• about
• apt
• arduino
• autoconf
• awk
• aws
• bind
• c++
• cassandra
• chef
• chromium
• common-lisp
• cron
• curl
• daemontools
• diff
• docker
• dtrace
• emacs
• exiftool
• forth
• git
• glibc
• haproxy
• hipchat
• ld
• lisp
• llvm
• logrotate
• lsof
• man
• mdadm
• memcached
• minicom
• mod security
• mtr
• mutt
• mysql
• nasm
• ncdu
• netstat
• nginx
• nmap
• nss
• offlineimap
• openldap
• operations checklist
• oracle ilom
• osslsigncode
• pacman
• patch
• phusion passenger
• pkgin
• pkitool
• procedural content generation
• procfs
• qemu
• qmake
• rabbitmq
• radare2
• rinetd
• rpm
• rsync
• ruby
• rust
• scheme
• sed
• ssh
• strace
• stunnel
• sudo
• sysbench
• tangle
• tar
• tcpdump
• telnet
• tmux
• transport layer security
• vim
• wget
• windows
• yum
• zfs
• american fuzzy lop
• android
• apache http server
• apache spark
• apk alpine
• arp
• ascii art
• bash
• binary coded decimal
• binary hacks
• binary visualization
• blackberry
• books
• c
• cisco
• cobol
• concepts
• console fun
• core war
• couchdb
• cvs
• databases
• data structures
• debugging
• demoscene tricks
• dns
• email
• epub files
• firefox
• flynns taxonomy
• fortran
• gcc
• gdb
• github
• gnome
• gnu screen
• go
• gocd
• google
• gpg
• graphviz
• grub
• hardware
• heroku
• http
• imagemagick
• ios (apple)
• java
• journal
  • 2017
    • 09
    • 10
    • 11
    • 12
  • 2018
• kafka
• kotlin
• kubernetes
• latex
• linux
• lldb
• lua
• lvm
• macos
• makefile
• mesos
• meta
• microsoft - excel
• ml
• mongodb
• multimedia
• Mutt
• nagios
• networking
• nfs
• node.js
• objective-c
• odbc
• openbsd
• openpgp
• openssl
• openvpn
• operating systems
• orientdb
• people
• perl
• phones
• php
• postfix
• postgresql
• pretotyping
• processors
• prolog
• python
• reconnoiter
• red hat
• refactorings
• restructuredtext
• riak
• samba
• scapy
• sdl
• security
• smalltalk
• smartos
• solaris
• sphinx
• spinnaker
• sql
• sqlite
• supercomputers
• svn
• swift
• systrace
• tcl
• tcp wrappers
• telcos
• tensorflow
• terraform
• to do
• tvos (apple)
• unix
• vagrant
• vault
• veles
• virtualbox
• virtual reality
• vnc
• watchos
• weberp
• Web Programming
• web programming
• web services
• wise installer
• xml
• x windows
• zookeeper

September 2017

BlueBorne attack

https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

It turns out most Bluetooth stacks are terrible.

Design of Display Processors

https://twitter.com/rob_pike/status/907164275965255685
http://cva.stanford.edu/classes/cs99s/papers/myer-sutherland-design-of-display-processors.pdf

Distrusting Symantec Certs

https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html

ABI Compliance Checker

http://ispras.linuxbase.org/index.php/ABI_compliance_checker

Sandsifter

Black Hat presentation
https://github.com/xoreaxeaxeax/sandsifter

Root Causes of Chrome Certificate Errors

https://research.google.com/pubs/pub46359.html

To our surprise, we find that more than half of errors are caused by client-side or
network issues instead of server misconfigurations.

CLKSCREW

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang

More Intel ME 0wnage

https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

Fake packages in PyPI

http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/

Optionsbleed

CVE-2017-9798
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html

FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks

http://blog.talosintelligence.com/2017/09/fin7-stealer.html
What makes this one interesting is the obfuscation techniques

The function body of the evaluated JavaScript appears to be within a multi-line comment, however, in reality this is evaluated as a multi-line string.

Linux PIE/stack corruption (CVE-2017-1000253)

https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt