Just finished teaching the hypervisor class! Had many good interactions with students and enjoyed it a lot.
@hexacon_fr in October is the next opportunity. If you are interested in reading and writing hypervisors, or low-level technologies in general, come to Paris and join us.
This is the kind of thing that makes you appreciate even more Rust's approach to things. Signed overflow is always well defined: it causes a panic in debug builds and wraps as 2's complement in release builds. Plus `wrapping_add()`, `saturating_add()`, `checked_add()`, etc.
Little known fact: this is also true for u16 overflows (due to integer promotions) EVEN THOUGHT the standard SPECIFICALLY says signed integer overflow are 2s complement wrapping. C semantics are absolutely batshit insane.
Together with my session at #OC3 today I am excited to share that COCONUT-SVSM is now public! 🔒🌴
Check out the announcement at https://t.co/86lMB2pMHh or go directly to the GitHub space https://t.co/6AwwxQNFBz
#ConfidentialComputing
🧵1 @glitchnsec and I wanted to say thanks to the people whose CVE discoveries, vulnerability write-ups, and PoCs we used to create the material for #OST2 https://t.co/p91wOGHLVv. So thanks go out to the following contributors…
@LiveOverflow Looking at CVSS spec I'd say it IS a vulnerability:
- # users not relevant
- Attack vector: adjacent network
- User interaction: required
- Attack complexity: high
- Confidentiality, integrity and availability impact: high
That's a 7.1 CVSS score if no privileges are required :)
CVE-2022-24986: KCron: Insecure temporary file handling: Posted by Carlos López on Feb 25Hello list,
Find below our report for CVE-2022-24986: Insecure temporary file
handling in KDE KCron https://t.co/ojcbdC2Ks0
https://t.co/V5O9uawNXs
"How to stop running out of ephemeral ports and start to love long-lived connections"
Or
"Userspace Connectx() on Linux"
Or
"This is why we need kernel-side connectx()"
Or
"Why you can have tops 28K outbound UDP connections?"
Code
https://t.co/5cboWm18wa
@gamozolabs I wish we had a preference poll (i.e. with ordering) rather than binary yes/no options, since all of the topics you listed really are interesting, and I would personally like to see them all at some point!
Our writeups for ABBR and Beans Talk, from @asisctf.
We worked with @ripp3rsCTF for this CTF, great experience overall!
https://t.co/XDobDqed3E
https://t.co/71dbODjU7q
I’ve recently published my first writeup for “devprivops” bash challenge from #FWordCTF 2021 (by @FwordTeam).
Thanks to @ScavengerSec for their support.
https://t.co/248CiXZxby