Subnostr

Today's mission: find #0days in #Signet!

No, seriously, I'm writing tools to determine the impacts of a malicious client. What can the firmware defend against & what are its limitations?

Whether the code is vulnerable or secure, we should have proof. Right now the proof is "it's open source, just read the code" and that's not good enough. I want any independent security professional to be able to audit the firmware in a weekend, by themselves.

In summary #PoCorGTFO

#security #infosec #exploits

Reply to this note

Please Login to reply.

Discussion

Dr. Hax 1y ago

Too many distractions to make much progress on this. I did take some notes on data storage structures in the firmware.

I also found some structure parsing in the client, but they don't match up, so I'm guessing "block" is an overloaded term.

Once I get it straight, I'll turn my notes into documentation. I'm going yo need dedicated time to really focus on this.