of the freshly-ousted former National Security Advisor Mike Waltz checking his Signal messages during a Trump cabinet meeting. If you're not familiar...

I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes micahflee.com/tm-sgnl-the-...