Jonathan Lalou's Blog

Dr. Stefanie Tompkins, Director of DARPA, joined by Dr. Renee Wegrzyn, inaugural Director of ARPA-H, explores a hypothetical scenario where all cyber vulnerabilities vanish overnight. Their session at DEF CON 32, moderated interactively, delves into the hacker community’s contributions to cybersecurity and the next frontier of challenges, from supply chain vulnerabilities to quantum computing. Stefanie and Renee emphasize the synergy between DARPA, ARPA-H, and the DEF CON community in shaping a secure digital future.

The Hacker Community’s Legacy

Stefanie opens by celebrating the DEF CON community’s role in challenging the status quo, citing DARPA’s Cyber Grand Challenge and Cyber Fast Track as catalysts for vulnerability detection advancements. She highlights how diverse perspectives have driven innovations like the ARPANET, the precursor to the internet. Stefanie underscores the community’s potential to address future threats, encouraging active collaboration with agencies like DARPA.

Envisioning a Vulnerability-Free World

Renee explores the implications of a world without cyber vulnerabilities, questioning what new challenges would emerge. She discusses ARPA-H’s Apex program, which leverages generative AI to create novel antigen sequences for unaddressed viruses, illustrating how hacker ingenuity could pivot to proactive solutions. Renee emphasizes the need to secure health tech ecosystems, particularly hospitals, against cyberattacks.

Tackling Supply Chain and Quantum Challenges

Stefanie, a geologist by training, shares her focus on supply chain vulnerabilities, given their critical role in global technology ecosystems. She also addresses quantum computing’s uncertain future, noting DARPA’s efforts to determine its transformative potential versus obsolescence. Stefanie’s insights highlight the need for rigorous questioning to guide technological development, inviting hackers to contribute ideas.

Fostering Collaborative Innovation

Concluding, Renee and Stefanie call for continued partnership with the DEF CON community to solve complex problems. They encourage attendees to share ideas with DARPA and ARPA-H, emphasizing that transformative solutions arise from collective creativity. Their vision for a resilient digital and health infrastructure inspires hackers to shape the next era of cybersecurity innovation.

Links:

• DARPA website
• ARPA-H website

Alessandro Magnosi, a security researcher at the British Standards Institute, unveils an innovative technique for loading malicious drivers on Windows 11 by exploiting NTFS features and emulated read-only filesystems (ROFs). His presentation at DEF CON 32 explores how advancements in Windows security, such as Driver Signature Enforcement (DSE) and Hypervisor-protected Code Integrity (HVCI), have pushed attackers to exploit new vulnerabilities. Alessandro’s work provides actionable detection strategies to counter these sophisticated threats.

Exploiting NTFS and ROFs

Alessandro introduces his DriverJack technique, which manipulates NTFS and emulated CDFS vulnerabilities to bypass modern Windows protections. By exploiting previously identified flaws in emulated filesystems, Alessandro demonstrates how attackers can covertly install malicious drivers. His approach, developed at the British Standards Institute, leverages these weaknesses to achieve persistence, evading detection mechanisms designed to thwart traditional malware deployment.

Bypassing Security Mechanisms

Delving deeper, Alessandro explains how DriverJack circumvents DSE and HVCI. He explores alternative malware delivery methods in usermode, integrating with tools like Kernel Driver Utility (KDU) and Canal Forge when HVCI is disabled. Alessandro highlights the challenges of exploiting modern CPUs, noting that outdated hardware exacerbates vulnerabilities, making timely updates critical for system security.

Detection and Mitigation Strategies

Alessandro provides practical Indicators of Compromise (IOCs), such as monitoring for privilege escalations to SYSTEM or TrustedInstaller, drive letter changes, and alterations in the NT object manager. He advocates for runtime hash verification of driver load events to detect discrepancies, ensuring robust defense against DriverJack. His publicly available proof-of-concept on GitHub empowers researchers to test and refine these countermeasures.

Strengthening System Defenses

Concluding, Alessandro urges organizations to prioritize hardware updates and implement cross-checks for driver integrity. His work underscores the evolving nature of cyber threats, encouraging the cybersecurity community to stay vigilant. By sharing DriverJack’s methodologies, Alessandro inspires proactive measures to safeguard Windows systems against emerging exploits.

