🦀📕 All chapters of my book, Rust Atomics and Locks, are now freely available online: https://t.co/EgEhl3pSLO Enjoy! ✨

📖 CloudSecList Issue 154 just got released, w/ content from @falco_org @lyfteng @istiomesh @raesene @GraplSec @LightspinTech and more!

Great write-up by @chompie1337 into trying to exploit Firecracker and luckily it withstood the attempt. It's really impressive how much @GraplSec audits the security of the components they rely on, and appreciated they post even investigations like this that didn't find 0-day.

Firecracker is a microVM manager in #Rust that powers #AWS services like Lambda and Fargate. It's also one of the key components of Grapl's multi-tenant isolation. A critical dependency deserves some red teaming - here's how we attacked AWS' Firecracker. https://t.co/axWZ7jX7jp

Using code to describe your infrastructure unlocks a lot of expressive power, which is why we use @PulumiCorp to automate our deployments. When we couldn't find providers for some of the services we use, we ended up making some. Learn how:

You can now manage Buildkite-as-code using @PulumiCorp 🔥 🙌 and 💚 to @GraplSec for sharing it with the world. You can get started with it here:

Put an io_uring on it: Exploiting the Linux Kernel via @GraplSec https://t.co/9Hv4FPir1c #linux

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 https://t.co/IU9Zauot01 by @dangoodin001

Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem + its attack surface, find an 0day, build an exploit, + come up with some new tricks. I go deep and demystify the process https://t.co/bGEHcjWXrP

#io_uring is a new #Linux syscall interface, designed for performance. It redefines how apps interact with the kernel, even inside a #sandbox. In our blog, we cover the attack surface, find a vuln, and use advanced kernel exploit techniques to gain #root https://t.co/hmCVbeuXyg

This is an outstanding work. I've had the privilege to see @wipawel work thru this research. The post has many references, excellent background info and offers a methodology that can be used for other experiments too (besides the cool finding!)

computers were a mistake

Could not be more excited to get this book from @snyksec's #31DaysOfSecurity giveaway today! I'm blown away by how thoughtful this choice is! Can't wait to integrate what I learn into my work @GraplSec! So grateful!! What an excellent start to my week!

Linux eBPF bug gets root privileges on Ubuntu - Exploit released - @Ionut_Ilascu https://t.co/2mBq8908qP

So excited to finally release my blog post- Kernel Pwning with eBPF: a Love Story. I cover eBPF, the verifier, debugging, exploitation, mitigations and other cool findings! I do root cause analysis and exploit CVE-2021-3490 for LPE with PoC included.

#eBPF is a powerful #Linux capability for devs who want to run code in the kernel, but it also makes for great attack surface. In our blog, @chompie1337 digs into eBPF, explains how it works, and demonstrates a local privilege escalation exploit! https://t.co/7Yq4Qr4XnS

We have! Very happy to have @d0nutptr onboard!

One year ago #SigRed (CVE-2020-1350) was patched. The RCE vulnerability allows an attacker to gain access as Domain Admin and own the entire network. Read our writeup on the the first public exploit from our very own @chompie1337!

writing secure C right now by just focusing really hard. should tell other ppl about this