|
You are here |
blog.quarkslab.com | ||
| | | | |
alexbakker.me
|
|
| | | | | Starting with the release of the Pixel 3, all of Google's Pixel Android smartphones come with the Titan M security chip on board. When I realized the Pixel 3a XL I purchased also had it, I decided to try to take advantage of it in an app I work on. It turned out that using the Titan M chip through the Android Keystore API for AES-GCM in a specific way lead to predictable and bogus ciphertext. This is the story of how I stumbled upon that bug, and why it's a bit mysterious. | |
| | | | |
blog.impalabs.com
|
|
| | | | | After an in-depth analysis of the NPU OS and its interaction with the Android kernel, this second part gives a more offensive outlook on this component. We will go through the main attack vectors to target it and detail two vulnerabilities that can be chained together to get code execution in the NPU from the NPU driver before pivoting back into the kernel. | |
| | | | |
blog.thalium.re
|
|
| | | | | [AI summary] The blog post discusses the author's experience in vulnerability research and exploitation targeting Steam and its related products, including Steam Link and Remote Play. It covers various vulnerabilities such as format string vulnerabilities, request forgery, heap overflows, and a remote code execution (RCE) exploit. The author also details their interactions with HackerOne and Valve, highlighting the challenges in getting timely responses and the eventual resolution of the reported issues. | |
| | | | |
github.com
|
|
| | | A cross-platform, linkable library implementation of Git that you can use in your application. - libgit2/libgit2 | ||