The authors present a new type of Spectre covert channel that exploits noncanonical address translation and bypasses canonically checks using LAM features. This method enables the exploitation of generic Spectre gadgets that are not covered by existing mitigations and are common in high-value targets like the Linux kernel. An end-to-end exploit is demonstrated, targeting upcoming Intel CPUs and capable of leaking sensitive information like the root password hash from kernel memory within minutes.
https://download.vusec.net/papers/slam_sp24.pdf
https://github.com/vusec/slam
https://www.youtube.com/watch?v=y4wZ-tREaNk
https://download.vusec.net/papers/slam_sp24.pdf
https://github.com/vusec/slam
https://www.youtube.com/watch?v=y4wZ-tREaNk
YouTube
SLAM: Spectre based on Linear Addres Masking
A demo of our SLAM attack leaking the root password hash on Ubuntu.
For more information on this attack, see the info page:
https://vusec.net/projects/slam
For more information on this attack, see the info page:
https://vusec.net/projects/slam
Leave the World Behind (wiki)
A disaster film about the beginning of World War III. It is noteworthy that except for the intimidation about hacker attacks and the ending with a nuclear strike on the nearest city to the viewer, there is no plot. Intimidation and silence.
Where is the government — the actors ask?
I see the film as a clear example of NSA and US Army propaganda that if we don't have the necessary tools and budgets, it will be like this. Do you want it? No, eat it!
But I watched the movie because the movie's director was Sam Esmail, who was also the director of Mr. Robot. I think because of him, the movie contains easter eggs, such as hackers attacks, Bikini Killer and E corp logo on laptop.
Another part of the movie is closer to the Mr. Robot movie. A t-shirt with “Bikini Killer” text is worn by the main character. “The Bikini Killer” refers to Charles Sobhraj, a notorious criminal, often known for his exploits in the 1970s across Asia. Sobhraj was known for his cunning manipulation and murder of tourists, earning him the nickname due to the attire of some of his victims. During the movie, characters worried about their safety and ability to continue to consume the internet and media. The small girl also worried about the ability to watch the last season of “The Friends”, before she asked to visit “The friends”'s coffee. At the end, she found the video and the last season. During the outbreak of World War III, she is carefree, watching Friends and eating candy. Consume and the rest of the world can wait.
A disaster film about the beginning of World War III. It is noteworthy that except for the intimidation about hacker attacks and the ending with a nuclear strike on the nearest city to the viewer, there is no plot. Intimidation and silence.
Where is the government — the actors ask?
I see the film as a clear example of NSA and US Army propaganda that if we don't have the necessary tools and budgets, it will be like this. Do you want it? No, eat it!
But I watched the movie because the movie's director was Sam Esmail, who was also the director of Mr. Robot. I think because of him, the movie contains easter eggs, such as hackers attacks, Bikini Killer and E corp logo on laptop.
Another part of the movie is closer to the Mr. Robot movie. A t-shirt with “Bikini Killer” text is worn by the main character. “The Bikini Killer” refers to Charles Sobhraj, a notorious criminal, often known for his exploits in the 1970s across Asia. Sobhraj was known for his cunning manipulation and murder of tourists, earning him the nickname due to the attire of some of his victims. During the movie, characters worried about their safety and ability to continue to consume the internet and media. The small girl also worried about the ability to watch the last season of “The Friends”, before she asked to visit “The friends”'s coffee. At the end, she found the video and the last season. During the outbreak of World War III, she is carefree, watching Friends and eating candy. Consume and the rest of the world can wait.
How many new investigations and arrests will be made?
https://twitter.com/JohnReedStark/status/1733497674110767550
https://twitter.com/JohnReedStark/status/1733497674110767550
X (formerly Twitter)
John Reed Stark (@JohnReedStark) on X
Breaking News: A Binance Double Whammy. 1) Newly Unsealed US DOJ Filings Could Mean the End of Binance; and 2) SEC Files Supplemental Pleading Against Binance, Strengthening the SEC Binance Lawsuit Exponentially
There’s been a flurry of newly released Binance…
There’s been a flurry of newly released Binance…
This media is not supported in your browser
VIEW IN TELEGRAM
Have a productive week my friends!
Adventures in Dystopia
Hi, my dear 😊 ! New day, new attack on web3 developers and artists. At this time, the scam link is https://fluffmania.com/. Attackers send this link in comments (for example, in our group, too) (pic) This site is looks like free-mint landing (do you like…
Another example of this scam setup is
This site uses the same scripts but another owner. I think, I found a pack, that scammermen may buy on darknet marketplaces.
