人工知能(AI)を使ってニセの人物画像を合成する「ディープフェイク」は、フェイクニュースに利用されやすく、またリベンジポルノの被害が出ていることからも問題視されている技術です。ディープフェイク技術が発達するにつれ、ディープフェイクを見分ける技術の必要性も高まっていますが、このアプローチの1つとしてFacebookは新たに「ディープフェイクを作成したAIモデルの特徴を判別する」という技術を開発中であると明かしました。 Reverse engineering generative models from a single deepfake image https://ai.facebook.com/blog/reverse-engineering-generative-model-from-a-single-deepfake-image/ Detecting the Models Behind
Decrypting your own HTTPS traffic with Wireshark – Trickster Dev
HTTP messages are typically are not sent in plaintext in the post-Snowden world. Instead, TLS protocol is used to provide communications security against tampering and surveillance of communications based on HTTP protocol. TLS itself is fairly complex protocol consisting of several sub-protocols, but let us think of it as encrypted and authenticated layer on top of TCP connection that also does so
shogihax - Remote Code Execution on Nintendo 64 through Morita Shogi 64
shogihax - Remote Code Execution on Nintendo 64 through Morita Shogi 64 Introduction I've been wanting to develop Nintendo 64 homebrew for a while, but have been put off due to the limited options available for testing on the hardware. Instead of shelling out money for a flashcard (which have inflated prices since they are marketed for pirating games), I decided to invest some time systematically
Linux is an operating system, similar to Windows, but with many different versions due to the nature of being open source and fully customizable. To install Linux, you must choose an install method and choose a Linux distribution. To install Linux: Choose an install method: Windows Subsystem for Linux (WSL), Bare metal Linux; or create a Virtual Machine (VM) to run Linux locally or in the cloud. C
Testing a new encrypted messaging app's extraordinary claims
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso I recently heard this ad on a podcast: I use the Converso app for privacy because I care about privacy, and because other messaging apps that tell you they're all about privacy look like the NSA next to Converso. With Converso, you've got end-to-end encryption,
GitHub - sundowndev/hacker-roadmap: A collection of hacking tools, resources and references to practice ethical hacking.
Infosec: Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. Wikipedia Opsec: Operations security, which is a process that identifies critical i
何が問題なの? 普段あまり、AWSやFIREBASEなどのサービスの利用を何とか避けてニッチなアプリで凌いでいましたが、ついにそんな悠長な事も言って入れなくなってきました。 改めて、この種のサービスを利用する際に常に気になっていたのが、こんな記法です。SDKがこれらの情報を必要とするのは理解できますが、これらの情報をリテラルで渡すのはかなり気になります。スクリプトなどを介在して環境変数から、これらの情報を渡す場合もあるようですが、コンパイル時にはリテラルになっているのでやはり気になります。 例えば、ターゲットとなるアプリがあったとします。WorldGreatServiceを利用しているのがわかっているものとします。そして、WorldGreatServiceがSDKを公開していたとします。 自分でも同SDKを組み込んでみるとします。自分用のapi-keyとsecret-keyを取得して上記同
How to Bypass Cloudflare in 2023: The 8 Best Methods - ZenRows
About 1/5 of websites you need to scrape use Cloudflare, a hardcore anti-bot protection system that gets you blocked easily. So what can you do? 😥 We spent a million dollars figuring out how to bypass Cloudflare in 2023 so that you don't have to and wrote the most complete guide (you're reading it!). These are some of the techniques you'll get home today: Method 1: Get around Cloudflare CDN. Meth
X線を活用すれば、レントゲン撮影で体の中を見ることができるだけでなく、1300年前の古文書の消えた文字やマザーボードに仕込まれたスパイチップまで透視することができます。しかし、最新のX線技術ではなんと、ナノスケールのICチップの構造まで解析してリバースエンジニアリングが可能だとのことです。 Three-dimensional imaging of integrated circuits with macro- to nanoscale zoom | Nature Electronics https://www.nature.com/articles/s41928-019-0309-z X Ray Tech Lays Chip Secrets Bare IEEE Spectrum - IEEE Spectrum https://spectrum.ieee.org/nanoclast/semi
Reverse-Engineering Apple Dictionary December 8, 2020 For a while now I have wanted to write a simple dictionary app for the Apple Watch. The goal was to be able to quickly look up words from paper books, by storing the book on the watch to be able to do fuzzy matches against the text. While Apple ships amazing dictionaries with macOS and iOS, they only provide a very limited API. On iOS, all you
It’s been a busy month! We’ve had a lot of movement in kernel land, as well as some tooling improvements and reverse engineering sessions. At this point, Asahi Linux is usable as a basic Linux desktop (without GPU acceleration)! The ground had been shifting until now, but we’re seeing drivers settle down. Let’s take a look at what’s been going on. Linux drivers galoreEarlier this year we saw the a
Over the course of my Spring 2020 semester at Harvey Mudd College, I developed a self-hosting compiler entirely from scratch. This article walks through many interesting parts of the project. It’s laid out so you can just read from beginning to end, but if you’re more interested in a particular topic, feel free to jump there. Or, take a look at the project on GitHub. Table of contents What the pro
by Patrick Brinksma 1日に8時間以上コンピューターのモニターを見つめている人は、目が疲れたり乾いたりすることがあります。これらの症状がひどくなると、「ドライアイ」という病気になります。このドライアイ向けの薬剤は驚くほど選択肢が少ないそうで、これは人間の目の複雑な病態生理をモデル化することが難しいためだそうです。しかし、ペンシルバニア大学の研究チームが新しく開発した目の生体機能チップは、人間のまばたきをシミュレートすることが可能であり、リスクおよび倫理的懸念を最小限に抑えながらドライアイ向けの実験薬のテストに使用することができます。 Multiscale reverse engineering of the human ocular surface | Nature Medicine http://dx.doi.org/10.1038/s41591-019-0531-2