Links:

• British Standards Institute website
• Alessandro Magnosi on GitHub

At Devoxx Greece 2025, Laila Bougria, representing Particular Software, delivered an insightful presentation on the nuances of orchestration and choreography in microservice architectures. Leveraging her extensive banking industry experience, Laila provided a practical framework to navigate the trade-offs of these coordination strategies, using real-world scenarios to guide developers toward informed system design choices.

The Essence of Microservice Interactions

Laila opened with a relatable story about navigating the mortgage process, underscoring the complexity of interservice communication in microservices. She explained that while individual services are streamlined, the real challenge lies in orchestrating their interactions to deliver business value. Orchestration employs a centralized component to direct workflows, maintaining state and issuing commands, much like a conductor guiding a symphony. Choreography, by contrast, embraces an event-driven model where services operate autonomously, reacting to events with distributed state management. Through a loan broker example, Laila illustrated how orchestration simplifies processes like credit checks and offer ranking by centralizing control, yet risks creating dependencies that can halt workflows if services fail. Choreography, facilitated by an event bus, enhances autonomy but complicates tracking the overall process, potentially obscuring system behavior.

Navigating Coupling and Resilience

Delving into the mechanics, Laila highlighted the distinct coupling profiles of each approach. Orchestration often leads to efferent coupling, with the central component relying on multiple downstream services, necessitating resilience mechanisms like retries or circuit breakers to mitigate failures. For instance, if a credit scoring service is unavailable, the orchestrator must handle retries or fallback strategies. Choreography, however, increases afferent coupling through event subscriptions, which can introduce bidirectional dependencies when addressing business failures, such as reversing a loan if a property deal collapses. Laila stressed the importance of understanding coupling types—temporal, contract, and control—to make strategic decisions. Asynchronous communication in orchestration reduces temporal coupling, while choreography’s event-driven nature supports scalability but challenges visibility, as seen in her banking workflow example where emergent behavior obscured process clarity.

Addressing Business Failures and Workflow Evolution

Laila emphasized the critical role of managing business failures, or compensating flows, where actions must be undone due to unforeseen events, like a failed property transaction requiring the reversal of interest provisions or direct debits. Orchestration excels here, leveraging existing service connections to streamline reversals. In contrast, choreography demands additional event subscriptions, risking complex bidirectional coupling, as demonstrated when adding a background check to a loan process introduced order dependencies. Laila introduced the concept of “passive-aggressive publishers,” where services implicitly rely on others to act on events, akin to expecting a partner to address a chaotic kitchen without direct communication. She advocated for explicit command-driven interactions to clarify dependencies, ensuring system robustness. Additionally, Laila addressed workflow evolution, noting that orchestration simplifies modifications by centralizing changes, while choreography requires careful management to avoid disrupting event-driven flows.

A Strategic Decision Framework

Concluding her talk, Laila offered a decision-making framework anchored in five questions: the nature of communication (synchronous or asynchronous), the complexity of prerequisites, the extent of compensating flows, the likelihood of domain changes, and the need for centralized responsibility. Orchestration suits critical workflows with frequent changes or complex dependencies, such as banking processes requiring clear state visibility. Choreography is ideal for stable domains with minimal prerequisites, like retail order systems. By segmenting workflows into sub-processes, developers can apply the appropriate pattern strategically, blending both approaches for optimal outcomes. Laila’s banking-inspired insights provide a practical guide for architects to craft systems that balance control, flexibility, and maintainability.

Links:

• Particular Software company website

Here is a fully automated PowerShell script that will:

1. Unregister and remove all WSL distros

2. Reset WSL to factory defaults

3. Optionally reinstall WSL cleanly (commented out)

⚠️ You must run this script as Administrator

# =====================================================
# WSL Full Reset Script for Windows 11
# Removes all distros and resets WSL system features
# MUST BE RUN AS ADMINISTRATOR
# =====================================================

Write-Host "`n== STEP 1: List and remove all WSL distros ==" -ForegroundColor Cyan

$distros = wsl --list --quiet
foreach ($distro in $distros) {
    Write-Host "Unregistering WSL distro: $distro" -ForegroundColor Yellow
    wsl --unregister "$distro"
}

