Thankfully, the mitigation seems to be simple: uninstall or firewall off cups. And most servers and containers should not have cups installed
Apr 23 • 43 tweets • 13 min read
im pirating Ableton Live suite 12
the .NFO has an interesting tidbit:
"does not modify any original binaries".
How does it work? lets find out. live reversing thread lets go
downloaded torrent is a split rar. lol
in 2024
Feb 7 • 7 tweets • 4 min read
In 2008, the Danish government used cutting-edge cryptography to auction 25,000 tons of beets.
The auction was needed to set the price of sugar beets. However, the farmers didn't want to show their hand. Rather than hire expensive consultants, they used MPC to implement this private auction.
But what's MPC, and how does it work? Let's build a MPC implementation from scratch. Here's how:
MPC, or multi-party computation, is about how multiple parties can do shared computations on private inputs without revealing those private inputs.
Suppose you and your friend want to compare who's richer, but without revealing your net worths.
MPC allows us to accomplish this, by computing the function (x > y), where x and y are private inputs.
In general, MPC can be used to build all kinds of useful protocols, like threshold cryptography, dark pools, and private auctions (for sugar beets)!
Apr 24, 2023 • 11 tweets • 3 min read
Announcing Smart Contract Fiesta:🎉
An open-source, high-quality dataset of over over 175M lines of Ethereum smart contract source code! It has about ~150k unique contract sources across 30M smart contracts.
Total contracts: 30,586,657
Contracts with code available: 3,897,319 (>10%!)
Contracts with code + unique bytecode: 149,386
Total LoC: 177,552,050
Dec 18, 2022 • 12 tweets • 5 min read
@chompie1337 CTFs = math competitions
Problem solving ability yes; but ruthlessly heavy on “guess the trick” and “get into the chal author’s brain” and “know chal fashion meta”.
I like to tell people to hack video games. More free form, less on rails, many possible solutions, more creative.
@chompie1337 CTFs should not be the ONLY answer for “how to get into security” because it’s on rails. It is good at teaching SPECIFIC tricks and skills. But chals often have ONE intended solution. Whereas security in general is all about finding the alternative and unintended paths.
Dec 9, 2022 • 4 tweets • 1 min read
Common misconception: Idle memory usage is bloat. "I have 32GB of RAM, why is 16GB used when nothing is open?"
No, this is fine. If the memory is installed, the OS should make full use of it. Caching and prefetching are crucial for performance. Do you want everything to be slow?
"In use" != "Unavailable memory"
Private bytes (non-shared, non-cached) is unavailable memory.
And that is not even considering swapping/paged vs non-paged.
Dec 1, 2022 • 4 tweets • 1 min read
OMG WTF
bro wtf...
Nov 19, 2022 • 18 tweets • 5 min read
A bug in WETH:
Wrapped ETH is a smart contract that has been in over 125 MILLION Ethereum transactions. This year, 11.5% of all transactions used Wrapped ETH.
But is it secure? I formally verified two critical safety properties with a SMT solver, Z3.👇🧵 zellic.io/blog/formal-ve…
WETH is an extremely simple smart contract. It clocks in at 62 lines of code. It's a simple utility contract that wraps native ether into a ERC20-compatible token.
That's why it's so popular: it lets devs avoid the hassles of native eth, simplifying code.
Jan 28, 2022 • 4 tweets • 1 min read
My final thoughts on this ordeal. 1/
1. Even if someone has done some reprehensible shit we should remember to not go too far. Everybody is human after all. And, dogpiling onto one person is cruel and can lead to horrible outcomes that everyone will regret.
2. This YT comment really bothered me. I do not want anyone to feel that infosec is filled with horrible mean people who will drag you through the mud. I want to make it clear that this was an absolutely exceptional case that goes far beyond simply being incorrect.
Mar 16, 2020 • 5 tweets • 3 min read
IDA pro tip: For custom calling convention, many people know __usercall (args / retval). But did you know __spoils for preserved and volatile registers? hex-rays.com/products/ida/s…
Before and after setting the proper __spoils. Notice how a1 and v4 are both aliased to r11? The problem is the callsite to `encryptcrap`, which hexrays treats as a fence if the call convention is underspecified (since r11 assumed as clobbered)