A tale of politeness
Here are my 2 cents on “one of many” experiences about working abroad as a foreigner in Japan. As my profile is public and I don’t hide my name, I see no point in hiding things which can be googled but less obvious details will be anonymized. Edit: someone made a reddit thread about it. A coin is attractiveI joined LINE in May 2018. It’s funny you know, because I’d never had expected to work in Ja
This is the first of several posts exploring how git works under the hood. While lots of programmers are familiar with using git, I wanted to do a deep dive into how git is implemented. git employs many clever ideas to optimize common version control operations. I'm a big fan of trying to understand software by playing around with it rather than reading lots of documentation. To that end, I've wri
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI and BMW ConnectedDrive system, the new Lexus AVN unit seems to be a bit more traditional. From a security perspective, it may highly reduce t
Zoom Security Exploit - Cracking private meeting passwords - Tom Anthony
Short version: Zoom meetings were default protected by a 6 digit numeric password, meaning 1 million maximum passwords. I discovered a vulnerability in the Zoom web client that allowed checking if a password is correct for a meeting, due to broken CSRF and no rate limiting. This enabled an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private
We built a powerful multi-platform reverse engineering tool. Cutter's goal is to be an advanced FREE and open-source reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Powered by Rizin Cutter is using Rizin as its core engine. Thus, allows access to thousands of features via the GUI or by using the integrated termin
How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engi
Accessing hardware devices on the web Stay organized with collections Save and categorize content based on your preferences. The goal of this guide is to help you pick the best API to communicate with a hardware device (e.g. webcam, microphone, etc.) on the web. By "best" I mean it gives you everything you need with the shortest amount of work. In other words, you know the general use case you wan
NAT Slipstreaming v2.0 NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to any system behind a victim's NAT, bypassing the victim's NAT/firewall (remote arbitrary firewall pinhole control), just by the victim visiting a website. v1 developed by: @SamyKamkar // https://samy.pl v2 developed by: Samy Kamkar && (Ben Seri && Gregory Vishnipolsky of Armis). Read Ben & Gr
Look-up-tables, more commonly referred to as LUTs, are as old as Mathematics itself. The act of precalculating things into a row or table is nothing new. But in the realm of graphics programming, this simple act unlocks some incredibly creative techniques, which both artists and programmers found when faced with tough technical hurdles. We’ll embark on a small journey, which will take us from simp
A Git story: Not so fun this time | Brachiosoft Blog
Linus Torvalds once wrote in a book that he created Linux just for fun, but it ended up sparking a revolution. Git, his second major creation, also an accidental revolution. It’s now a standard tool for software engineers, but its origin story wasn’t so much fun this time, at least for Linus. Linus doesn’t scale 1998 was a big year for Linux. Major companies like Sun, IBM, and Oracle started getti
Documenting Sony Memory Stick UPDATE HISTORY:May 17 2022 - Documented the Sony Memory Stick Host chip MB86189Apr 4 2022 - Added MSIO Camera documentation, added camera and GPS sample codeApr 3 2022 - Added MSIO GPS documentationMar 25 2022 - Added some more MSIO infoMar 19 2022 - added some MSIO info Disclaimer: most of this data was scrounged from many sources, guessed from disassembly, inferred
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack - Socket
Security News Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China. More than 110K websites using the Polyfill.io service have been impacted by a supply chain attack after a Chinese company bought the service earlier this year. The C
China's Progress in Semiconductor Manufacturing Equipment | Center for Security and Emerging Technology
Analysis China’s Progress in Semiconductor Manufacturing Equipment Accelerants and Policy Implications To reduce its dependence on the United States and its allies for semiconductors, China is building domestic semiconductor manufacturing facilities by importing U.S., Japanese, and Dutch semiconductor manufacturing equipment. In the longer term, it also hopes to indigenize this equipment to replac
KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card
Or the story of how I received an 18K$ bug bounty for a critical Amazon Kindle vulnerability. For any questions and inquiries about KindleDrip, you may contact me at baronyogev+kindledrip@gmail.com. If you are interested in a security audit for your products, or special security research, you can contact Realmode Labs at contact@realmodelabs.com. Thanks to Yaar Hahn for the help with this project.