Start-Sleep -Seconds 2

Write-Host "`n== STEP 2: Disable WSL-related Windows features ==" -ForegroundColor Cyan

dism.exe /online /disable-feature /featurename:VirtualMachinePlatform /norestart
dism.exe /online /disable-feature /featurename:Microsoft-Windows-Subsystem-Linux /norestart

Start-Sleep -Seconds 2

Write-Host "`n== STEP 3: Uninstall WSL kernel update (if present) ==" -ForegroundColor Cyan
$wslUpdate = Get-AppxPackage -AllUsers | Where-Object { $_.Name -like "*Microsoft.WSL2*" }
if ($wslUpdate) {
    winget uninstall --id "Microsoft.WSL2" --silent
} else {
    Write-Host "No standalone WSL kernel update found." -ForegroundColor DarkGray
}

Start-Sleep -Seconds 2

Write-Host "`n== STEP 4: Clean leftover configuration files ==" -ForegroundColor Cyan
$paths = @(
    "$env:USERPROFILE\.wslconfig",
    "$env:APPDATA\Microsoft\Windows\WSL",
    "$env:LOCALAPPDATA\Packages\CanonicalGroupLimited*",
    "$env:LOCALAPPDATA\Docker",
    "$env:USERPROFILE\.docker"
)
foreach ($path in $paths) {
    Write-Host "Removing: $path" -ForegroundColor DarkYellow
    Remove-Item -Recurse -Force -ErrorAction SilentlyContinue $path
}

Write-Host "`n== STEP 5: Reboot Required ==" -ForegroundColor Magenta
Write-Host "Please restart your computer to complete the WSL reset process."

# Optional: Reinstall WSL cleanly (after reboot)
# Uncomment the lines below if you want the script to also reinstall WSL
<# 
Write-Host "`n== STEP 6: Reinstall WSL ==" -ForegroundColor Cyan
wsl --install
#>

In the mesmerizing mirror maze of machine mimicry, where words weave worlds indistinguishable from wit, Jodie Burchell, JetBrains’ data science developer advocate, shatters the spell of sentience in large language models (LLMs). A PhD psychologist turned NLP pioneer, Jodie probes the psychological ploys that propel projections of personhood onto probabilistic parsers, dissecting claims from consciousness to cognition. Her inquiry, anchored in academia and augmented by anecdotes, advises acuity: LLMs as linguistic lenses, not living likenesses, harnessing their heft while heeding hallucinations.

Jodie greets with gratitude for her gritty slot, her hipster cred in pre-prompt NLP notwithstanding. LLMs’ 2022 blaze beguiles: why bestow brains on bytes when other oracles oblige? Her hypothesis: humanity’s hall of mirrors, where models mirror our mores, eliciting empathy from echoes.

Psychological Projections: Perceiving Personhood in Parsers

Humans, Jodie hazards, hallucinate humanity: anthropomorphism’s ancient artifice, from pets to puppets. LLMs lure with language’s liquidity—coherent confessions conjure companionship. She cites stochastic parrots: parleying patterns, not pondering profundities, yet plausibility persuades.

Extraordinary assertions abound: Blake Lemoine’s LaMDA “alive,” Google’s Gemini “godhead.” Jodie juxtaposes: sentience’s scaffold—selfhood, suffering—sans in silicon. Chalmers’ conundrum: consciousness connotes qualia, quanta qualms quell in qubits.

Levels of Luminescence: From Language to Luminary

DeepMind’s AGI arc: Level 1 chatbots converse convincingly; Level 2 reasons reactively; Level 3 innovates imaginatively. LLMs linger at 1-2, lacking Level 4’s abstraction or 5’s autonomy. Jodie jests: jackdaws in jester’s garb, juggling jargon sans judgment.

Illusions intensify: theory of mind’s mirage, where models “infer” intents from inferences. Yet, benchmarks belie: ARC’s abstraction stumps, BIG-bench’s breadth baffles—brilliance brittle beyond basics.

Perils of Projection: Phishing and Philosophical Pitfalls

Prompt injections prey: upstream overrides oust origins, birthing bogus bounties—”Amazon voucher via arcane URL.” Jodie demonstrates: innocuous inquiries infected, innocuousness inverted into inducements. Robustness rankles: rebuttals rebuffed, ruses reiterated.

