Mickey

The Three Buddy Problem visits Ekoparty Miami: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier. Plus, thoughts on AI disruption and why "the model can do it" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away. Apple Podcasts https://t.co/1ZcIAbSGO5 Spotify https://t.co/wDEbdngWwa Transcript https://t.co/DcJBmcTuEl

AMD is shipping a vulnerable kernel driver in the Razer Blade 16 BIOS updater. its sitting in the same folder as ANOTHER vulnerable driver that's been publicly known and documented as dangerous for years both are signed. both can be weaponized by malware to bypass your antivirus, take complete control of your computer from the inside, read anything stored in memory including passwords and crypto wallet keys, and load ransomware /Malware without your PC putting up a fight this is exactly what ransomware / malware operators and state backed groups hunt for every single day

GPU-Z is on basically every gaming PC on earth. TechPowerUp makes it. they also make Sapphire TRIXX. What I found is insane... both ship TRIXX.sys. IOCTL 0x800060C4 calls HalSetBusDataByOffset with user-controlled bus, device, function, and offset. any local process. no admin. reprogram any PCI BAR to any physical address. map it. arbitrary physical memory R/W from ring 3. a GPU info tool with the keys to your entire system. EV cert. valid through April 2028.

https://t.co/I7ZRtFhti5 found a 25KB WHQL signed driver from https://t.co/dpXTuPquUc. its a french hardware inventory tool people install to check what GPU they have. 7 IOCTLs, zero validation. no security descriptor on the device. FILE_ANY_ACCESS on every IOCTL. any user can open it. no admin needed. no UAC. unrestricted wrmsr. no whitelist. write IA32_LSTAR and every syscall on the system hits your code. the instruction takes single digit nanoseconds. arb physmem read up to 2MB per call, MSR read/write, port I/O, PCI config R/W. It wasn't on loldrivers. not on hvci blocklist. no CVE. 0/68 on VT