EverestX Releases Pocket POCSAG Transmitter (as seen at Telephreak)

Years ago, EverestX showed off a fancy device that fits in your pocket and enables you to transmit to pagers (via POCSAG). All of us here at SX agreed that it would be an awesome project to publish on soldierx.com someday. We're happy to say that the day has finally come. Please do yourself a favor and check out all of the juicy details here.

Contrary to some of the rumors, we're not dead yet.

Mojave Phone Booth Altcoin ICO


We are happy to announce and promote the ICO for the official Mojave Phone Booth shitcoin altcoin. Many have made suggestions over the years (such as CSF's literal shitcoin [coin generated by power from excrement]), but none seemed right - until now. We've heard rumors of Captain Planet turning shitcoin altcoin mining operations into trees, so hopefully he spares the Mojave Phone Booth mining operation.

To learn more and get involved, please join Mojave Phone Booth by sending "subscribe [nickname_here]" to +1760-733-9969 over Signal/Telegram or join 7607339969 on Keybase.

SX April Fools' Day 2020 Cancelled

We like to do a joke every year for April Fools', but after discussion with some of the crew we've decided to cancel this year as many other sites are doing on account of COVID-19. We hope we'll be able to come up with something extra funny in 2021. Good luck and stay safe people.

VulnTrack 1.1 by Ogma Released

VulnTrack provides monitoring and alerting of security vulnerabilities and exploits based on a provided rule set. In version 1.1 VulnTrack-gtk has been replaced with vulntrack-cli, which is works on both Windows and Linux. Includes new features such as Acknowledge, Remove, and showing vulnerabilities with known exploits available. The database comes pre populated with all exploits from 2017 to 4/24/19. As always, any feedback or feature requests are greatly appreciated.

SX Corrects Climate Change by Hacking Weather Dominator


We're proud to announce that after years of research, we've finally utilized our backdoor into Cobra's network to hack the SCADA system that controls their weather dominator. As such, we've decided to use this hack to correct climate change - effective immediately. You're welcome.

Note: Cobra Commander could not be reached for comment.

Call For Testing: Cross-DSO CFI in HardenedBSD

Over the past year, HardenedBSD has been hard at work in integrating the Cross-DSO CFI implementation in llvm. We have reached a point where we can release an early (pre-alpha) public Call For Testing (CFT) of this work.

For reasons which will be described below, we recommend this CFT be used by those using root-on-ZFS with boot environments. We recommend testing in a dedicated boot environment.

This initial round of testing is best suited for development server installations. Production servers and desktops/laptops are not advised for testing at this time. We're looking for feedback on what works and doesn't work.

Introduction

Control Flow Integrity, or CFI, is an exploit mitigation that aims to make it harder for an attacker to hijack the control flow of an executable image. llvm's CFI implementation provides forward-edge protection, meaning it protects call sites and non-return code branches. llvm includes basic and incomplete backward-edge protection via SafeStack.

CFI in llvm consists of two flavors:

1. Non-Cross-DSO CFI
2. Cross-DSO CFI

For over a year now, HardenedBSD has adopted non-Cross-DSO CFI in 12-CURRENT/amd64. Support for non-Cross-DSO CFI was added for 12-CURRENT/arm64 on 01 July 2018. Non-Cross-DSO CFI applies CFI to the applications themselves, but not on the shared objects they depend on. Cross-DSO CFI applies CFI to both applications and shared objects, enforcing CFI across shared object boundaries.

When an application or shared object is compiled, its source files typically get compiled first to intermediate object files. Enabling Cross-DSO CFI requires compiling and linking both static and shared libraries with Link Time Optimization (LTO). When LTO is enabled, these object files are no longer ELF object files, but rather LLVM IR bitcode object files.

Syndicate content