RT @gnuler: Just dropped a blog post on reproducing a known voltage glitching attack to bypass APPROTECT on the nRF52840! 😎 Spent hours sol….

Got struck trying to do a niche thing in a language/environment I don't know. I went to ChatGPT and Claude for help. Both hallucinated multiple times rather than tell me something isn't possible.

I think the point I didn’t quite make is that these findings may have interesting attributes and maybe provide new info to people, but they aren’t impressive for a human researcher. The interesting part is, is it faster, cheaper, or easier than paying people. What is the accuracy.

Nothing against these blog posts, I hope they continue, but I hope that we’ll be able to see a real time end to end demo, off rails, that provides insight to just where things actually are. 3/3.

Targeting anything, especially easy unimportant targets, to rack up CVEs because it provides clout and most people either won’t critically look at the long list of CVEs or know enough to understand capability, skills, or value the researcher provided 2/n.

Again, interesting to see details of bugs but still lacking any real clarity of the details (eg. How long it took, what the process was to get here, how much it cost, etc.) while I appreciate these, it’s starting to look like the CVE farming people do 1/n.

We’ll see how my timing was getting these up. Maybe I’ll do my Zuckerberg impression later

Racks on racks

I’m hoping we’ll get to see the end to end view soon. Understanding of how long a finding like this takes. What the cost is and why. What is it doing differently from a DAST scanner. What sort of direction is the input. 2/2.

As someone skeptical, it’s interesting to see the write ups coming out of XBOW and get glimpses into what it has actually done. The frustrating part is that it’s just that. The after action reports are interesting but it’s like looking through a pin hole 1/n.

Also, one last thing that I think is a bit misleading about the blog post is that the stats that are conveyed. These metrics are presumably their classification and include the non-resolved ones. It doesn't discuss the closed reports which is what actually matters for accuracy

Impossible to say whether that's will sustain as more is triaged. I'm curious to see whether accuracy continues to improve and by how much. It would still be really nice to be able to get more qualitative data on the findings.

There's also a lot that's still waiting to be triaged so this accuracy could be completely different once that happens. This is only looked at closed reports. In the blog post they say 45% of reports are still pending triage. Overall increase in accuracy is good.

We don't have more concrete data about timing for submissions, types of submissions, or the ability to qualitatively look at the results which means that it's still pretty vague.

If changes went in that improved accuracy since then, they could still be hidden by data that hasn't rolled out of the window yet. There are definitely some outliers of VERY bad that are probably skewing. I didn't remove any outliers.

So here's the metrics pulled from the public data on h1. Accuracy has definitely gone up from 29% to 37%. This could actually be even better because I'm using a running 90 days total which includes some of the data from the first run.

XBOW published a blog post talking about their bug bounty results. Interestingly, the numbers look very different than what I was able to scrape and see from the public information on hackerone in May Gonna take another look.

RT @raelizecom: Our FI training #TAoFI is, in itself, a broad experiment in porting FI attacks across different techniques, from EMFI to V….

These sounds bites from the Tucker Carlson Ted Cruz interview are insane. Is Ted Cruz just this bad that he makes Tucker look like a semi-competent human or are we just seeing Tucker not putting on a show in character?.

Someone is going to have a bad day when they realize they lost this