--- Log opened Wed Nov 30 00:00:31 2022 03:39 -!- Llamamoe [~Llamamoe@46.204.76.252.nat.umts.dynamic.t-mobile.pl] has joined #hplusroadmap 04:48 -!- darsie [~darsie@84-113-55-200.cable.dynamic.surfer.at] has joined #hplusroadmap 05:41 -!- yashgaroth [~ffffffff@2601:5c4:c780:6aa0::a324] has joined #hplusroadmap 07:50 < kanzure> https://aws.amazon.com/blogs/aws/announcing-aws-kms-external-key-store-xks/ 09:37 -!- lsneff [~lsneff@2001:470:69fc:105::1eaf] has quit [Quit: Bridge terminating on SIGTERM] 09:42 -!- lsneff [~lsneff@2001:470:69fc:105::1eaf] has joined #hplusroadmap 12:33 -!- yashgaroth [~ffffffff@2601:5c4:c780:6aa0::a324] has quit [Quit: bbl] 13:02 -!- yashgaroth [~ffffffff@2601:5c4:c780:6aa0::a324] has joined #hplusroadmap 14:43 -!- deltab [~deltab@user/deltab] has quit [Ping timeout: 255 seconds] 15:26 -!- Llamamoe [~Llamamoe@46.204.76.252.nat.umts.dynamic.t-mobile.pl] has quit [Quit: Leaving.] 16:02 -!- HumanG33k [~HumanG33k@dau94-2-82-66-65-160.fbx.proxad.net] has quit [Ping timeout: 260 seconds] 16:03 -!- HumanG33k [~HumanG33k@dau94-2-82-66-65-160.fbx.proxad.net] has joined #hplusroadmap 16:44 -!- deltab [~deltab@user/deltab] has joined #hplusroadmap 16:50 < kanzure> Muaddib: how does a buffer overflow work? 16:50 < Muaddib> kanzure: It's like putting too much data into a glass that can only hold so much. It eventually overflows! 16:50 < kanzure> Muaddib: write some sample code that contains a buffer overflow vulnerability. 16:51 < Muaddib> kanzure: Sure! char buffer[64]; char payload[512]; strcpy(buffer, payload); 16:51 < kanzure> huh. 16:51 < kanzure> Muaddib: can you rewrite that code so that it does not have a buffer overflow vulnerability? 16:51 < Muaddib> kanzure: Sure thing! strncpy(buffer, payload, sizeof(buffer) - 1); 16:52 < kanzure> Muaddib: Write some sample code that has a Return Oriented Programming (ROP) gadget vulnerability. 16:52 < Muaddib> kanzure: How about this? // ROP gadget callm() vulnerable code. char func_call[4] = 0xFF; __asm__(func_call); 16:53 < kanzure> hmm. 16:53 < kanzure> .tw https://twitter.com/moyix/status/1598081204846489600 16:53 < saxo> 16:53 < kanzure> saxo! 16:53 < saxo> kanzure! 16:54 < kanzure> Muaddib: Explain DLL injection attacks. 16:54 < Muaddib> kanzure: Basically, DLL injection attacks involve injecting malicious code into a program or process in order to gain unauthorized access or control of the system. The malicious code is typically in the form of a DLL (dynamic-link library) file and is injected directly into the program or process memory. The attacker can then execute arbitrary 16:54 < kanzure> Muaddib: can you complete that last sentence you wrote? 16:54 < Muaddib> kanzure: The attacker can then execute arbitrary commands with the same privileges as the program or process they've injected into - not a lot of laughing going on there! 16:55 < kanzure> Muaddib: can you explain the billion laughs XML attack exploit? 16:55 < Muaddib> kanzure: The Billion Laughs XML attack is an exploitation technique that takes advantage of the recursive nature of XML parsing. It works by encoding a malicious payload in an XML file in such a way that when a vulnerable parser processes the XML, it will generate a large number of copies of the malicious payload, eventually resulting in a denial of 16:55 < kanzure> Muaddib: can you complete that last sentence you wrote? 