My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo
Hacking Bluetooth to Brew Coffee from GitHub Actions: Part 1 - Bluetooth Investigation permalink This is going to be a long journey in three parts that covers the odyssey of getting a new coffeemaker, learning BTLE and how it works, reverse-engineering the Bluetooth interface and Android applications for the coffeemaker, writing a Rust-based CLI interface, and finally, hooking it all up to a GitHu
OSCP、OSCE、そしてOSEE…… 世界最高峰難度のセキュリティ資格保持者、試験を語る | セキュリティブログ | 脆弱性診断(セキュリティ診断)のGMOサイバーセキュリティ byイエラエ
TOP > セキュリティブログ > 川口洋の座談会シリーズ > OSCP、OSCE、そしてOSEE…… 世界最高峰難度のセキュリティ資格保持者、試験を語る イエラエセキュリティの顧問を務める川口洋が、イエラエセキュリティを支える多彩なメンバーと共に、サイバーセキュリティやサイバーリスクの今を語り合う座談会シリーズ、第8回をお送りします。 川口洋氏は、株式会社川口設計 代表取締役として、情報セキュリティEXPO、Interop、各都道府県警のサイバーテロ対策協議会などで講演、安全なITネットワークの実現を目指してセキュリティ演習なども提供しています。 イエラエ顧問として「川口洋の座談会シリーズ」を2019年に開始、サイバーセキュリティを巡る様々な話題を、社内外のゲスト達と共に論じ語ってきました(「川口洋の座談会シリーズ」)。 今回ゲストとして登場するのは、株式会社ラックよりサイバーセキュリテ
<g> <g> <defs> <rect id="SVGID_1_" x="-468" y="-1360" width="1440" height="3027" /> </defs> <clippath id="SVGID_2_"> <use xlink:href="#SVGID_1_" style="overflow:visible;" /> </clippath> </g> </g> <rect x="-468" y="-1360" class="st0" width="1440" height="3027" style="fill:rgb(0,0,0,0);stroke-width:3;stroke:rgb(0,0,0)" /> <path d="M13.4,12l5.8-5.8c0.4-0.4,0.4-1,0-1.4c-0.4-0.4-1-0.4-1.4,0L12,10.6L6.2
注意機構・自由エネルギー原理・ニューラルネットの概念の獲得
モダン・ホップフィールドネットと正準ニューラルネットには,どちらも生物学的妥当性をもつ再帰型ニューラルネットとして提案された,という共通点がある.この投稿では,モダン・ホップフィールドネットと正準ニューラルネットにまたがる共通点を掘り下げていくことによって,注意機構,自由エネルギー原理,そしてニューラルネットにおける概念の獲得という一見異なる容貌をした3つの概念が,隠れた水路を通じてお互いにつながり合うことを明らかにしたい. 1. ホップフィールドネット 1−1. モダン・ホップフィールドネットと注意機構 モダン・ホップフィールドネットは,離散的な状態しか持たない古典的なホップフィールドネットを拡張したモデルで,連続的な状態とそれに対応した状態の更新式を備えている[1].この新しいホップフィールドネットには,①多くのパターンを連想空間に保存する指数関数的な記憶容量を持ち,②1回の更新でパタ
TinyPilot is my inexpensive, open-source device for controlling computers remotely. It works even before the operating system boots, so I use TinyPilot to install new OSes and debug boot failures on my bare metal homelab servers. This post details my experience creating TinyPilot and shows how you can build your own for under $100 using a Raspberry Pi. Using TinyPilot to control my Ubuntu laptop f
電動歯ブラシをハッキングして現れた暗号を解析した結果とは?
