home tags events about login

tommy rss

Author of cybsec.network and gopher://secdiary.com | https://secdiary.com.

Micro-messages mirrored at https://secdiary.com/twtxt.txt.

tommy bonked 03 Aug 2020 15:59 +0200
original: 320x200@post.lurk.org
convoy: tag:post.lurk.org,2020-08-03:objectId=5551529:objectType=Conversation



"Securely and anonymously share files of any size. A web server is started, making OnionShare accessible as a Tor Onion Service, potentially temporarily or in a stealthy manner, over the Internet. An unguessable address is generated and is shared for the recipient to open in the Tor Browser to download the files. No separate server or third party file-sharing service required. You host the files on your own computer."

#tor #filesharing #cyberlocker #hosting

There's a GUI, but the CLI is so good, just `onionshare somestuff.bin` and you get a temporary onion service serving a static password protected website with the file made available. By default once the file has been downloaded, everything shuts down.

tommy bonked 02 Aug 2020 14:24 +0200
original: e8johan@mastodon.technology
convoy: tag:mastodon.technology,2020-08-02:objectId=36271798:objectType=Conversation

Has anyone bumped in to any concrete numbers over the environment impact of our usage of suboptimal software, eg js+web tech instead of native desktop apps, the power usage of crypto currencies, the cost of constantly brute forcing problems instead of elegant solutions?

Any data is much appreciated - it trying to write something intelligent about this.

tommy bonked 01 Aug 2020 08:20 +0200
original: inks@inks.tedunangst.com
convoy: tag:inks.tedunangst.com,2019:inks-4705

The core of Apple is PPL: Breaking the XNU kernel's kernel

The core of Apple is PPL: Breaking the XNU kernel's kernel


> While doing research for the one-byte exploit technique, I considered several ways it might be possible to bypass Apple’s Page Protection Layer (PPL) using just a physical address mapping primitive, that is, before obtaining kernel read/write or defeating PAC. Given that PPL is even more privileged than the rest of the XNU kernel, the idea of compromising PPL “before” XNU was appealing. In the end, though, I wasn’t able to think of a way to break PPL using the physical mapping primitive alone.

> However, it’s not the Project Zero way to leave any mitigation unbroken. So, having exhausted my search for design flaws, I returned to the ever-faithful technique of memory corruption. Sure enough, decompiling a few PPL functions in IDA was sufficient to find some memory corruption.

#defense #exploit #iphone #malloc #programming #security #systems

tommy bonked 30 Jul 2020 23:52 +0200
original: inks@inks.tedunangst.com
convoy: tag:inks.tedunangst.com,2019:inks-4703

Let's build a Full-Text Search engine

Let's build a Full-Text Search engine


> Today we are going to build our own FTS engine. By the end of this post, we’ll be able to search across millions of documents in less than a millisecond. We’ll start with simple search queries like “give me all documents that contain the word cat” and we’ll extend the engine to support more sophisticated boolean queries.

#go #intro-programming #text