Simone Margaritelli Profile picture
Preoccupied with a single leaf, you won’t see the tree. Preoccupied with a single tree…you’ll miss the entire forest.
24 subscribers
Sep 23 6 tweets 2 min read
* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.
* Devs are still arguing about whether or not some of the issues have a security impact.

I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can't accept that their code is crap - responsible disclosure: no more.Image The writeup is gonna be fun, not just for the technical details of it, not just because this RCE was there for more than a decade, but as a freaking example on how NOT to handle disclosures.
Aug 29, 2022 8 tweets 2 min read
You can force any v8/Electron process to execute arbitrary js code (child_process, http, etc) by forcefully enabling and abusing the builtin debug mechanism ... here's VS Code executing Calc, but I suspect any Electron app is susceptible 🔥 it works with SIP enabled on macOS Image funnily i found out about this stuff while trying to hook vscode api calls in order to develop a security mechanism for the extensions ...
Jun 13, 2022 6 tweets 1 min read
my dream project is connecting a plant or fungus with electrodes as inputs of an artificial neural network, the outputs would activate wheels to move the thing around. given enough NN complexity and proper model, would the thing start showing behaviours?

royalsocietypublishing.org/doi/10.1098/rs… like: would some plants optimize actions over time to follow direct sunlight? would some maybe start going away from wifi signals or other RF that damages them? who knows what other kind of stuff these "neuro-augmented" plants would present!!! 🤯
Aug 27, 2021 7 tweets 2 min read
today i had some fun working on medusa, a fast and secure multi protocol honeypot that can mimic realistic devices running ssh, telnet, http or other tcp servers.

github.com/evilsocket/med… The plan is to implement tools like `medusa-shodan` that can "clone" a device from its shodan data. Aldo `medusa-nmap` to do the same by parsing an nmap scan report.
Jul 28, 2021 4 tweets 1 min read
Oh, look at that! Two years of basically no in real life conferences and yet researches have been shared, cool hacks have been made and overall information didn't stop circulating ... so who's the real beneficiary of them, the hackers, the community or the sponsors/organizers? i mean yeah it's cool having an excuse to meet with friends who live far from us, but that's all it is imo, and that could happen regardless of conferences organizers and sponsors ... so what's the point?
Apr 22, 2021 4 tweets 1 min read
By pure chance I just found a way to kernel panic my Mac via network packets. I can reproduce it every time ... I guess I’ll learn XNU debugging how the hell do i debug this?
Apr 21, 2021 4 tweets 1 min read
is compulsive coding a thing? training a new model on GB of data, for hours now, the GPUs work so hard i can smell them ... will it work? did i waste the last 2 weeks in a pointless feature engineering that'll lead to nowhere? the only thing i know is that i won't stop until i know if it works
Apr 17, 2021 7 tweets 2 min read
I said I would have written a blog post about this release, but i'm playing with another project this weekend so I'll just write a bit here about the new features. First of all, this release fixes several bugs in the WiFi module, so that the captured handshakes can now be processed by newer tools. Massive thanks to Mike / ZerBea for his help <3 Next ...
Mar 26, 2021 4 tweets 1 min read
i wonder if there's a way to modify Alexa/Google Home/whatever and make them react to farts, giving scores for loudness and duration 🤔 or maybe just implement it on a Rpi or something ... it's a ANN for classification and maybe a second stage for linear regression and scoring ... or the scoring could just be an heuristic on the amplitude and duration of the sample once detected ... medium.com/gradientcresce…
Mar 23, 2021 4 tweets 2 min read
Idea: a browser extension running YARA rules on everything you read. Image 3 hours later, what was a joke turned into an actual idea. Code mode on.