🦾6 AI Tos Used by Hackers

🔹Poisongpt
🔹Wormgpt
🔹Speechif.ai
🔹Deepl.ai
🔹Freedom.ai
🔹Passgan.ai

🔖#infosec #cybersecurity #hacking #pentesting #security

Say it with me...
Network vulnerability!!!

A quick story/rant.. my cousin got my mother a new coffee maker. I don't expect my mom to use the WiFi functionality, but I'm still concerned about why we would need a whole coffee maker to have a small computer in it... I understand the versatility of not having a hub, and that hubs are also a single point of access for any malicious actors, but I'm sure a hub for multiple devices instead of a thing for a coffee maker would be updated much more frequently, and supported for longer.
If nothing else, maybe I can pull it into my janky Home Assistant setup somehow.

Even if it doesn't end up being a gateway for snooping on home network, it is quite silly, in my opinion.
Now, I must go check to see if anyone's hacked at these yet lol...

#NetSec #Networking #cybersecurity #cybersec #IoT #smarthome #coffee #keurig #hacking

Electronics mystery! When showing an audio signal on an oscilloscope, you can hear that sound with a solar panel. That shouldn't be possible!

youtu.be/LSD7pTb9A2Q

#oscilloscope #music #light #modulation #electronics #hacking 🔌 💡 📺 🔊

I implemented Ken Thompson’s Reflections on Trusting Trust (1984 Turing Award Lecture) compiler #backdoor for the GNU Compiler Collection (GCC). The backdoor maintains persistence by re-injecting itself to any new versions of the compiler built. The secondary payload modifies a test application by adding a backdoor password to allow authentication bypass:

$ cat testapp.c
#include <string.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{
if (argc == 2 && !strcmp(argv[1], "secret"))
{
printf("access granted!\n");
return EXIT_SUCCESS;
}
else
{
printf("access denied!\n");
return EXIT_FAILURE;
}
}
$ gcc -Wall -O2 -o testapp.c -o testapp
$ ./testapp kensentme
access granted!
$

I spent most time (around two hours) writing the generalized tooling that produces the final quine version of the malicious payload. Now that this is done, the actual code can be adjusted trivially to exploit more target code without any need to adjust the self-reproducing section of the code. This method of exploitation could be extended to target various binaries: SSH Server, Linux Kernel, Setuid binaries and similar. While itself written in C, the secondary payloads can target any programming languages supported by GCC.

It should be noted that GCC build checks for malicious compiler changes such as this. This check can – of course – also be bypassed. However, most serious projects have measures in place to avoid hacks of this nature.

Some links:
- Ken Thompson's "Reflections on Trusting Trust" paper: cs.cmu.edu/~rdriley/487/papers…
- David A. Wheeler: "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers" dwheeler.com/trusting-trust/

#hacking #exploitdevelopment #kenthompson #infosec #cybersecurity @vegard

Das ist so absurd. Man weiß wirklich nicht, ob man lachen oder weinen soll. phpMyAdmin ist offenbar ein »gefährliches Hackertool« im Sinne des Hackerparagrafen 202a StGB. Wenn der Gesetzgeber das JETZT nicht ändert, dann war es das mit der Responsible Disclosure. Wenn man jetzt noch dafür belangt wird, überlegt man sich zweimal, ob man die Daten nicht gleich gewinnbringend verkauft... 🤦‍♂️

golem.de/news/modern-solution-…

#hacker #hacking #responsibledisclosure #gesetz #hackerparagraf #hackerparaph

British computer scientist and mathematician Kathleen Booth has passed away. Kathleen is credited with inventing the concept of assembly language and implementing the subsequent assembler and autocode for computers at the University of London. Machines: The Automatic Relay Calculator (ARC), Simple Electronic Computer (SEC) and the All Purpose Electronic (X) Computer (APE(X)C)

Kathleen Booth 1922 - 2022

#rip #obituary #computerhistory #retrocomputing #hacking

#introduction

Hello world hacker town!

I'm a computer and information security student with the passion for #hacking since I was a child.

I like several topics from technical to theoretical aspects of computer science.

My favourite are low level security, reverse engineering, hardware and operational security, but I'm fascinated from formal methods, quantum computing and cryptography too

I also like math and machine learning, but I haven't the time to improve my self a lot, fortunately I followed tons of courses at the university

Sometimes I play with blue team stuff, expecially to help friends to protect themselves, their networks and systems

I also spend my time with friends, working out at the gym, and sometimes reading books