Max

The second annual infosec fat bear bracket is here. Let’s gamble on some fat bears for charity. Brackets due ASAP. https://t.co/Gj0fv7oCyn

It's not obvious from the advisory, but the same code runs in RDP client. The issues have been patched in both. This would have allowed a malicious server to compromise a client without any alerting behavior, or a MitM attack with a warning confirmation.

August Patch Tuesday includes fixes for our internal finds in RDP, including RCE and remote info disclosure, and affecting Win 10 latest. The team successfully built a full exploit chain using some of these, so it's likely someone else will as well. Patch and enable NLA.

Did anyone find / exploit the serialization bugs in TelOoOgram during DEF CON CTF?

We've built tools for fuzzing based on emulation of a process snapshot captured via minidump. We're considering open sourcing the tool, and I'm curious about interest level from the rest of the world. (1/3)

Vectorized Emulation: Hardware accelerated taint tracking at 2 trillion instructions per second https://t.co/AAZfnqXeQQ

After Trump was elected, I felt unsafe. I thought that electing a man as president who has assaulted women would normalize that behavior, make assault seem inconsequential to a perpetrator. Right now, I feel worse. It’s normalized, all right.

So what’re we supposed to be doing about the ongoing calls from numbers in our area code? It’s old...

Came in 1st in CSAW 2018 Quals! Kudos to all who played, it was a tough competition this year! See y'all at finals!