By Anonymous
How to access websites hostile toward Tor through Tor Tor is an effective tool that allows us to access network services anonymously. Unfortunately, certain network services, often websites, have hostility towards Tor and employ various methods to block TCP connections originating from Tor exit nodes. However, they usually accept TCP connections that do not originate from Tor exits.
Therefore, to access these Tor-hostile websites, one approach is to route the traffic through a proxy server after exiting the Tor network.
By HardcoreMatrix
The HardcoreMatrix team specializes in firmware and infrastructure security, supply chain security, and threat modeling. We vividly illustrate the severe consequences that underlying threats pose to enterprise and personal information security.
One “Leak” can rule them all! In March 2023, Micro-Star International (MSI) suffered a significant attack orchestrated by the Money Message ransomware group. Unfortunately, this is not just another random leak. The aftermath revealed a leak of internal data, including highly sensitive information such as the BootGuard private key.
Assuming that you’re a hardware hacker with full passionate about to making the new product and you dont want to build your own factory by tweaking around the soldering workbench or PnP psychopunk machine. It’s likely you’re end up somewhere( Asia: Shenzhen/Hongkong/Vietnam/etc, EU: Estonia/Germany/Sweden/etc, Americas: New Jersey/Mexico City/etc) to fit your need due to the trend of regional supply chain. You may encounter some problems no matter how the supply chain was formed.
OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. Yosys is a free/libre and open source framework for RTL synthesis tools. It currently has extensive Verilog-2005 support and provides a basic set of synthesis algorithms for various application domains. OpenTitan is a systemverilog project, but currently yosys only supports a small subset of systemverilog. So we need sv2v to convert the source code to verilog.
Exploit use-after-free bugs in dedicated cache This is just a demonstration.
HOWTO free the target object spray and eat all available memory, take high memory usage, hope to have the freed object poisoned trigger the use-after-free NOTICE For each cache, the Slab allocator keeps three doubly-linked lists of slabs:
full slabs: all objects of a slab are used (i.e. allocated) free slabs: all objects of a slab are free (i.e. the slab is empty) partial slabs: some objects of the slab are used and other are free We may need to make the target object in free slabs
by Shawn C[ a.k.a “citypw”]
Meltdown/Spectre Google project zero’s write-up explains how the vulnerablities( meltdown, spectre v1/v2) work. More info about v3a and v4, check Google project zero’s bug tracker and INTEL-SA-00115.
Vulnerablity Affect Kernel mitigation Compiler support v3 Meltdown( rogue data cache load (CVE-2017-5754)) < IceLake( 2018/2019) KPTI/ PAX_UDEREF N/A Spectre v1( bounds check bypass (CVE-2017-5753)) < IceLake( 2018/2019) Code hardening N/A Spectre v1.1 ( Bounds check bypass on stores( CVE-2018-3693)) < IceLake( 2018/2019) ?