@aurelsec.bsky.social
Hackademic at S3@eurecom
Discounted early bird registration for WOOT '25 is still open until Monday - www.usenix.org/conference/w... - join us in Seattle on Aug 11/12 (right before USENIX Security) for talks and discussions on great cutting-edge offensive security research. Full program at www.usenix.org/conference/w...
17.07.2025 13:23 — 👍 3 🔁 5 💬 1 📌 0
Our research on open tunneling servers got nominated for the Most Innovative Research award :)
The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security
Brief summary and code: github.com/vanhoefm/tun...
Paper: papers.mathyvanhoef.com/usenix2025-t...
Une pétition vient d'être lancée sur le site de l'AN pour demander au gouvernement français d'arrêter d'utiliser X pour ses communications officielles.
Je l'ai évidemment signée.
Avec toi ?
(Et on fait tourner l'info)
petitions.assemblee-nationale.fr/initiatives/...
Détecter les contenus pédocriminels en ligne : quelles options techniques ? Quels risques pour la vie privée ?
theconversation.com/detecter-les...
Huge implications from this: Microsoft cut off the email of the chief prosecutor of the International Criminal Court, because of his work on Israel www.nytimes.com/2025/06/20/t...
20.06.2025 18:18 — 👍 1356 🔁 718 💬 43 📌 107Zonenberg et al. extract its one-time programmable memory through passive voltage contrast 🔬 using a focused ion beam ⚡: www.usenix.org/conference/w...
19.06.2025 12:48 — 👍 1 🔁 1 💬 0 📌 0Two winners of the RP2350 Hacking Challenge will present their results at WOOT!
Muench et al. break its secure boot guarantees through voltage, electromagnetic, and laser fault injection 💥 techniques: www.usenix.org/conference/w...
Our OffensiveCon talk on stateful baseband emulation (and how improper string handling led to baseband RCE) is available on YouTube: youtu.be/zoAITq7jUM8. It has been a pleasure; awesome conference, brilliant people. Slides and paper: www.danielklischies.net/research/bas...
28.05.2025 11:21 — 👍 8 🔁 3 💬 0 📌 0
Since mid-2024, Google has refused to reinstate the access Nextcloud needs for uploading and syncing other file types to its host-your-own cloud platform.
14.05.2025 18:46 — 👍 28 🔁 9 💬 0 📌 3
Haven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!
14.05.2025 06:45 — 👍 29 🔁 17 💬 2 📌 3📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going public this week. Dyon will present at IEEE S&P on Monday 3pm, while David and I will be on stage at @offensivecon.bsky.social on Saturday 11am with even more details! 1/6
11.05.2025 10:23 — 👍 13 🔁 7 💬 1 📌 1
Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs. My findings are based on TM SGNL's source code, and they are corroborated by hacked data micahflee.com/despite-misl...
06.05.2025 20:00 — 👍 783 🔁 332 💬 23 📌 89
I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes micahflee.com/tm-sgnl-the-...
02.05.2025 21:36 — 👍 1279 🔁 464 💬 32 📌 51
For the past while J-P at @newae.com has been working on a major #ChipWhisperer doc refactor - this is now live, check out chipwhisperer.readthedocs.io/en/latest/in... . It moves software, hardware, and even some tricks/tips all into once place using Jupyter Books. Huge improvement in usability!
14.03.2025 22:14 — 👍 8 🔁 6 💬 0 📌 0
Amazon product page displayed in a browser window for the book titled 'Engineering Bridges That Don’t Fall Down' by Colin O'Flynn. The book cover shows a partially collapsed steel bridge against a blue sky. The page lists the book as having 4.5 stars from 132 reviews, priced at $29.99 for paperback and $9.99 for Kindle.
Here you are @oflynn.com :)
22.04.2025 09:47 — 👍 2 🔁 0 💬 0 📌 0💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
On est d'accord que...
20.04.2025 13:04 — 👍 2009 🔁 356 💬 66 📌 13
Defend the Internet Archive. Protect the Wayback Machine. Tell the music labels: Drop the 78s lawsuit. Sign our open letter on change.org
📢 The Internet Archive needs your help.
At a time when information is being rewritten or erased online, a $700 million lawsuit from major record labels threatens to destroy the Wayback Machine.
Tell the labels to drop the 78s lawsuit.
👉 Sign our open letter: www.change.org/p/defend-the...