Her remedy: recognize reflections—lossy compressions of lore, not luminous lives. Demystify to deploy: distill data, detect delusions, design defensively.

Dispelling the Delusion: Harnessing Heuristics Humanely

Jodie’s jeremiad: myths mislead, magnifying misuses—overreach in oracles, oversight in safeguards. Her horizon: LLMs as lucid lenses, amplifying analysis while acknowledging artifice.

Links:

• JetBrains company website
• Jodie Burchell on LinkedIn
• Jodie Burchell on GitHub

Jake Jepson and Rik Chatterjee, systems engineering master’s students at Colorado State University, present a compelling investigation into the cybersecurity risks of Electronic Logging Devices (ELDs) in the trucking industry. Their session at DEF CON 32 exposes critical vulnerabilities in these mandated devices, demonstrating the potential for remote exploits and a wormable attack that could propagate across truck networks. Jake and Rik’s research underscores the urgent need for standardized security protocols in an industry pivotal to global supply chains.

Uncovering ELD Vulnerabilities

Jake opens by highlighting the role of ELDs in ensuring compliance with Hours of Service regulations, yet notes their susceptibility to cyber-physical attacks due to inadequate security measures. Working at Colorado State University, Jake and Rik reverse-engineered commercially available ELDs, identifying insecure defaults and poor security practices. Their findings reveal how attackers could exploit these weaknesses to gain unauthorized control over truck systems, posing significant risks to safety and logistics.

Developing a Truck2Truck Worm

Rik details their proof-of-concept attack, which leverages wireless communication vulnerabilities in ELDs. Using tools like Ghidra for firmware reverse-engineering and network scanners, they developed a worm capable of spreading via over-the-air updates, exploiting default credentials. Rik explains how trucks’ proximity at rest stops or distribution hubs, combined with always-on diagnostic ports, creates ideal conditions for a worm to propagate, potentially affecting entire fleets within a 120-foot range in dense environments.

Coordinated Disclosure and Industry Impact

Jake shares their responsible disclosure process, including his first CVE, which prompted a swift response from manufacturer IO6, who issued a patch. However, Jake emphasizes that the root issue lies in government-mandated, self-certified devices lacking rigorous security standards. Their work highlights systemic flaws in ELD certification, urging regulators to prioritize cybersecurity to prevent large-scale disruptions in the trucking industry.

Links:

• Colorado State University website

Merve Noyan, Machine Learning Advocate Engineer at Hugging Face and a Google Developer Expert in vision, navigated the nebula of communal cognition at DotAI 2024. As a graduate researcher pioneering zero-shot vistas, Noyan demystifies multimodal marvels, rendering leviathans lithe for legions. Her odyssey exhorted eschewing enclosures for ecosystems: scouting sentinels, appraising aptitudes, provisioning prowess—yielding yokes unyoked from vendor vicissitudes, where governance gleams and evolutions endure.

Scouting and Scrutinizing Sentinels in the Open Expanse

Noyan decried data’s dominion: proprietary priors propel pinnacles, yet communal curations crest through ceaseless confluence—synthetics and scaling supplanting size’s supremacy. Open-source’s oracle: outpacing oracles, birthing bespoke brains across canons—textual tapestries to visual vignettes.

Hugging Face’s haven: model menageries, metrics manifold—perplexity probes, benchmark bastions like GLUE’s gauntlet or VQA’s vista. Noyan navigated novices: leaderboard luminaries as lodestars, yet litmus via locales—domain devotion via downstream drills.

Evaluation’s edifice: evince efficacy through ensembles—zero-shot zephyrs, fine-tune forays—discerning drifts in dialects or drifts in depictions.

Provisioning and Polishing for Persistent Potency

Serving’s sacrament: Text Generation Inference’s torrent—optimized oracles on off-the-shelf oracles—or vLLM’s velocity for voluminous ventures. Noyan’s nexus: LoRA’s legerdemain, ligating leviathans to locales sans surfeit.

TRL’s tapestry: supervised scaffolds, preference polishes—DPO’s dialectical dances aligning aptitudes. Quantization’s quartet—Quanto’s quanta, BitsAndBytes’ bits—bisecting burdens, Optimum’s optimizations orchestrating outflows.

