Presenting Project Ergo: How to Build an Airplane Detector for Satellite Imagery With Deep Learning

It’s been a while that i’ve been quite intensively playing with Deep Learning both for work related research and personal projects. More specifically, I’ve been using the Keras framework on top of a TensorFlow backend for all sorts of stuff. From big and complex projects for malware detection, to smaller and simpler experiments about ideas i just wanted to quickly implement and test - it didn’t really matter the scope of the project, I always found myself struggling with the same issues: code reuse over tens of crap python and shell scripts, datasets and models that are spread all over...

Спамеры требуют денег

За последние несколько недель пришло множество писем, якобы с наших взломанных почтовых адресов, на них же самих.
Но на самом деле ничего не взломано, просто адреса отправителей подделаны, и письма отправляются на наши публичные сервера, которые их вполне принимают.
Тексты немножко различные, одно письмо аж на японском языке, но все эти спамеры требуют прислать денег на ихние счета в Bitcoin.
Hello!
I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated...

The Next Chapter: From the Endpoint to the Cloud

Earlier this year, I decided to take a sabbatical. I wanted to reflect on my infosec work and decide what I would like to focus on in the coming years. As you probably know, I’ve spent the last nine years mostly fighting the battle to secure the endpoint, more specifically creating, developing, architecting, and promoting Qubes OS, as well as the more general concept of “Security through Distrusting”.

Over these past nine years, Qubes OS has grown from a research-inspired proof-of-concept into a reasonably mature, large open-source project with dozens of contributors and tens of thousands of users, including some high-profile security experts.

There are still many challenges ahead for Qubes, however....

Project PITA: Build a Mini Mass Deauther Using Bettercap and a Raspberry Pi Zero W

A few days ago I started playing with some idea I had from a few weeks already, using a Raspberry Pi Zero W to make a mini WiFi deauthenticator: something in my pocket that periodically jumps on all the channels in the WiFi spectrum, collects information about the nearby access points and their connected clients and then sends a deauthentication packet to each one of them, resulting in some sort of WiFi jammer on the 802.11 level. As an interesting “side effect” of this jammer (the initial intent was purely for the lulz) is that the more it deauths, the...

Second GNUnet Hacker Meeting 2018

Second GNUnet Hacker Meeting 2018 at La Décentrale, Switzerland

The GNUnet hackers met for the second time this year. The primary goal was to squash bugs to bring out a new release. Aside from this we worked hard on improving the documentation and to launch this new website.

Introducing graphene-ng: running arbitrary payloads in SGX enclaves

A few months ago, during my keynote at Black Hat Europe, I was discussing how we should be limiting the amount of trust when building computer systems. Recently, a new technology from Intel has been gaining popularity among both developers and researchers, a technology which promises a big step towards such trust-minimizing systems. I’m talking about Intel SGX, of course.

Intel SGX caught my attention for the first time about 5 years ago, a little while before Intel has officially added information about it to the official Software Developer’s Manual. I’ve written two posts about my thoughts on this (then-upcoming) technology, which were a superposition of both positive and negative...

GNUnet 0.11.0pre66

GNUnet 0.11.0pre66

We are pleased to announce the release of GNUnet 0.11.0pre66.
This is a pre-release to assist developers and downstream packagers to test the package before the final release after four years of development.

In terms of usability, users should be aware that there are still a very large number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny (~200 peers) and thus unlikely to provide good anonymity or extensive...

Go Is Amazing, So Here's What I Don't Like About It

https://giphy.com/embed/12NUbkX6p4xOO4

After my last post and generally the kind of indirect advertising I’m doing to the Go programming language for a few months now, I heard about and talked with a lot of people who started being interested in the language, so for once I decided to write what I don’t like about it instead, to provide a more balanced perspective of what’s my experience so far and maybe let some of those people realize that Go is not the right choice for their projects after all.

NOTE 1

It’s important to say that some, if not most of the things I’m about...

All Hail Bettercap 2.0, One Tool to Rule Them All.

It’s with immense pleasure that I announce the release of the second generation of bettercap, a complete reimplementation of the most complete and advanced Man-in-the-Middle attack framework. This release not only brings MITM attacks to the next level, but it aims to be the reference framework for network monitoring (we <3 blueteams too), 802.11, BLE attacks and more! :D

The first thing I want to mention is the amazing team that helped me debugging during endless sessions on Windows, or implemented new features that changed the tool radically, or tested, or gave ideas, or reported bugs (on GitHub, not on Twitter...

Рассылки от мошенников

Уважаемые клиенты!
Некоторые наши клиенты периодически получают письма якобы от имени RU-CENTER, призывающие:
разместить в корневой директории сайта вредоносный файл для подтверждения права владения доменом;
произвести оплату услуг по ссылке, ведущей на сайт, не имеющий отношения к RU-CENTER;
оплатить «регистрацию домена в поисковых системах», «присутствие в интернете» и т.д.
Подобные письма рассылаются мошенниками по адресам, находящимся в открытом доступе.
Мы никогда не требуем подтвердить право на домен таким способом, не запрашиваем у клиентов пароли в электронных письмах, не размещаем формы оплаты наших услуг на сторонних ресурсах, а сообщения об изменениях в наших настоящих уведомлениях всегда сопровождаются ссылками на оригиналы документов, публикуемые на нашем сайте.
Чтобы не стать...