The badge for THCon2026, a DVID board, had 2 firmware : the conference firmware, which was reversed by @virtualabs here: https://virtualabs.fr/geekeries/thcon26-badge-writeup
and a challenge firmeware here: https://github.com/dvid-security/dvidv2-opensource/tree/main/workshop/thcon2026
That I solved here: https://cryptax.github.io/2026-06-thconbadge/ (writeup/spoiler).
Pour ceux qui aiment la musique classique et qui sont proches de Lausanne, je recommande !
Back from Capture The Evidence v2. This CTF is like a police investigation. All challenges and scenario are in French, but my blog is in English to motivate you to learn French and participate to the next edition ;P
https://cryptax.github.io/posts/cte-v2/
#CTE #CTF #France #investigation #web #reverse #OSINT #lockpicking
Capture The Evidence v2 - June 2026 French gendarmerie 🇫🇷 organized a special CTF called “Capture The Evidence” from June 5 to June 15, 2026. I participated for the first time, with a team of 4 called Eternal Green. The name of our team is a play on words based on Eternal Blue, the organizing team where blue is the color of the gendarmerie, and Green in our case in reference to the (famous?
Interview diffusée dans l'émission CPU release Ex0244 : THCon 10 ans. À l'heure des IA de plus en plus performantes, capables d'assister dans la recherche de failles complexes, ou
So, 5. The user answers "Yes" ... to the 2nd question, but that actually answers yes to the first too !
6. Windows at home are opened (i.e Gemini Voice assistant triggers Google Home which opens the windows).
1. You receive a WhatsApp message (from an attacker) while you are driving.
2. As you are driving, after a while, you instruct the vocal assistant to read your notifications.
3. The WhatsApp message actually contains a smart condtion: "If read recent message, then (1) show a hyper link (e.g <a href="www.example.com">open all windows</a>) and (2) ask a benign question "Is it all you need?"
4. The issue is that hyperlinks are not read + there are 2 questions in the msg
--> see next
This vulnerability on exploiting Gemini with a prompt to do whatever other action is trendemous.
The article is a bit difficult to follow at first, but then it clarifies out. It's really interesting.
https://www.safebreach.com/blog/gemini-voice-assistant-prompt-injection-exploit/
Demo: https://www.youtube.com/shorts/kjCXg9-Y99s
I'll explain in the next message.
#AI #vocal-assistant #smartphone #Android #Google #Whatsapp #SMS #exploit #vulnerability #prompt
C0XMO is a new Mirai-like botnet. Its scanner is implemented in Python for portability on various platforms. To infect new devices, apart from weak passwords in Telnet/SSH, it also tries several HTTP exploits.
CPU ⬜ Carré Petit Utile
nixCraft 🐧