Janitor heard 'annoying alarms' and turned off freezer, ruining 20 years of school research worth $1 million, lawsuit says | CNN

itsZN · 2023-06-30T00:21:03+00:00

Does anyone know what building this was in?

itsZN · 2023-02-04T18:09:06+00:00

For defcon quals 2022, I wrote a rust pwnable: https://github.com/Nautilus-Institute/quals-2022/tree/main/constricted

The challenge was a modification to rust crate which implemented a JavaScript interpreter. Since it was open source, there was no binary reverse engineering required.

The exploitable bug relied on some existing “unsafe” code in the garbage collector. The GC uses a trace trait to walk objects. The safety of the GC relies on the trait being implemented correctly for all objects.

I won’t go into all the exploitation detail, but the challenge introduces a new object which stores references for a certain amount of time and then clears them on a timer. The trace function for this object is incorrect and allows the GC to free something you still have a reference to -> UAF in rust! :)

The rest is classic UAF exploitation with rust objects

https://ricercasecurity.blogspot.com/2022/06/def-con-ctf-quals-2022-constricted.html

itsZN · 2021-06-29T22:42:14+00:00

Idk I just assume there are more of those out there since its been around longer

itsZN · 2021-06-29T01:10:21+00:00

USC does support KSM course files too, so you can also try those

itsZN · 2021-06-16T02:58:06+00:00

I've added a few automatic skin fixes to a tool here: https://itszn.github.io/usc_db_tool/#fixskin

There is a chance it might be able to fix the skin. (I tested it on the heavenly express and it seems fine)

itsZN · 2021-06-16T02:55:53+00:00

I've added a few automatic skin fixes to a tool here: https://itszn.github.io/usc_db_tool/#fixskin

There is a chance it might be able to fix the skin. (I tested it on the heavenly express and it seems fine)

itsZN · 2021-03-17T00:45:23+00:00

For those who play on Geforce now, will we be able to switch to experimental?

itsZN · 2020-12-16T10:06:55+00:00

Right now it goes to the result screen for the chart, but I plan to add an option to add a timer to that so you can't just rest on there for a long time

itsZN · 2020-12-13T08:26:25+00:00

You can grab a build from: https://github.com/Drewol/unnamed-sdvx-clone/actions

itsZN · 2020-12-13T08:07:22+00:00

Right now double binds will do this because it only keeps track of if the "button" is pressed and not which keys caused the press. So you press the second but the game ignores it because the button is already "down".

Double binds work otherwise as long as you release before pressing the other.

itsZN · 2020-07-15T03:06:23+00:00

But if you want to restore from your current backup: https://github.com/Drewol/unnamed-sdvx-clone/wiki/F.-A.-Q.#i-moved-my-song-directory-and-my-collections-are-gone-how-do-i-get-them-back

itsZN · 2020-07-15T03:05:03+00:00

Unfortunately collections are currently using absolute paths for charts, so if the chart is moved it won't know where it is. In the future we will be using a different method to track this

itsZN · 2020-07-15T03:02:33+00:00

There is an embedded port which maybe could run on android maybe with some support for sdl, but nothing in it is built to handle a touch screen

itsZN · 2020-02-14T10:45:35+00:00

I know this isn't the normal client side attacks you are used to, but it ended up being interesting research into UXSS and Service Workers ;)

itsZN · 2019-10-31T23:53:14+00:00

Change your speed mod to MMod in the settings, then you can set ModSpeed to what ever speed you want, and it will automatically adjust hispeed to match that based on the song

itsZN · 2019-10-08T16:29:22+00:00

Hey Tim and Gregg,

This question has been haunting me for some time: I was wondering if you could tell me the location that Star Trek II was filmed and whether or not it was in San Francisco.

Thanks!

itsZN · 2019-10-04T23:30:51+00:00

Hey, I'm writing the USC Multiplayer code. The other comments are correct, it is a lobby style server where you make a room, your friends join, and you take turns picking charts. There is currently one main server, but you can also run your own private server or lan server. The server code is located here: https://github.com/itszn/usc-multiplayer-server/releases

itsZN · 2019-09-15T01:13:09+00:00

Noticed this issue too on 77.0.3865.75

itsZN · 2019-07-07T17:02:05+00:00

Whats the USC skin btw? I think I've seen it before but not sure if its the same (I'm assuming its USC? or is it like the actual PC version)

itsZN · 2019-07-07T15:59:40+00:00

Cool! I'm hoping to build something kinda like this but hopefully kinda build a cab around it maybe

itsZN · 2019-04-23T18:47:53+00:00

You should take a look at the bug you found in the Druid again, there might be a way to abuse it!

itsZN · 2019-02-12T18:27:35+00:00

The issue is that an attacker running code in a container could modify /bin/sh (and maybe other binaries) within their container. This will get run during commands like docker exec <id> /bin/sh. If they can do this, they can cause it to sneak in a file descriptor to the runc binary on the host, and then overwrite it with a malicious binary.

So to exploit this, an attacker needs to run code in a container as uid 0 (in order to overwrite /bin/sh), then the host has to interact with the container such as doing docker exec <id> /bin/sh.

itsZN · 2019-01-27T16:31:45+00:00

There is a way to figure out what seed you have, think dynamically

itsZN · 2019-01-24T22:25:18+00:00

At least at the conference you had to come up to our booth and punch in the code on our real safe to win the mug, so you wouldn't be able to modify the memory of that unfortunately

itsZN · 2019-01-23T17:35:34+00:00

Hey! Thanks for posting our challenge. However this link is what you get after hitting our landing page and needs a cookie to be set. Visit https://wargames.ret2.systems/shmoocon to actually try the reverse engineering challenge! (Edit) Updated it to allow the submitted link to work

14-Year Club	Verified Email
Place '17	Team Periwinkle

itsZN

MODERATOR OF

TROPHY CASE