Noyan’s nexus: interoperability’s imperative—transformers’ tendrils twining TRL, birthing bespoke ballets. She summoned synergy: Hugging Face’s helix, where harbors host horizons—fine-tunes as fulcrums, fusions as futures.

In invocation, Noyan ignited: “Let’s build together”—a clarion for coders charting communal conquests, where open-source ordains originality unbound.

Links:

• Hugging Face Website
• Merve Noyan on LinkedIn

Transitioning to Rust’s Ecosystem

The Rust programming language is renowned for its memory safety and performance, but its tooling ecosystem is equally transformative, particularly for developers transitioning from other platforms. James McNally, an independent software consultant, shared his journey from LabVIEW to Rust at OxidizeConf2024, highlighting how Rust’s tools enable reliable and performant industrial measurement systems. With a decade of experience in custom systems for scientists and engineers, James emphasized the productivity and flexibility of Rust’s tooling, drawing parallels to LabVIEW’s integrated environment.

LabVIEW, a visual programming language since the 1980s, offered James a single tool for desktop, real-time controllers, and FPGA development, with built-in UI capabilities. However, its limitations in modern software engineering tools prompted him to explore Rust. Rust’s ecosystem, including Cargo, Clippy, and Criterion, provided a cohesive environment that mirrored LabVIEW’s productivity while addressing its gaps. James’s transition underscores Rust’s appeal for solo developers needing to deliver high-quality systems with limited resources.

Building Robust CI Pipelines

A key focus of James’s presentation was his standard continuous integration (CI) pipeline for client projects. Using Cargo, Rust’s package manager, he automates building, testing, and formatting, ensuring consistent code quality. Clippy, Rust’s linter, plays a pivotal role by enforcing strict coding standards and preventing panics through targeted lints. James demonstrated how Clippy’s checks catch potential errors early, enhancing reliability in measurement systems where precision is critical.

For performance optimization, James relies on Criterion, a benchmarking tool that provides detailed performance metrics. This is particularly valuable for industrial applications, such as a concrete testing system for a university, where performance directly impacts data accuracy. By integrating these tools into CI pipelines, James ensures that his systems meet client requirements for reliability and efficiency, reducing the need for external dependencies and simplifying project management.

Community-Driven Tooling Enhancements

Rust’s open-source community is a driving force behind its tooling ecosystem, and James highlighted tools like cargo-deny for license checking and vulnerability alerting. He acknowledged challenges, such as false positives in large workspaces, but praised tools like cargo-tree for dependency analysis, which helps identify unused dependencies and resolve security issues. These tools empower developers to maintain secure and compliant codebases, a critical consideration for industrial applications.

James also addressed the potential for visual programming in Rust, noting that while LabVIEW’s visual paradigm is effective, text-based languages like Rust benefit from broader community support. Future enhancements, such as improved security tools like semgrep, could further streamline Rust development. By sharing his practical approach, James inspires developers to leverage Rust’s tooling for diverse applications, from one-off test systems to commercialized particle detectors.

Links:

• Quantum Detectors company website

Deth Veggie, Minister of Propaganda for the Cult of the Dead Cow (cDc), leads a nostalgic panel celebrating 40 years of hacker culture, joined by members of cDc, Legion of Doom, 2600 Magazine, Phrack, and r00t. Moderated by Professor Walter Scheirer from the University of Notre Dame, the session traces the origins of the computer underground in 1984, a pivotal year marked by the rise of personal computers and modems. Through vivid storytelling and audience engagement, the panelists reflect on the rebellious spirit, technical curiosity, and community that defined early hacking, offering insights for inspiring the next generation.

The Birth of Hacker Culture

Deth Veggie sets the stage, recounting the founding of cDc in 1984 in a Texas slaughterhouse adorned with heavy metal posters and a cow skull. This era saw the convergence of disaffected youth, empowered by personal computers and modems, forming groups like Legion of Doom and launching 2600 Magazine. The panelists share how their fascination with technology and rebellion against societal norms fueled the creation of a vibrant subculture, where Bulletin Board Systems (BBSes) became hubs for knowledge exchange.

The Rise of T-Files and Phrack

The panel explores the explosion of written hacker culture in 1985 with the advent of Phrack Magazine and text files (t-files), which became the currency of elite hackers. Panelists from Phrack and 2600 recount how these publications democratized technical knowledge, from phone phreaking to early computer exploits. Their stories highlight the thrill of discovery and the camaraderie of sharing hard-earned insights, shaping a community driven by curiosity and defiance.

