alizthehax0r - Network

Has anyone had/decided-not-to-have an intern specifically in a vuln research team? We're debating it at work but some people are...

Has anyone had/decided-not-to-have an intern specifically in a vuln research team? We're debating it at work but some people are skeptical WRT the amount of work we'd be putting in mentoring (we aren't prepared to half-ass it), vs the amount of business value we'd get out. Candidates are strong (having CVEs for example) but it's a big ask to put them on a fortigate (for example) and expect results - and at the same time, it's not fair to give an intern a hard project which is likely going to give them a confidence hit. How did you / how could I manage this? Ideally I don't want to give interns non-research work (like the usual 'set up a lab'), I know they want to be finding bugs. Plus we've got the university sponsoring it wanting clear projects and targets, which can be really difficult in a research team. Any tips? If it helps, our team looks at 0day/nday and our usual output is blogposts and fingerprinting scripts (usually fingerprinting via exploitation - we'd much rather exploit a vuln and detect that than rely on stuff like banners).

I’ve enlisted an Actual Artist to help me give my “media controller” project a makeover! I’ve finally got the code to a place where...

I’ve enlisted an Actual Artist to help me give my “media controller” project a makeover! I’ve finally got the code to a place where I’m happy, it just looks awful because I don’t know how to design. I could’ve used AI but it feels nice to contribute to Art (I’m paying for it). I’ve never done anything like this before, I’m excited for the result!

It's a 'production' device so I'd be surprised if it has the features to allow me to gather traces. It'd be great if it...

It's a 'production' device so I'd be surprised if it has the features to allow me to gather traces. It'd be great if it does, though.

ARM experts, help! I'm debugging an armv7 product (not mine, so no control over the configuration/pcb). I've got OpenOCD set up and...

ARM experts, help! I'm debugging an armv7 product (not mine, so no control over the configuration/pcb). I've got OpenOCD set up and doing debugging via JTAG, but I'd like to gather trace info if possible. Does the following imply that I can collect trace data on-chip? The 'Trace Buffer' in particular, does this mean I can store trace data in a dedicated hw buffer on the asic? As opposed to needing to find a couple extra pins that are used to transmit the data off-board to the debugger? I suspect so, but if anyone can confirm/deny before I voyage into 'trying to get it to work' I'd very much appreciate it. thanks! <3

> arm7dap info
arm7dap info
AP # 0x1
...
Part is 0x912, CoreSight TPIU (Trace Port Interface Unit)
Component class is 0x9, CoreSight component
Type is 0x11, Trace Sink, Port
ROMTABLE[0x8] = 0x00003003
...
Part is 0x908, CoreSight CSTF (Trace Funnel)
Component class is 0x9, CoreSight component
Type is 0x12, Trace Link, Funnel, router
ROMTABLE[0xc] = 0x00004003
...
Part is 0x907, CoreSight ETB (Trace Buffer)
Component class is 0x9, CoreSight component
Type is 0x21, Trace Sink, Buffer
...
Part is 0x930, Cortex-R4 ETM (Embedded Trace)
Component class is 0x9, CoreSight component
Type is 0x13, Trace Source, Processor
...

How does one “git gud” at technical blogging? I am generally okay at it but there’s a lot of room for improvement. Some kind of media...

How does one “git gud” at technical blogging? I am generally okay at it but there’s a lot of room for improvement. Some kind of media training? Tech writing courses?

Very thankful that I have a boss that understands when the best way for me to solve an urgent task is to take a nap before attempting it.A...

Very thankful that I have a boss that understands when the best way for me to solve an urgent task is to take a nap before attempting it.
A good boss knows I’m focussed on the same goal - quality work - and trusts me to manage my atypical “energy cycle” how I need to in order to get there.

Not bragging, just want to count my blessings (and make sure people know that Good Bosses are a real thing that exists)

Hah, I love my Glasgow! Ty @whitequark . Not sharing deets until after pwn2own so I guess this is kinda teasy, I’m just dead chuffed I got...

Hah, I love my Glasgow! Ty @whitequark . Not sharing deets until after pwn2own so I guess this is kinda teasy, I’m just dead chuffed I got a Thing to do A Thing!

So I have an urge to run my own whois server. I understand this means my registrar needs to provide a record pointing to my server - does...

So I have an urge to run my own whois server. I understand this means my registrar needs to provide a record pointing to my server - does anyone know any registrars that will actually do this?

I may have some terminology wrong here, TLS is not my strong suit. Please feel free to correct me (gently, I have very thin skin and offend...

I may have some terminology wrong here, TLS is not my strong suit. Please feel free to correct me (gently, I have very thin skin and offend easily!)

So this is kind of interesting - working on the integrations for my lightbulbs again, and finding each HTTPS connection takes about 2.5...

So this is kind of interesting - working on the integrations for my lightbulbs again, and finding each HTTPS connection takes about 2.5 seconds to negotiate. I think I mentioned before that you can cache the TLS session so that subsequent requests are faster, but this is a pain for me to do from a python flask application, since there's no (?) way to get/set TLS session identifiers from any (?) python implementation.
I ended up spawning openssl, with s_client, and connecting it's console IO to a socket bound to localhost. Then I use Python's `requests` module to connect to the localhost socket. openssl provides `sess_in` and `sess_out` parameters to get to the TLS session ID, so I persist those into the database.

This is a pretty niche case but I wanted to put it out there in case anyone else has a similar issue!

I admit that the esp8266 maybe (?) isn't the best choice for what I'm doing, since TLS takes up a huge amount of its resources. But it's definitely do-able, and it opens up a load of low(-ish) cost IoT devices which aren't designed for TLS and are thus only equipped with an esp8266.

