Threads for msf

  1. 0
    msf avatar msf 7 months ago | link | on: Source code for SunOS 4.1.3

    Hehe, a bit late to the party… maybe chinese gov/mil finds this interesting to find 0days for solaris..

    I don’t see much use for this besides code archeology

    1. 5
      okapi avatar okapi 7 months ago | link

      Code archeology is the only use.

      For 0days, the OpenSolaris code would be rather closer to current Solaris 11 releases. But what Sun had opened, Oracle closed again hence the existence of illumos which is useful if you want something to actually run.

      1. 4
        madhadron avatar madhadron 7 months ago | link

        SunOS and Solaris are different enough that there isn’t much that will transport between them.

        It’s an historical artifact of the field, so code archaeology is, indeed, the interest.

      1. 1
        msf avatar msf 8 months ago | link | on: What are you doing this weekend?

        i just moved my ethereum tesnet node running beku and lighthouse to mainnet, running geth and lighthouse so that see the merge happening in my own logs!

        also to prepare for ETHBERLIN and do decentralized blockchain as one must, using my own node :-)

        1. 1
          msf avatar msf 1 year ago | link | on: why isn't there a swagger/openapi for binary formats? - voidstar

          Protobuf?

          It’s higher level , but lower than that is a non problem

          1. 13
            msf avatar msf 1 year ago | link | on: How I hacked a hardware crypto wallet and recovered $2 million

            this is THE kingpin from the L0pht group back in the 90s. This group was instrumental and inspired a whole new generation of hackers.

            This gentleman is a true hacker.

            I unfortunately don’t have the eloquence to express how much human beings like himself inspired me and shaped the way I practice my art.

            Kingpin, I thank you for what you are!

            fwiw, this recording (https://www.youtube.com/watch?v=VVJldn_MmMY) shows a bit of what they were up to back in the day ..

            1. 4
              crazyloglad avatar crazyloglad 1 year ago | link

              he still holds embedded / hardware hacking trainings if you have 3-4k USD burning a hole in your pocket.

            1. 4
              msf avatar msf 1 year ago | link | on: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

              the level of complexity and sheer brute force work required to pull this off is out of my comprehension. I’m from the age of NOP slides and simple buffer overflows with shellcode at the end of the NOP slide.. or at most a ret2lib attack..

              this is just a whole two orders of magnitude away from that..

              1. 6
                msf avatar msf 1 year ago | link | on: Will Nix Overtake Docker?

                The DLS is still a learning barrier.

                The other barrier is that it is still quite niche and full of nuanced bugs. For example, the declarative execution of container services using podman is fully documented but multiple times for me generated in broken services that failed to run.. And this happened within a single nixOS release (not during a transition of major releases).

                It is a major effort to re-codify development environments for a completely new development “closure” DSL.