jduck
@jduck.me
Continuously learning about computer security through research and development.
It's official. No hacker summer for me due to family health complications. I will miss everyone but hope you have a great (and safe) time!! ❤️
July 14, 2025 at 11:21 AM
It's official. No hacker summer for me due to family health complications. I will miss everyone but hope you have a great (and safe) time!! ❤️
Reposted by jduck
I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/
Please follow our workshop account @sureworkshop and RT it for visibility :).
Please follow our workshop account @sureworkshop and RT it for visibility :).
SURE 2025 | The Workshop on Software Understanding and Reverse Engineering
The Workshop on Software Understanding and Reverse Engineering
sure-workshop.org
April 25, 2025 at 4:30 PM
I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/
Please follow our workshop account @sureworkshop and RT it for visibility :).
Please follow our workshop account @sureworkshop and RT it for visibility :).
Reposted by jduck
We're proud to announce the release of Binary Ninja 5.0. Here's some highlights: Union Support, Dyld Share Cache & Kernel Cache, Firmware Ninja, Auto Stack Arrays, Stack Structure Type Propagation, and so much more. Check out the blog post for more information: binary.ninja/2025/04/23/5...
April 23, 2025 at 8:06 PM
We're proud to announce the release of Binary Ninja 5.0. Here's some highlights: Union Support, Dyld Share Cache & Kernel Cache, Firmware Ninja, Auto Stack Arrays, Stack Structure Type Propagation, and so much more. Check out the blog post for more information: binary.ninja/2025/04/23/5...
Reposted by jduck
Does using #rustlang really make your software safer? tweedegolf.nl/en/blog/152/...
Does using Rust really make your software safer? - Blog - Tweede golf
We keep saying that Rust is how we make software safer. In this blog, we'll tackle a real-world vulnerability, 'rewrite it in Rust', and show you the results of our empirical research, both as a h ...
tweedegolf.nl
April 23, 2025 at 2:38 PM
Does using #rustlang really make your software safer? tweedegolf.nl/en/blog/152/...
I'm proud to announce that I, through my company @magnetitesec.bsky.social, donated to the Redox OS project! If you're not familiar, Redox OS is a pure Rust Micro kernel based operating system. This donation allows them to sponsor one additional student for their Summer of Code!
April 22, 2025 at 12:40 AM
I'm proud to announce that I, through my company @magnetitesec.bsky.social, donated to the Redox OS project! If you're not familiar, Redox OS is a pure Rust Micro kernel based operating system. This donation allows them to sponsor one additional student for their Summer of Code!
I played @defcon.bsky.social CTF quals with @shellphish.bsky.social this year! I'm really impressed with the difficulty levels Nautilus Institute put forth. Making CTF challenges in the AI era has... special considerations... but they nailed it :-) Thanks to everyone involved for a great weekend!
April 15, 2025 at 2:32 PM
I played @defcon.bsky.social CTF quals with @shellphish.bsky.social this year! I'm really impressed with the difficulty levels Nautilus Institute put forth. Making CTF challenges in the AI era has... special considerations... but they nailed it :-) Thanks to everyone involved for a great weekend!
Reposted by jduck
There is a small bug in the signature verification of OTA packages in the Android Open Source Framework.
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
Jérémy Jourdois explains it here:
blog.quarkslab.com/aosp_ota_sig...
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
Jérémy Jourdois explains it here:
blog.quarkslab.com/aosp_ota_sig...
A small bug in the signature verification of AOSP OTA packages
A signature verification bypass in a function that verifies the integrity of ZIP archives in the AOSP framework
blog.quarkslab.com
April 8, 2025 at 5:51 PM
There is a small bug in the signature verification of OTA packages in the Android Open Source Framework.
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
Jérémy Jourdois explains it here:
blog.quarkslab.com/aosp_ota_sig...
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
Jérémy Jourdois explains it here:
blog.quarkslab.com/aosp_ota_sig...
Reposted by jduck
"Building a Linux Kernel Driver using Rust": rust-exercises.ferrous-systems.com/latest/book/...
Building a Linux Kernel Driver using Rust - Rust Exercises
rust-exercises.ferrous-systems.com
April 5, 2025 at 8:06 AM
"Building a Linux Kernel Driver using Rust": rust-exercises.ferrous-systems.com/latest/book/...
Reposted by jduck
Our Call for Presentations & Events is now open!
Got cool research, a fresh exploit, or a unique cybersec insight? Submit your talk & be part of Australia’s biggest hacker con!
cfp.bsidescbr.com.au/bsides-canbe...
Got cool research, a fresh exploit, or a unique cybersec insight? Submit your talk & be part of Australia’s biggest hacker con!
cfp.bsidescbr.com.au/bsides-canbe...
