I’m once again a day late publishing. In my defense, I was on an airplane for like 6 hours yesterday. Binary Golf Grand Prix #5 kicks off, and I learned this week that I’m accepted to speak at BSides Las Vegas this year!
Binary Golf Grand Prix #5 Kicks Off
Back in June 2020, I tweeted an open challenge. I wanted to see if someone could produce an executable file that, when reversed, produced the same output. I was reading Gödel, Escher, Bach after hearing it recommended by 1o57 on a Down In The Park stream, and thought that if I read it, I too could produce sick puzzles to wow my friends and stump the world’s top nerds.
I tagged Yuu in a follow up tweet, because I knew he had been doing a bunch of research into tiny elf files, and it seemed right up his alley. Little did I know, this was lead to the first Binary Golf Grand Prix, which fleshed out the idea further and added another restriction that was important – your binary must execute more than 50% of the bytes, otherwise people could just appened a backwards copy of their binary to the end and always get 50% exactly.
Well, fast forward a couple years, and BGGP is still going strong, though I have nothing to do with it other than be an excited fan. Binary Golf Grand Prix #5 (warning - that link will spam you with browser permission requests, its all in good fun) launched on June 21st 2024 and ends on September 6th 2024. The challenge? The smallest file that downloads a text file and displays its contents.
I encourage everyone to give it a try and see if they can come up with the smallest file in their category. I have an idea or two I’m planning to submit!
BSides Las Vegas 2024
Being a beginner doesn’t have to be all bad. Being an expert doesn’t always mean you’re the best person to solve a problem. Whether you’re brand new or you’ve been in the industry since the Morris worm ran rampant, join us for a session of introspection and hopefully take away a few new perspectives and tools for improving the way you think.
I’ll be speaking at BSides Las Vegas this year, giving a talk titled “Free Your Mind: Battling Our Biases.” This talk idea stemmed from several conversations I had with people at a previous conference about how they were having a hard time getting new red teamers up to speed and ultimately just ended up doing most of the work themselves.
This will be my first public talk in something like 6 years, and I’m excited to share my ideas and opinions with everyone.
I’m going to try some new things with this talk, and attempt to do my slides entirely in reveal.js, as well as produce a transcript of the talk for publication on my blog immediately preceding (or maybe following) the talk. I don’t know when it’s scheduled for yet, but I’ll be sure to post about it when I know.
What I’m Reading
Tor: From the Dark Web to the Future of Privacy
By Ben Collier
ISBN: 9780262548182Learn More
I honestly didn’t read a single page this past week, I was traveling and swamped with work.
Interesting Links
- The 40th Anniversary of the X window system - I never really stopped to wonder why it was called X – in classic Computer Science fashion, it’s X because it replaces W.
- Abusing title reporting and tmux in iTerm2 for code execution - I love escape sequence vulns, and also maybe I’ll finally make the switch over to alacritty.
- Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models - The Project Zero folks did some research into burning down forests in the name of finding vulnerabilities. Seems like they made some decent improvements compared to previous attempts, but still seems a ways off.
- Automated LLM Bugfinders - Dave Aitel wrote a follow up post after reading the Project Zero blog.
- Biden bans US sales of Kaspersky software - The US Government banned the use of Kaspersky some time ago, but now that ban is effectively extending out to all companies within the US – new sales are being halted, and software updates will stop later this year. In a follow up, a number of Kaspersky executives were also personally named on sanction lists.
- Elsevier embeds a unique-per-download hash in downloaded PDFs - It would be a shame if someone made a browser extension that automatically removed it from every download.
- Paranoid NixOS - I’m continuing my NixOS journey this week and found this post about securing NixOS. It’s good, but it seems mostly focused on a server environment – I’m excited to see how I can tweak it for a desktop environment. Isolated password manager and signal, isolated browser? One can only hope.
- How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension - I’ve been seeing a lot of research in the VSCode marketplace the last year or two. It’s a good reminder that these sorts of marketplaces are easily infiltrated and not particularly tightly managed.
Upcoming Projects
- BSides Las Vegas Talk - Accepted! - I will be presenting “Free Your Mind: Battling Our Biases” at BSides Las Vegas 2024. This will be my first return to a public stage in like 6 years, and my first time speaking in Vegas. Stay tuned.
- Defcon 32 Call for Artists - Submitted, pending response. (Due: N/A - Done)
- Defcon 32 Call For Soundtrack - I’ve submitted my new song “Oh Dade”, produced by Mikal kHill. If it’s accepted, it will debut on the Defcon soundtrack. If it’s not accepted, I will release it the same day I find out it’s not accepted. (Due: N/A - Done)