I'd be interested to hear how the much-faster ESP32 fares with TLS, performance-wise.

Got the lightbulbs working nicely, and added some code to export statistics to Zabbix. Now I get a nice graph of heap usage, and I can view...

Got the lightbulbs working nicely, and added some code to export statistics to Zabbix. Now I get a nice graph of heap usage, and I can view signal strength too, which is nice. The lightbulbs look about done now, so it's time to move on to the 'lightswitch' controller for them.

Here's the 'neotrellis' I mean - https://www.adafruit.com/product/4352 - they're a bit spendy in that link because it comes...

Here's the 'neotrellis' I mean - https://www.adafruit.com/product/4352 - they're a bit spendy in that link because it comes with a nice mcu and case, you can get the bare spi board for cheaper. They're really neat, you get RGB control of each button.

Got my lightbulbs going at a sensible PWM rate! It's variable depending on load but around 400-500Hz which looks a lot nicer.I feel like...

Got my lightbulbs going at a sensible PWM rate! It's variable depending on load but around 400-500Hz which looks a lot nicer.
I feel like tls is really pushing the esp8266 as far as I can. It takes 2.5 seconds (!) to connect initially, but you can re-use the session after that so it's usable. I usually leave a ping command running while I use it and you can see latency increases and pings get dropped during TLS negotiation.
I have a new level of respect for embedded coders that make this stuff work properly. It's easy to say 'ohh 2mb flash and a 160MHz clock rate, that's more than enough for a lightbulb' but I'm rapidly learning things aren't that simple. It's nuts that I clock at 160MHz and can't get more than 500Hz via software PWM, for example!

Anyway, now that the lightbulbs are done-ish, the next plan is the light switches I want to make. Plan is a motorized pot to adjust brightness, and a fader for colour temperature. Motorized pot means that I can have a second controller, and when the user turns the brightness knob, the second knob will rotate too. I could just use a rotary encoder like a normal person but I really like the aesthetic of motorised faders.
I've got a 'neotrellis' from adafruit which is a small ws2812-backed keypad, I might order some more so I can add one to each lightswitch for RGB selection.

Setting up some wifi lightbulbs at home, I'm on a bit of a home-automation kick! I bought some that have esp8285 (like esp8266, but with...

Setting up some wifi lightbulbs at home, I'm on a bit of a home-automation kick! I bought some that have esp8285 (like esp8266, but with only 2mb flash) chips, pre-flashed with open-source firmware. I didn't like the lack of authentication tho, so I wrote my own firmware (mostly because I had code to to mutual TLS on esp8266 lying around from another project). Problem now is that my PWM code isn't speedy enough - I get 40Hz which gives a horrible visible flickering. It's lazy code tho, it interrupts at 10KHz, and increments an 8bit counter, which is then compared against setpoints and output set accordingly - this is where the 40Hz number comes from (10KHz/256=40Hz). I need to rewrite it to only fire the interrupt when a PWM output actually needs changing. The ISR is driven from a hardware timer, but it seems I can't push it much faster - I tried 100KHz interrupt but the on-chip wifi stopped working, presumably because I was spending slightly over 10% of my runtime in the ISR.

Reallllly want to buy a Commodore SX-64, the c64 portable. There's no good ones on ebay at a sensible price at the moment, though....

Reallllly want to buy a Commodore SX-64, the c64 portable. There's no good ones on ebay at a sensible price at the moment, though. There's a broken one which might be fun to repair, but it's missing it's keyboard and they're quite spendy so it's not a good buy.

genuine teamwork really is amazing. I don't mean like 'you do this bit and I'll do that bit' stuff, but the _real_ type of...

genuine teamwork really is amazing. I don't mean like 'you do this bit and I'll do that bit' stuff, but the _real_ type of teamwork where you feel every bit of your colleagues success as if it were your own, and all the breakthroughs are shared, and there isn't a shred of competition or bad blood.

Finally managed to go to the opticians to order new glasses last week! it sounds really dumb, but self-care is really hard for me ("why...

Finally managed to go to the opticians to order new glasses last week! it sounds really dumb, but self-care is really hard for me ("why would I waste time on that when I could be doing something productive"). It's not the end of the battle but it's an important step! yay for small progress 🥳

Finally, the rackmount OSSC is "finished" [for now]! I wired up the VGA port (which I left unfinished last time) and used the new...

Finally, the rackmount OSSC is "finished" [for now]! I wired up the VGA port (which I left unfinished last time) and used the new lasercutter to make some pretty 'engravings' on the panel. I'm really pleased with how it turned out!
It has the normal OSSC features, plus I added a bunch of code (yay open-source!) so that I can control it over RS232. That means I can select inputs, but also customise all the settings (OSSC has loads of options to tweak video quality, it's not a simple RGB-to-HDMI device - you can tweak stuff like timings and video levels). Plus I changed the LCD to something was easier to mount - a VFD. It just speaks the usual LCD 4-wire protocol so I hacked support for that in, too.

I might do a writeup/blog and release the code/designs, but I suspect it's too niche to be useful to anyone. There's a lot of dependency on my Jenkins tooling for stuff like generating the gcode for the front panel. We'll see.

Stackexchange suggests using a motorised pot, and then driving the motor to get that 'chunky' effect - so a small current when the...

Stackexchange suggests using a motorised pot, and then driving the motor to get that 'chunky' effect - so a small current when the user starts to turn it, to give that physical resistance

Does anyone know of (or can give me the right terms to google for) a rotary switch that I can position electronically or by turning? I want...

Does anyone know of (or can give me the right terms to google for) a rotary switch that I can position electronically or by turning? I want something nice and chunky, I suspect I'll end up trying to make something with a servo motor and a normal switch but I am v bad at mechanicals so I'd rather buy something.