Teaching 15-213 again; we're in the part where we talk about C (and really, the CPU) behavior with unsigned & signed addition, shifts, etc.

This year I have a secret weapon when preparing examples: I write the code that generates the examples in Rust. 🀣 And then teach the students what happens in C.

(First, I enjoy Rust more and trust the results; second, being able to println! into a binary output is really handy for making the examples. And the playground.)

"With AI, now any idiot can write malware!"

As a security researcher, I can assure you that idiots have been writing malware for quite some time.

Amazon plans to close AmazonSmile, its program launched in 2013 that let customers donate 0.5% of eligible items' purchase prices to a charity, on February 20 (Addy Bink/The Hill)


Just to be clear this is a Windows utility not synthetic cocaine

Show thread

Computers used to scream out in pain when we connected them to the Internet.

This was a clue and we just didn't listen.

1/ A lot of people have been asking for an explainer on what is going on with Southwest Airlines and the massive meltdown that occurred. Hi, I'm TProphet. I write the Seat 31B travel blog (seat31b.com) and closely follow the airline industry. More importantly, I have a friend whom Southwest abandoned in Las Vegas until New Year's (along with his cat), and there was literally nothing I could do for him. Ready? Let's dive in.

RT @Richard_Kadrey
Leaving out the traditional Zardoz cookies for Santa.

Chipotle employee challenges you to a duel and slaps your face with a glove but it's one of those chainmail meat-chopping gloves and he wins immediately.

With the Guardian newspaper hit by ransomware, this is your occasional reminder:

We don't have a ransomware problem per se. We have a Bitcoin problem. Any financial system that can electronically transmit $5M ransoms without KYC/AML checks would do. But such a system is only cryptocurrency. Banks would rightly view allowing ransom payment as an exestential threat, while $5M in cash is 50kg, and needs to be picked up in person.


Trying to do OSINT on the developers of the LemonParty malware is very difficult

Zscaler has a breakdown of updates to the code of the Black Basta ransomware during November 2022.

These include changes to the ransomware's file encryption algorithms, the introduction of stack-based string obfuscation, and the use of per-victim file extensions.

Zscaler researchers believe the modifications are an attempt to better evade antivirus and EDR solutions.


At least 31 children were found to be working in the employ of Packers Sanitation Services Inc. in Nebraska and Minnesota. Packers is one of the largest food sanitation companies in the country with 17,000 employees servicing around 700 plants.


stoked to announce that @eric_capuano and i had our talk accepted at 🌡 @cactuscon 11 🌡!

"security operations with velociraptor" πŸ”₯πŸ¦–πŸ€“ can't wait!

check out the last @velocidex talk we did, "breaches be crazy - scaling forensics across many systems" - youtu.be/AuOWMz1nXqk

see you nerds in january :)

OK, so I'm going to drop a nice #ZeroDay here. At least I think it's 0day, but for bring your own vulnerable driver purposes it's still not blocklisted (despite reporting it months ago, maybe MS only adds drivers that are actively exploited):

BattlEye Anti-Cheat BEDAISY.SYS PPL privesc:

Have the string "top BEService&pi" somewhere in your executable PE image. You can just write it to .data if you want.
Load bedaisy.
Open its \\?\GLOBALROOT\Device\BattlEye device.
Write a 9-byte zerofilled buffer to it.
Congratulations, you just got WinTCB PPL, go tamper with lsass or whatever.

#AntiCheat #PrivEsc

I was a bit skeptical that there would be a Mastodon explosion but it’s looking like Elon’s giving it a run for his money.

Useful information on what you’ll find in your timeline. #Mastodon


Friend Zone: A place for friends.