🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

40 page whitepaper on Exploiting Sonos One Over-The-Air talk! nccgroup.com/media/uzbp3ttw…

Bypassing ARM Memory Tagging Extension (MTE) with speculative execution attacks arxiv.org/pdf/2406.08719 #ARM #infosec

Developers assume code runs deterministically, but fault injection attacks can prove otherwise. Are these attacks really “magical” and unpredictable? Or is there a method to the madness? Join inode down the rabbit hole of #hardwarehacking 🐇 🕳️ security.humanativaspa.it/fault-injectio…

At first, curiosity seeks answers. Then it asks for knowledge to find answers. Then you realize it all boils down to having great questions, in first place. And that creativity has groundbreaking powers. Then you became your unique mix of a scientist, an artist and a hacker.

Eighth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

Hello Rustaceans! Our technical director [email protected] is back at it. In this second installment of our #Rust series, “An offensive Rust encore”, he will guide you in bringing your skills to the next level by using a new PoC #RedTeaming tool as an excuse: security.humanativaspa.it/an-offensive-r…

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy! phrack.org

You have to understand that back in my day, it was possible to make a career out of sending a lot of AAAAAAs to computer programs

Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In contrast, we aim to find and fix them. Read the results of our RP2350 Hacking Challenge: rpltd.co/rp2350-challen…

In this new HN Security blog post, MrAle98 demonstrates how to leverage the I/O Ring technique to bypass the latest exploit mitigations, such as hypervisor-protected code integrity (HVCI), and achieve local privilege elevation on a recent Windows 11.   security.humanativaspa.it/from-arbitrary…

After releasing his PoC for CVE-2024-49138, MrAle98 is back with 2 new articles that provide background on Windows CLFS, analyze 2 distinct vulnerabilities patched by Microsoft’s KB5048685, and describe how to exploit them.   security.humanativaspa.it/cve-2024-49138…   security.humanativaspa.it/cve-2024-49138…

The unattainable unicorn in fault injection! Our latest article reveals that single-bit faults are possible on ESP32. Discover how some bits are easier to flip and why lowest voltage isn't always best. Join inode in his #hardwarehacking quest. security.humanativaspa.it/fault-injectio…

Hackers rejoice! We are releasing the Phrack 71 PDF for you today! Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue! The CFP is still open, you can find it and the PDF link at phrack.org

I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. darkmentor.com/blog/esp32_non…

A beautiful work from one of our most thorough and creative students at #TAoFI Happy to see how solid #faultinjection fundamentals and methodology, may yield great control onto an otherwise mysterious technique and blossom into great research. Well done! /cc Raelize

DDR5 Fault Injection Platform for Rowhammer Research by Stefan Gloor stefan-gloor.ch/ddr5

Exploring fault injection on ESP32 V3! Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical! security.humanativaspa.it/fault-injectio…

Our FI training #TAoFI is, in itself, a broad experiment in porting FI attacks across different techniques, from EMFI to VCC glithching. More on the process in our latest bog post: raelize.com/blog/espressif… And for the real experience, just join #TAoFI: raelize.com/training/

The hidden JTAG in your Qualcomm/Snapdragon device’s USB port linaro.org/blog/hidden-jt…

In our last blog post, our colleague Gianluca shares the story of a lucky discovery: a bug initially spotted during a routine assessment turned out to be a high impact vulnerability in Microsoft Graph API — earning a $3,000 bounty. security.humanativaspa.it/export-to-pdf-…