BSides Canberra 2025
Schedule, talks and talk submissions for BSides Canberra 2025
cfp.bsidescbr.com.au
March 31, 2025 at 10:50 PM
Our Call for Presentations & Events is now open!
Got cool research, a fresh exploit, or a unique cybersec insight? Submit your talk & be part of Australia’s biggest hacker con!
cfp.bsidescbr.com.au/bsides-canbe...
Got cool research, a fresh exploit, or a unique cybersec insight? Submit your talk & be part of Australia’s biggest hacker con!
cfp.bsidescbr.com.au/bsides-canbe...
Reposted by jduck
Reposted by jduck
Don't forget, the CFP for the 40th anniversary issue of Phrack is open until June 15th 2025. You can be someone's favorite article in the future!!
bsky.app/profile/phra...
bsky.app/profile/phra...
We heard you needed some more time, so we wanted to let you cook.
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
March 24, 2025 at 11:31 PM
Don't forget, the CFP for the 40th anniversary issue of Phrack is open until June 15th 2025. You can be someone's favorite article in the future!!
bsky.app/profile/phra...
bsky.app/profile/phra...
Reposted by jduck
Having some fun with EM measurements today - side-channels are awesome!
March 29, 2025 at 1:57 PM
Having some fun with EM measurements today - side-channels are awesome!
Reposted by jduck
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
You can download it here:
pagedout.institute?page=issues....
March 29, 2025 at 12:17 PM
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
You can download it here:
pagedout.institute?page=issues....
Reposted by jduck
Tonight. AHA 0xDE.
If it is your first time attending, you will give an “intro talk”. This is an opportunity to share about yourself and allow us to get to know you. This is an important part of the new attendee process. Please take it seriously.
If you’ve given an intro talk before, but have […]
If it is your first time attending, you will give an “intro talk”. This is an opportunity to share about yourself and allow us to get to know you. This is an important part of the new attendee process. Please take it seriously.
If you’ve given an intro talk before, but have […]
Original post on infosec.exchange
infosec.exchange
March 27, 2025 at 8:53 PM
Tonight. AHA 0xDE.
If it is your first time attending, you will give an “intro talk”. This is an opportunity to share about yourself and allow us to get to know you. This is an important part of the new attendee process. Please take it seriously.
If you’ve given an intro talk before, but have […]
If it is your first time attending, you will give an “intro talk”. This is an opportunity to share about yourself and allow us to get to know you. This is an important part of the new attendee process. Please take it seriously.
If you’ve given an intro talk before, but have […]
Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...
GitHub - jduck/bs25-slides: Slides from "Musing from Decades of Linux Kernel Security Research" at BOOTSTRAP25
Slides from "Musing from Decades of Linux Kernel Security Research" at BOOTSTRAP25 - jduck/bs25-slides
github.com
March 25, 2025 at 7:26 PM
Happy to share my slides from BOOTSTRAP25. Unfortunately the bug discussed is still not patched in Linux 6.14.0 despite it being reported explicitly. Slides are in markdown but there's a PDF in "releases" too github.com/jduck/bs25-s...
Reposted by jduck
The sedexp Linux malware was disclosed in late 2024. In my talk at @kernelcon.bsky.social, I will present my own deep dive of the malware, including many parts that have not been made public, such as loading of a memory-only rootkit. Be sure to attend for a teardown with @volatilityfoundation.org 3!
March 20, 2025 at 6:01 PM
The sedexp Linux malware was disclosed in late 2024. In my talk at @kernelcon.bsky.social, I will present my own deep dive of the malware, including many parts that have not been made public, such as loading of a memory-only rootkit. Be sure to attend for a teardown with @volatilityfoundation.org 3!
Has anyone else seen m.imdb.com/title/tt0218... ? Eerie
Antitrust (2001) ⭐ 6.1 | Action, Crime, Drama
1h 48m | PG-13
m.imdb.com
March 8, 2025 at 5:56 AM
Has anyone else seen m.imdb.com/title/tt0218... ? Eerie
Last week I attended Vector35 @re-verse.io RE//verse conference and it was great! Excellent food, high signal to noise (RE/VR), and great people. I scored some amazing schwag including a SIM transposer and a @binaryninja.bsky.social hacky sack! w00t!
March 4, 2025 at 3:57 AM
Last week I attended Vector35 @re-verse.io RE//verse conference and it was great! Excellent food, high signal to noise (RE/VR), and great people. I scored some amazing schwag including a SIM transposer and a @binaryninja.bsky.social hacky sack! w00t!
