My team in Chrome Platform Security is hiring for a senior Android security expert - if you're into syscalls, binder, processes and other low level stuff you'd be perfect - I do this but for Windows and didn't know Chrome or much C++ when I started.

The ad is generic but feel free to ask questions - https://www.google.com/about/careers/applications/jobs/results/104891950447895238 - you'll be a part of a wider security team that works on lots of cool stuff and protects billions of people - https://www.chromium.org/Home/chromium-security/quarterly-updates/

Our 2024-2025 internships season has started
Check out the 3 new openings and apply for fun and knowledge!
(paid internships, fur coats not included)

https://blog.quarkslab.com/internship-offers-for-the-2024-2025-season.html

We are proud to sponsor the 1st edition of the HackHer Challenge, a CTF competition dedicated to female students and professionals, with the mission of promoting diversity.
This Saturday October 19th 10:00 to 18:00

Details and registration here:
https://hackher-challenge.com

Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fix, tips for bughunters, and how we found similar issues in another cloud provider with similar impact.

https://bughunters.google.com/blog/5679863572070400/protecting-large-language-models

#blackalps24 - CALL FOR PROPOSALS IS OPEN - Deadline July 31🗣️

Get the chance to present your latest research on Nov. 6-7 in Yverdon (CH) and be part of a high-quality program covering a wide range of cybersecurity topics🔐

It's time to work!

https://pretalx.com/blackalps-2024/cfp

Okay, so I did a quick dive into sudo in Windows and here are my initial findings. https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html

The main take away is, writing Rust won't save you from logical bugs :)

New (explicit) addition to Android's VRP: pivot from bare-metal firmware (basebands?) to the main OS!

#Android #VRP

https://source.android.com/docs/security/overview/updates-resources#severity

📢#OST2 Call for beta testers! 📢
Trusted Computing 1101: Introductory TPMs

Sign up to participate in the beta here:
https://forms.gle/AcNBzT52tMpjzYUq8

The beta will begin approx Dec 28, and run until the end of January

The class will cover:

* When to use a Trusted Platform Module (TPM)?
* Setting up a TPM2 development environment
* Using TPM for signing and sealing
* Using TPM for HMAC and hashing
* Secure storage on the TPM
* TPM's protection against Machine-in-the-middle (MITM) attacks
* Protecting external data using a TPM
* TPM internals and capabilities