I wipe all my tweets every so often.

exploitbench.ai/ Awesome work from Seunghyun and Prof. Brumley!

Are there any agents yet that can organize my iPhone apps? This is so needed…

I’ve seen the future and it is bad. Real experts will spend all of their time explaining to people why the AI is wrong/hallucinating.

Awesome work!! Looking forward to testing it out! @lukasarnld is the source going to be released?

Congrats to the @cursor_ai teams! 100% deserved. Truly the most usefully AI based tool I use. Game changer!

In light of the OpenSSH RCE advisory published today by Qualys: blog.qualys.com/vulnerabilit…, where it references our March blog while discussing ASLR weaknesses being key to feasible modern i386 exploitation, here it is again in case you missed it:

CVE-2024-6387 - Signal Handling Race condition results in remote root exploit of OpenSSH w/glibc. Found by @qualys - tagging @mdowd as this looks familiar to his prior SSH work and is referenced. qualys.com/2024/07/01/cve-20…

Any recommendations on improving @cursor_ai for use with large and complex rust projects? It unfortunately isn’t able to follow along nearly as well as other languages.

One of if not *the best* presentation on the 0day market and how it works. All you cellular folks - pay attention to the comments on dealing with sending over cellular carriers. I mentioned this back in the OMADM days. Pain the in ass but not impossible.

What are everyone’s thoughts on sandboxing vs VMs? Especially in mobile. Would a Qubes like OS be better than current sandboxing? Especially if the kernels weren’t *nix based?

Any recommendations on what to use to monitor/log 3rd party software/library versions in their dev stacks and environments? Ideally something that will alert for new CVEs?

People will disagree with me - but if you want to start putting pressure on both the spyware devs and the OEMS… start publicly releasing the full exploit chains and implants. It will wreak havoc on all sides. Sorry but IOCs/hashes don’t slow down offensive tool usage.

LTE/5G IMO is LESS secure than 2G when it comes to true RCE (no fake basestation) part 2: @natashenka’s presentation on Shannon hacking is one of the best overviews on true remote baseband hacking I have seen in a long time! Amazing work Natalie! Dealing with carrier filtering/packet modification has been a bane of my existence since 2014. I mentioned it in my slides back then too! hardwear.io/usa-2023/present… m.youtube.com/watch?v=NnmAik… Link to my old talk: 2014.ruxconbreakpoint.com/as… P.S. If you made it this far down - my next tweet will talk about why nation state (or even just well funded private entities) have less issues with carrier filters than standard researchers. P.P.S. Accidentally deleted the original part 1 tweet. Has to repost it.

LTE/5G IMO is LESS secure than 2G when it comes to true RCE (no fake basestation). The IMS/VoLTE stacks can be hit from anywhere in the world with just a phone number. Media parsing, XML, etc... Android in baseband, iOS in userland. Plenty of 0days to be found. Have fun! P.S. Project Zero has dropped some fun bugs @natashenka P.P.S. I can confirm this area has been a heavily hit target by offensive companies for years. I'm taking a break from cellular so I figured I would drop some fun info.