Reposted by jduck
On March 29th, I will be speaking at @bsidessd.bsky.social on Volatility 3, including all its new features and plugins. Be sure to attend to catch a sneak peak at the new framework before the major release later this Spring!
www.bsidessd.org
#DFIR #infosec
www.bsidessd.org
#DFIR #infosec
March 3, 2025 at 3:49 PM
On March 29th, I will be speaking at @bsidessd.bsky.social on Volatility 3, including all its new features and plugins. Be sure to attend to catch a sneak peak at the new framework before the major release later this Spring!
www.bsidessd.org
#DFIR #infosec
www.bsidessd.org
#DFIR #infosec
Reposted by jduck
Digital vs film X-ray . Film offers higher resolution and better dynamic range with the same settings, but slightly longer exposure time (and more tedious image acquisition). Comes in handy when it comes to tiny electronics. Images of an Abbott Lingo continuous glucose monitor.
February 26, 2025 at 2:40 PM
Digital vs film X-ray . Film offers higher resolution and better dynamic range with the same settings, but slightly longer exposure time (and more tedious image acquisition). Comes in handy when it comes to tiny electronics. Images of an Abbott Lingo continuous glucose monitor.
Reposted by jduck
BlackHoodie will be back at @ringzer0.bsky.social Bootstrap conference in Austin, TX 🤠 On Friday March 21st I'll be teaching Compiler Internals for Security Engineers, a class for women by women, and it's free. Register here blackhoodie.re/Ringzer0_Boo...
Blackhoodie at Ringzer0 Bootstrap 2025
Compiler Internals for Security Engineers
blackhoodie.re
February 19, 2025 at 5:56 PM
BlackHoodie will be back at @ringzer0.bsky.social Bootstrap conference in Austin, TX 🤠 On Friday March 21st I'll be teaching Compiler Internals for Security Engineers, a class for women by women, and it's free. Register here blackhoodie.re/Ringzer0_Boo...
Reposted by jduck
Tamme is giving a talk at Embedded World 2025!
He shows how Rust’s type system and package manager can help to improve development speed and code quality.
Also visit us at our booth, or book a time slot for a private chat: https://buff.ly/4308AWE
@diondokter.nl
#ew25 #embeddedworld #rustlang
He shows how Rust’s type system and package manager can help to improve development speed and code quality.
Also visit us at our booth, or book a time slot for a private chat: https://buff.ly/4308AWE
@diondokter.nl
#ew25 #embeddedworld #rustlang
February 19, 2025 at 9:34 AM
Tamme is giving a talk at Embedded World 2025!
He shows how Rust’s type system and package manager can help to improve development speed and code quality.
Also visit us at our booth, or book a time slot for a private chat: https://buff.ly/4308AWE
@diondokter.nl
#ew25 #embeddedworld #rustlang
He shows how Rust’s type system and package manager can help to improve development speed and code quality.
Also visit us at our booth, or book a time slot for a private chat: https://buff.ly/4308AWE
@diondokter.nl
#ew25 #embeddedworld #rustlang
Reposted by jduck
Greg KH is a voice of reason downthread: lore.kernel.org/rust-for-lin...
Re: Rust kernel policy - Greg KH
lore.kernel.org
February 19, 2025 at 8:38 AM
Greg KH is a voice of reason downthread: lore.kernel.org/rust-for-lin...
I'm giving a talk at BOOTSTRAP25 in Austin! Hope to see y'all there! ringzer0.training/bootstrap25-...
TALK: Musing from Decades of Linux Kernel Security Research // Joshua J. Drake
The Linux Kernel powers billions of devices across industries, making it critical infrastructure. But is it secure? Josh explores this by comparing its security investments to a typical SDLC, sharing ...
ringzer0.training
February 18, 2025 at 7:04 PM
I'm giving a talk at BOOTSTRAP25 in Austin! Hope to see y'all there! ringzer0.training/bootstrap25-...
Reposted by jduck
It is EXTREMELY cool to me that:
* Use of Rust on Embedded platforms is such a high percentage of the ecosystem (16.8% bare metal, 12.9% with an OS)
* The usage is increasing year over year
Check out the survey results!
blog.rust-lang.org/2025/02/13/2...
* Use of Rust on Embedded platforms is such a high percentage of the ecosystem (16.8% bare metal, 12.9% with an OS)
* The usage is increasing year over year
Check out the survey results!
blog.rust-lang.org/2025/02/13/2...
February 13, 2025 at 1:47 PM
It is EXTREMELY cool to me that:
* Use of Rust on Embedded platforms is such a high percentage of the ecosystem (16.8% bare metal, 12.9% with an OS)
* The usage is increasing year over year
Check out the survey results!
blog.rust-lang.org/2025/02/13/2...
* Use of Rust on Embedded platforms is such a high percentage of the ecosystem (16.8% bare metal, 12.9% with an OS)
* The usage is increasing year over year
Check out the survey results!
blog.rust-lang.org/2025/02/13/2...