Navigating the Underground

Reflecting on their experiences, the panelists discuss navigating the computer underground, from dial-up BBSes to illicit explorations of early networks. Members of Legion of Doom and r00t share anecdotes of creative problem-solving and the ethical dilemmas of their actions. These narratives reveal a culture where technical prowess and a desire to challenge authority coexisted, laying the groundwork for modern cybersecurity practices.

Engaging the Next Generation

Responding to audience questions, the panel addresses how to inspire today’s youth to engage with technology creatively. Deth Veggie suggests encouraging hands-on exploration through hacker spaces, maker spaces, and vintage computer festivals, where kids can tinker with old cameras and computers. The panelists emphasize finding role models who ignite passion, citing their own experiences looking up to peers on stage. They advocate fostering an active search for knowledge, akin to the BBS era, to cultivate emotional and intellectual investment in tech.

Preserving the Hacker Spirit

The panel concludes by urging the community to preserve the hacker spirit through mentorship and open knowledge sharing. Walter Scheirer’s moderation highlights the importance of documenting this history, as seen in cDc’s archives and 2600’s ongoing publications. The panelists call for nurturing curiosity in young hackers, ensuring the legacy of 1984’s rebellious innovators continues to inspire transformative contributions to technology.

Links:

• Cult of the Dead Cow website
• 2600 Magazine website
• University of Notre Dame website

Kuan-Ting Chen, known as HexRabbit, a security researcher at DEVCORE and member of the Balsn CTF team, delivers a riveting exploration of Linux kernel vulnerabilities in the nftables subsystem. His presentation at DEF CON 32 unveils three novel vulnerabilities discovered through meticulous analysis of the nftables codebase, a critical component for packet filtering in the Linux kernel. Kuan-Ting’s journey, marked by intense competition and dramatic setbacks in Google’s kernelCTF bug bounty program, culminates in a successful exploit, earning him his first Google VRP bounty. His narrative weaves technical depth with the emotional highs and lows of vulnerability research, offering a masterclass in kernel exploitation.

Understanding nftables Internals

Kuan-Ting begins by demystifying nftables, the successor to iptables, which manages packet filtering and network-related functionalities in the Linux kernel. He explains how features like batch commits, anonymous chains, and asynchronous garbage collection, designed to enhance efficiency, have inadvertently increased complexity, making nftables a prime target for attackers. His introduction provides a clear foundation, enabling attendees to grasp the intricate mechanisms that underpin his vulnerability discoveries.

Uncovering Novel Vulnerabilities

Delving into the technical core, Kuan-Ting dissects three nftables vulnerabilities, two of which exploited challenging race conditions to capture the kernelCTF flag. He details how structural changes in the nftables codebase, often introduced by security patches, can unintentionally create new flaws. For instance, one vulnerability, identified as CVE-2024-26925, stemmed from improper input sanitization, enabling a double-free exploit. His methodical approach, combining code auditing with creative exploitation techniques like Dirty Pagedirectory, achieved a 93–99% success rate across hardened kernel instances, including Ubuntu and Debian.

The kernelCTF Roller-Coaster

Kuan-Ting’s narrative shines as he recounts the emotional and competitive challenges of the kernelCTF program. He describes a series of near-misses: an initial exploit collided with another submission, a second was rendered unusable due to a configuration error, and a third lost a submission race by mere seconds. The turning point came when a competitor’s disqualification allowed Kuan-Ting to secure the bounty just before Google disabled nftables in the LTS instance on April 1, 2024. This gripping tale underscores the persistence required in high-stakes vulnerability research.

Lessons for Kernel Security

Concluding, Kuan-Ting reflects on the broader implications of his findings. He advocates for rigorous code auditing to complement automated fuzzing, as subtle logic errors can lead to potent exploits. His work, detailed in resources like the Google Security Research repository, encourages researchers to explore novel exploitation techniques while urging kernel maintainers to strengthen nftables’ defenses. Kuan-Ting’s success inspires the cybersecurity community to tackle complex subsystems with creativity and resilience.

Links:

• DEVCORE website
• Google Security Research repository