RT @dwizzzleMSFT: Microsoft security controller Pluton is also coming to Intel Core | heise online.

RT @_argp: Congratulations to my @census_labs colleague Zisis Sialveras (@_zisis) for being accepted to present his amazing work on VMware….

RT @dwizzzleMSFT: New blog: VBS key protection for Windows 11. VKP provides an option for developers who need for high performance key and….

I’m hiring to grow our confidential computing security eng. team (edge devices & cloud platforms). If hypervisors, virt, attestation, (v)TPM, KVM, crosvm, SGX/TDX/SEV-SNP/VMPL, dynamic passthrough & VirtIO tickle your brain, drop me a message to discuss potential opportunities.

RT @census_labs: CENSUS is a sponsor of the 6th Cybersecurity in Financial Services Summit 2023 taking place on November 21st in London. Ou….

RT @0xor0ne: Introduction to runtime dynamic hooking in Go by @quarkslab. #golang #infosec

RT @dfunc: If you enjoy working on software security assessments, please note that our "Application Security Engineer" position is now also….

RT @dfunc: Do you enjoy working on Trusted Boot, Trusted Execution Environments, Secure Elements, HSMs, CPU virtualization, hardware attest….

RT @census_labs: An opening for Embedded Security Engineers #hiring #infosec.

RT @_argp: Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027); epic logical exploitation writeup by huku:….

RT @jeffvanderstoep: Rust in the Android platform!. We’re excited to announce that the Android Open Source Project (AOSP) now supports the….

RT @viperbjk: This was never meant to be released. I once reported the xpu2/xpu3 0-day to qc, and they seem to have….

RT @dfunc: We're growing our hardware lab team at @census_labs. Now looking for a dedicated electronics engineer. For more information see:….

RT @shawnwillden: @phhusson @MishaalRahman @topjohnwu @DanielMicay If you're not familiar with the DICE concept, here it is: Start with a d….

RT @quarkslab: [BLOG] A Deep Dive Into Samsung's TrustZone (Part 3).In which code execution at Exception Level 3 (EL3), the highest privil….

RT @chompie1337: I repurposed @maddiestone's #BadBinder PoC for the S8/S8 Active Snapdragon. I bypass DAC + SELinux + Knox/RKP using a coup….

VdexExtractor 0.6.0 released with Android 10 support. Seems that new 021 version has minor changes to support Vdex files generated from InMemoryDexClassLoader. To worry about perf there, G seems to invest a lot on it. |

On top of extracting packed entries, partition table info for all available LUN is also printed. Still need to figure out some unknown struct members (not used in examined target), although all the basics are there.

Pixel 3,4 devices use a custom packed img format for bootloader & radio (FBPK) that is not part of upstream EDK2 bootloader. Spent part of holidays reversing G's B1c1FastbootApp UEFI app & released an upacking tool as a side-product -

RT @kapitanpetko: Android Recoverable Keystore LT slides.