The operator of this setup is: @JackMonkeyX (id: 6141385916)
Bot info: getChat, getMe, getUpdates,
Ethereum address: 0xd51d0208a30578bA63439788283CdFdcA5705Eb5 (etherscan)
His/Her old names:
├ 25.05.2023 - @AACONNECT | ᴀɴᴄɪᴇɴᴛ
├ 07.06.2023 - @AACONNECT | A N C I E N T ????
├ 29.06.2023 - @AACONNECT | A N C I E N T ℹ️
├ 05.07.2023 - @AncientCeo | A N C I E N T ℹ️
├ 14.07.2023 - @ethsapphire | sapphire.eth
├ 27.08.2023 - @crankusd | ᅠ ᅠ |
├ 26.09.2023 - @cl34n | ᅠ ᅠ |
├ 09.10.2023 - @HollywoodContact | 72b289x991o1i80ue
├ 12.10.2023 - @ | 72b289x991o1i80ue
├ 14.11.2023 - @JackMonkeyX | JACK | MONKEY
└ 12.12.2023 - @JACKMONKEYX | JACK | MONKEY
He/she was in:
├ @cpatexcis / Patex Community Chat CIS | июл,2023
└ @arbitration_chat / Арбитраж Chat | июл,2023
Update: The bot has been stopped, and the operator's account has been deleted.
https://twbox.onlineThis site uses the same scripts but another owner. I think, I found a pack, that scammermen may buy on darknet marketplaces.
The operator of this setup is: @JackMonkeyX (id: 6141385916)
Bot info: getChat, getMe, getUpdates,
Ethereum address: 0xd51d0208a30578bA63439788283CdFdcA5705Eb5 (etherscan)
His/Her old names:
├ 25.05.2023 - @AACONNECT | ᴀɴᴄɪᴇɴᴛ
├ 07.06.2023 - @AACONNECT | A N C I E N T ????
├ 29.06.2023 - @AACONNECT | A N C I E N T ℹ️
├ 05.07.2023 - @AncientCeo | A N C I E N T ℹ️
├ 14.07.2023 - @ethsapphire | sapphire.eth
├ 27.08.2023 - @crankusd | ᅠ ᅠ |
├ 26.09.2023 - @cl34n | ᅠ ᅠ |
├ 09.10.2023 - @HollywoodContact | 72b289x991o1i80ue
├ 12.10.2023 - @ | 72b289x991o1i80ue
├ 14.11.2023 - @JackMonkeyX | JACK | MONKEY
└ 12.12.2023 - @JACKMONKEYX | JACK | MONKEY
He/she was in:
├ @cpatexcis / Patex Community Chat CIS | июл,2023
└ @arbitration_chat / Арбитраж Chat | июл,2023
Update: The bot has been stopped, and the operator's account has been deleted.
When you thought that you create new word (infosectherapy), but it's already 5 results on Google
All your ssh servers are belong to NSA!
The Terrapin Attack is a security vulnerability targeting the SSH protocol, specifically breaking the integrity of SSH's secure channel. By manipulating sequence numbers during the handshake, an attacker can truncate messages without detection, potentially downgrading security and enabling phishing or Man-in-the-Middle attacks. The attack requires specific conditions, such as Man-in-the-Middle capabilities and the use of certain encryption modes, but affects a significant portion of real-world SSH sessions.
This vulnerability is significant for network administrators, cybersecurity professionals, and users of SSH for secure communication. It highlights the need for rigorous security measures and updates in SSH implementations.
Site: https://terrapin-attack.com/
Pre-print: https://terrapin-attack.com/TerrapinAttack.pdf
Vulnerability scanner: https://github.com/RUB-NDS/Terrapin-Scanner/releases
p.s.: have a nice day, my friends!
The Terrapin Attack is a security vulnerability targeting the SSH protocol, specifically breaking the integrity of SSH's secure channel. By manipulating sequence numbers during the handshake, an attacker can truncate messages without detection, potentially downgrading security and enabling phishing or Man-in-the-Middle attacks. The attack requires specific conditions, such as Man-in-the-Middle capabilities and the use of certain encryption modes, but affects a significant portion of real-world SSH sessions.
This vulnerability is significant for network administrators, cybersecurity professionals, and users of SSH for secure communication. It highlights the need for rigorous security measures and updates in SSH implementations.
Site: https://terrapin-attack.com/
Pre-print: https://terrapin-attack.com/TerrapinAttack.pdf
Vulnerability scanner: https://github.com/RUB-NDS/Terrapin-Scanner/releases
p.s.: have a nice day, my friends!