SPR was designed specifically to eliminate these attacks. Almost all other WiFi deployments carry inherent disconnects between L2/L3 that enable MITM attacks and packet injection, whether EAP-TLS or WPA3.

RIP @steaIth

Reminder we are looking for talented security researchers in all areas (iOS, Android, Browser, 0click, AI) 🚀🚀 DM me or shoot us an email at catalystsecurity.com 🦊

Anyone knows if there are any coworking spaces in Tokyo where the HotDesk (daily pass) seats come with chairs that have wheels and armrests? It would be even better if they also provide external monitors. At WeWork, I noticed HotDesk doesn’t have those kinds of chairs. Thank you!

🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memo…

These days, when I see the results of bug hunting using AI, I truly feel glad that I retired early. Theori at aixcc: theori.io/blog/exploring-tra… Google big sleep: issuetracker.google.com/issu… Xbow: xbow.com/blog/top-1-how-xbow…

As a New Year resolution, consider applying to Project Zero :)

The Parallels VM escape bug reminds me of a bug I reported to VMware about two years ago. I was waiting until a patch was released before posting, but I ended up forgetting. Just an LPE bug on the host side, feel free to check it out if you're curious. (A colleague of mine forgot his MacBook password, so I discovered the bug in order to read the admin hash and crack it. He made a 'guest' account luckily before.) The diagram might look ugly, tho. PoC is available if you want, but it's a simple logic bug, so easy to exploit.

For a new setup (Mac mini and LG Dual-up display), I spent some hours and it’s pretty nice! Cursor so much helped me out crash prl_vm_app on the host side (Parallels VM escape). Have not finished the exploit yet but it’s likely exploitable. (Sorry, the cables are still messy.)

This is an older feature, but it's still one of my favorites in Parallels. Using the prlctl command, you can easily load snapshots right from the Terminal. (If you’re curious about any commands, ChatGPT provides great explanations!) Especially during kernel-level fuzzing, when the system tends to slow down significantly, it’s often more efficient to restore a snapshot than to perform a clean-up. The same applies to user-level fuzzing as well.

Google Tokyo office was amazing! Great food and view. And the location is golden. Thanks for feeding me! @kapitanpetko Probably I need another chance to visit there again for the party.

Who comes to PoC conference this year? Speaker list is here - powerofcommunity.net/speaker…

Tokyo is a paradise for hackers who love booze and bar bites. See you at CODEBLUE! codeblue.jp/2024/en/time_tab…

There are AI security-related talks at SSTF, the security conference hosted by Samsung. They'll cover AIxCC (Defcon contest) Also other technical sessions. It's unclear if English interpretation is available, but if you're in Korea, it's worth attending! research.samsung.com/sstf

Do any of my X friends know a sales representative from Micro Focus, OpenText? Need quick communication regarding a purchase. Asking for a friend, thank you!