市販の一部の電動歯ブラシには、ブラシ部分が装着されたことを認識して交換時期をお知らせしてくれる機能を持つ製品があります。エンジニアのアーロン・クリストファー氏は電動歯ブラシをハッキングして、パスワードで保護されたこの機能のロック解除を試みました。 Here is the full Philips Sonicare Head NFC Password Calculation ???? How I got there you can find in this Thread. 1/N pic.twitter.com/ooy1v2mBEe— atc1441 (@atc1441) Hacking the Philips Sonicare NFC Password - YouTube フィリップス製電動歯ブラシ「ソニッケアー」には、ブラシヘッドとハンドル部分が通信を行い、ヘッドが古くなると交換時期であ
Emulating an iPod Touch 1G and iPhoneOS 1.0 using QEMU (Part I) | Martijn de Vos
Around a year ago, I started working on emulating an iPod Touch 1G using the QEMU emulation software. After months of reverse engineering, figuring out the specifications of various hardware components, and countless debugging runs with GDB, I now have a functional emulation of an iPod Touch that includes display rendering and multitouch support. The emulated device runs the first firmware ever re
How to use Trend Micro's Rootkit Remover to Install a Rootkit
The opinions expressed in this publication are those of the authors. They do not reflect the opinions or views of my employer. All research was conducted independently. For a recent project, I had to do research into methods rootkits are detected and the most effective measures to catch them when I asked the question, what are some existing solutions to rootkits and how do they function? My search
こんにちは、私は id:side_tana。この記事は Mackerel Advent Calendar 17 日目の記事です。昨日は koudenpa さんでした。 この記事では部屋にモニタリングを導入するまでの経緯とその結果をご紹介します。 序 私は春に引っ越したのですが、引っ越してからしばらく睡眠の質が低い日々を過ごしていました。1週間ほどその状態で過ごしたとき、夜間に寝室のCO2濃度が高まって、それが悪影響となっているのではないか、とひらめきました。 その日の晩に寝室のドアを開けて寝たところ、寝苦しさについてはかなり改善されました。おそらくこれが原因だったのではないか、と思っています。 ともあれ私は睡眠の質を取り戻しました。めでたしめでたし。 本当に? 果たして本当にそうでしょうか? 私は専門家ではないので睡眠の質とCO2の関係性はわかりません。しかし本当にCO2が変化したのかは計
A Lisp Interpreter Implemented in Conway’s Game of Life
Lisp in Life is a Lisp interpreter implemented in Conway’s Game of Life. The entire pattern is viewable on the browser here. To the best of my knowledge, this is the first time a high-level programming language was interpreted in Conway’s Game of Life. Running Lisp on the Game of Life Lisp is a language with a simple and elegant design, having an extensive ability to express sophisticated ideas as
2023-01-10 FLARE VM を使って解析環境を作ったときのメモ。 FLARE VM とは FLARE VM を導入する Microsoft Defender Antivirus を無効化する インストール手順 インストールの完了 インストール直後の FLARE VM 導入されたツール一覧 右クリックメニュー 環境設定の変更点 導入されていたパッケージ FLARE VM のカスタマイズ パッケージの追加インストール サクラエディタの設定 「SAKURAで開く」を右クリックメニューに追加する サクラエディタをMonokai風の配色する パッケージのアップデート 付録 FLARE とは FLARE VM 導入によって変更される環境設定について 初期導入されていたツール名一覧 初期導入されていた Chocolatey パッケージ一覧 FLARE VM を利用した理由 VMware で
About - Asahi Linux
About Asahi LinuxAsahi Linux is a project and community with the goal of porting Linux to Apple Silicon Macs, starting with the 2020 M1 Mac Mini, MacBook Air, and MacBook Pro. Our goal is not just to make Linux run on these machines but to polish it to the point where it can be used as a daily OS. Doing this requires a tremendous amount of work, as Apple Silicon is an entirely undocumented platfor
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
超リアルなAI製ニセ画像「ディープフェイク」を作成したAIモデルの特定技術をFacebookが発表
How to download and install Linux
SwiftでAPI KEYなどの秘匿が推奨される情報の隠蔽化 - Qiita
X線をナノスケールのICチップに照射して非破壊的に内部を解析・調査する技術が登場
Reverse-Engineering Apple Dictionary
Progress Report: September 2021 - Asahi Linux
Kalyn: a self-hosting compiler for x86-64
まばたき可能な人工の「目」が登場して治療薬開発が困難なドライアイに光
Git Internals part 1: The git object model
Cutter
Accessing hardware devices on the web | Articles | web.dev
Samy Kamkar - NAT Slipstreaming v2.0
How video games use LUTs and how you can too
Sony Memory Stick - Dmitry.GR
My thoughts on writing a Minecraft server from scratch (in Bash)
Hacking Bluetooth to Brew Coffee from GitHub Actions: Part 1 - Bluetooth Investigation
Developer Agreement – Twitter Developers
TinyPilot: Build a KVM Over IP for Under $100
私生活における監視の実践 - 暮らしの技術
FLARE VM を使って Windows10 に解析環境を構築する - setodaNote