13 comments

[ 3.9 ms ] story [ 22.0 ms ] thread
Why is project zero hosted on blogspot?
Google owns it.
They don't host their 'cloud' blog on blogspot: https://cloud.google.com/blog/topics/inside-google-cloud/an-...

So why project zero?

It was probably the easiest route. Instead of setting up a special website for it, they just made a blog with a couple of clicks. Project zero goes back to 2014. Perhaps the infrastructure wasn't there, or it started as a small pilot project.
They probably do host Blogspot on their cloud though.
Confused, why is this a big deal? It seems like such a minor thing.
(comment deleted)
Maybe now Google wont kill that service if their employees rely on it.. :P
Should you need the services of a good hacker, talk to darkcracker@protonmail.com, dude is good.
>Windows Exploitation Tricks: Abusing the User-Mode Debugger

...and...

>Nothing I’ve described here is a security vulnerability, but the behavior is interesting and it’s worth looking out for cases where it could be used.

Maybe I'm misunderstanding this newfangled internets but isn't exploitation generally synonymous with security vulnerability?

JFYI, for anyone who's interested, the equivalent debugging API methods in .NET could be found in ClrMd[0] but it's as unyielding a beast as the native methods.

[0] - https://github.com/microsoft/clrmd

A vulnerability is "this function will write 8 bytes of arbitrary data out of bounds in an edge case". Exploitation is the process of using that vulnerability to, typically, cause the process to execute attacker-controlled code.

Something can make exploitation easier without being a vulnerability. For example, disabling exploit mitigations like ASLR does this.

(comment deleted)
User mode debugging is an area that any present or future OS designer should be concerned about getting right in terms of debugging features vs. security implications...