Pinned toot

I will be traveling alone for my vacation.

I think I have a professional deformation because I'm thinking about and while I'm preparing clothes and equipment.

And now I just realized that I wrote the word "equipment".

btw I also have a plan

I hope this doesn't lead to some sort of strategy plan to counter attack

I'm joking, I'm only a and enthusiast

@neetx

For my thesis work I have two ideas for now. The context is exploit development and/or reverse engineering.

1: Proof of concept of userland linux exploitation techniques, with zero day engineering and market analysis
2: An anti-reverse engineering library for windows

I'm very undecided

neetx boosted

“The basic problem is that the code is the ultimate authority — there is no adjudication protocol — so if there’s a vulnerability in the code, there is no recourse. And, of course, there are lots of vulnerabilities in code.
To me, this is reason enough never to use smart contracts for anything important. Human-based adjudication systems are not useless pre-Internet human baggage, they’re vital.”
schneier.com/blog/archives/202

neetx boosted

J’ai réussi a avoir des choses.

Explication : Chromium utilise curl. League of Legends utilise CEF, Chromium Embeded Framework. CEF peut être plus paramétré qu’électron, y compris dans les arguments de démarrage. Donc Riot Games a désactivé toutes les options de Chromium qui utilisaient les variables d’environnement ou les options de ligne de commande. C’est pour ça que j’ai cherché a ajouter mon certificat dans sa base de certificats interne. Mais après plus de recherches, il se trouve que cURL respecte les variables d’environnement qui sont utilisé au lancement de CEF. J’ai donc utilisé SSLKEYLOGFILE et hop… plus qu’a passer le fichier a wireshark (plus besoin de proxy). Et wireshark est capable de lire TLS… magique non ?

J’ai donc tout les endpoint de l’API utilisé par le client. Et je peut les rejouer quand je veux. Et j’ai les «master key» et les «pre-master key» des sessions TLS du client.

Plus qu’a analyser tout ça…

Je peut déjà vous dire que LoL vous traque beaucoup, mais ça c’est pas dans http, c’est dans les fichiers de config, y’a les options de tracking.

Show thread

I have to decide an argument for my master degree thesis in computer security 🤔

neetx boosted
neetx boosted

"Desktop apps suck. Instead I want to have to build and maintain two completely separate codebases and then write APIs between them. The frontend should only be able to be run inside a container that Google wrote." - Web developers

neetx boosted
neetx boosted
neetx boosted

A connected vehicle can contain over 22 installed antennas.

neetx boosted
neetx boosted
neetx boosted

"NGL this is probably the best way to teach the difference"

submitted by QueenVengeance

neetx boosted
neetx boosted

If it constantly happens, it's not isolated incidents, it's systemic!

If police constantly kills POC, it's not some bad apples, it's #SystemicRacism!

If a political party is full of nazis, it's a nazi-party!

If your fediverse instance is full of nazis, it's not a "#FreeSpeech" instance, it's a nazi instance!

If #GAFAM is constantly in the news for data leaks it's not data leaks, it's #SurveillanceCapitalism!

If there are weather extremes on a daily basis, it's not the weather, it's the #ClimateCrisis!

-----------------------------

#RecycledToot from old account.

neetx boosted
neetx boosted
Show more

neetx's choices:

Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!