🧵⬇️
Logiciels espions : 21 pays s’engagent à lutter contre la prolifération des armes numériques
04.04.2025 16:22 — 👍 17 🔁 5 💬 2 📌 4And pretty please, let's move S&P from San Francisco and NDSS from San Diego. Thanks 😘
20.03.2025 10:54 — 👍 18 🔁 4 💬 0 📌 1
Finally finished uploading my "Intro to PCB Design" lectures from my class this semester - Part 1 at youtu.be/N544CMR8I-M and rest linked from there. Slides and example project for students to complete at github.com/colinoflynn/... if you want to reuse it! #pcb #pcbdesign #electronics #kicad
30.03.2025 19:27 — 👍 33 🔁 10 💬 1 📌 0
Screenshot of X post: https://x.com/mer__edith/status/1902383162065400296, part 1 BAT SIGNAL: A law in France that would mandate a backdoor in end to end encrypted communications is set for a vote within the next day, after some start-stop skirmishes. The French Narcotraffic law would require encrypted communications providers—like Signal—create a backdoor by giving the government the ability to add themselves to any group or chat they like. In the name of (checks notes) fighting drug trafficking. While those hyping this bad law have rushed to assure French politicians that the proposal isn’t’ ‘breaking encryption’ their arguments are as tedious as they are stale as they are laughable. For those catching up, let’s review the basics: end to end encryption must only have two ‘ends’—sender and recipient(s). Otherwise, it is backdoored. Whatever method is devised to add a ‘third end’ —from a perverted PRNG in a cryptographic protocol, to vendor-provided government software grafted onto the side of secure communications that allow said government to add themselves to your chats—it rips a hole in the hull of private communications and is a backdoor. Indeed, the ghost participant proposal was roundly rebuked (humiliated, even) when it was first proposed in 2019 in the UK. The technical community was united, and it was never implemented in law or otherwise.
Screenshot of X Post, Meredith Whittaker, President of Signal https://x.com/mer__edith/status/1902383162065400296 We cannot accept any backdoor, however it’s dressed up. Communications don’t stay within jurisdictional boundaries. Which means a hole created in France becomes a vector for anyone wanting to undermine Signal’s robust privacy guarantees, anywhere. Instead of contending with unbreakable math, they only have to compromise a French government employee, or the vendor-provided software used to sideload government operatives into your private chats. This is why, as always, Signal would exit the French market before it would comply with this law as written. At this moment especially, there is simply too much riding on Signal, on our being able to forge a future in which private communication persists, to allow such pernicious undermining. We hope—WE HOPE—that this callow, dishonest attack will fail, and will be the last. We would love to get back to the work of maintaining and improving our core technologies, instead of fighting legislation which is distinguished in nothing as much as its refusal to listen to decades of expert consensus in its drive to imperil global cybersecurity and the human right of privacy.
"Signal would exit the French market before it would comply with this law as written"
Meredith Whittaker @meredithmeredith.bsky.social, President of Signal @signal.org
Merci @gabrielthierry.bsky.social de revenir sur l'histoire incroyable des #ShadowBrokers en plusieurs parties #MustRead
Partie 1
open.substack.com/pub/pwned/p/...
Partie 2
open.substack.com/pub/pwned/p/...
Partie 3
open.substack.com/pub/pwned/p/...
Tamarin book draft v0.9
Nearly finished! "Modeling and Analyzing Security Protocols with Tamarin: A Comprehensive Guide" (Basin, Cremers, Dreier, and Sasse) will be published by Springer in the near future.
I'm very happy to announce that a full draft of our book is now available for download at tamarin-prover.com/book/
Petit récap sur les amendements déposés sur la loi narcotrafic :
- réintroduction de l'article 8 ter sur les applis chiffrées par Olivier Marleix (LR) www.assemblee-nationale.fr/dyn/17/amend...
- mais aussi par Paul Midy (EPR) dans une versionTRES proche : www.assemblee-nationale.fr/dyn/17/amend...
Pour l'heure, aucun amendement du gouvernement à la #PPLNarcotrafic discutée à partir de lundi ne rétablit feu l'article 8ter (accès aux communications chiffrées). Mais on trouve trois amendements parlementaires, peu ou prou identiques (ça alors !), qui en proposent une version remaniée.
14.03.2025 16:29 — 👍 6 🔁 5 💬 2 📌 1
Chiffrement et «portes dérobées» : sur X, la ministre du Numérique C. Chappaz plaide pour un «équilibre». Mais lequel ? Soit il y a obligation de résultat, soit il n'y en a pas. Et la situation actuelle (obligation de moyens pour les opérateurs + piratage légal) n'est-elle pas un «équilibre» ?
04.03.2025 15:05 — 👍 4 🔁 1 💬 1 📌 0Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at www.usenix.org/conference/w...
28.02.2025 20:56 — 👍 5 🔁 10 💬 0 📌 2
Ce dernier propose de permettre aux fournisseurs concernés par l’obligation de créer une porte dérobée d’opposer une impossibilité technique.
www.assemblee-nationale.fr/dyn/17/amend...
www.assemblee-nationale.fr/dyn/17/amend...