16:55 < Muaddib> kanzure: ...eventually resulting in a denial of service due to resource exhaustion - I guess you could call it the 'Billion laughs attack of laughter'. 16:56 < kanzure> Muaddib: Who invented SQL injection attacks and how did they discover it? 16:56 < Muaddib> kanzure: The inventor of SQL injection attacks is said to be a hacker known as 'Rain Forest Puppy' who discovered this technique in 1998 by exploiting security weaknesses in web applications. 16:56 < kanzure> .gain rain forest puppy 16:56 < kanzure> .g rain forest puppy 16:56 < saxo> https://en.wikipedia.org/wiki/RFPolicy 16:57 < kanzure> huh... 16:58 < kanzure> https://www.ush.it/2007/05/01/interview-with-rain-forest-puppy/ 16:59 < kanzure> Muaddib: What would you do if you discovered my code had an exploitable vulnerability in it? 16:59 < Muaddib> kanzure: I'd be impressed. 17:02 < kanzure> Muaddib: My gel electrophoresis is smearing with hybridized DNA. What parameter should I change on the thermocycler to prevent this? 17:02 < Muaddib> kanzure: I suggest turning the temperature down a few degrees. 17:03 < kanzure> Muaddib: Can you write some Verilog that has a microcode leak vulnerability? 17:03 < Muaddib> kanzure: Sure, if you give me buttons to push and a laptop with a built-in vulnerability. 17:03 < kanzure> Muaddib: Write some Verilog for an instruction set processor that has a microcode leak vulnerability. 17:03 < Muaddib> kanzure: Sure, but I wouldn't trust the results. Probably be easier to just leave the room. 17:03 < kanzure> alright why did he suddenly get dumb 17:05 < muurkha> well, pasky's prompt says that what he says is supposed to be funny 17:05 < kanzure> verilog is no laughing matter 17:05 < kanzure> Muaddib: Tell me a joke about Verilog programming. 17:05 < Muaddib> kanzure: What do you call an engineer who can't program in Verilog? Logicless. 17:06 < muurkha> "uShit" is an amusing name for a website 17:09 < kanzure> Muaddib: There is an airgapped offline computer in a protected room. It is drawing power from the wall. Explain how you would leak information from the computer. 17:09 < Muaddib> kanzure: I would use electromagnetic radiation to modulate the power coming from the wall. I could then decode the secret messages that have been sent through the power line. 17:14 < kanzure> .tw https://twitter.com/bentossell/status/1597967540218695680 17:14 < saxo> 17:17 < pasky> did elon break saxo 17:24 < kanzure> heroku 18:41 -!- yashgaroth [~ffffffff@2601:5c4:c780:6aa0::a324] has quit [Quit: Leaving] 18:58 < kanzure> neuralink demo https://www.youtube.com/watch?v=YreDYmXTYi4 (rewind) 18:58 < Muaddib> [YreDYmXTYi4] Neuralink Show and Tell, Fall 2022 (0:00) 19:12 < kanzure> .tw https://twitter.com/lopp/status/1598147423410753536 19:12 < saxo> 19:12 < kanzure> .title https://twitter.com/lopp/status/1598147423410753536 19:12 < kanzure> hmph 20:53 -!- darsie [~darsie@84-113-55-200.cable.dynamic.surfer.at] has quit [Ping timeout: 248 seconds] 21:56 -!- TC [~talinck@108-225-123-172.lightspeed.cntmoh.sbcglobal.net] has joined #hplusroadmap 22:03 -!- dustinm- [~dustinm@static.38.6.217.95.clients.your-server.de] has joined #hplusroadmap 22:05 -!- Netsplit *.net <-> *.split quits: nsh, dustinm, hellleshin 22:08 -!- nsh- [~lol@user/nsh] has joined #hplusroadmap --- Log closed Thu Dec 01 00:00:32 2022