Control Dependence Graph and Data Dependence Graph

  • Haco
  • November 22, 2025
  • 3 min read

A Control Dependence Graph (CDG) and a Data Dependence Graph (DDG) are essential tools in computer science, particularly in compiler design and program analysis. They represent the dependencies between different parts of a program's code, but they focus on two distinct types of relationships. Control Dependence Graph (CDG) A Control Dependence Graph illustrates how the execution of a statement is controlled by a conditional branching statement. In simpler terms, a statement is control-dependent on a conditional if the outcome of that conditional determines whether the statement will be executed. Nodes in a CDG represent the…

WordPress site Migration from CentOS7 to Ubuntu24

  • Haco
  • November 22, 2025
  • 4 min read

Phase 1: Preparation on CentOS 7 (Source Server) First, you need to back up your data. Log in to your CentOS server via SSH. 1、Backup the DatabaseRun this command to export your database to a SQL file.(Replace db_name, db_user with your actual database details) mysqldump -u db_user -p db_name > wordpress_backup.sql 2、Backup WordPress FilesCompress your website files into a single archive to make the transfer easier.(Assuming your site is at /var/www/html or /usr/share/nginx/html) tar -czf wordpress_files.tar.gz /var/www/html Phase 2: Setup Ubuntu 24.04 (Destination Server) Log in to your new Ubuntu 24.04 server. You need…

How to reset ZeroTier moon node

  • Haco
  • November 22, 2025
  • 4 min read

ZeroTier Installation ZeroTier provides a script that detects your OS, adds the correct GPG keys and repositories, and installs the package for you. # Install curl (if missing): sudo apt update && sudo apt install curl -y # Run the install script: curl -s https://install.zerotier.com | sudo bash # Check Status: sudo zerotier-cli status # Enable on Boot: sudo systemctl enable zerotier-one Deorbit obsolete Moon Node To check if your client is connected to a Moon node and to remove it ("de-orbit"), follow these steps. sudo zerotier-cli listpeers…

Keynote: Perspectives on Trust in Hardware Supply Chains

  • Haco
  • September 30, 2025
  • 3 min read

This talk, titled "Keynote: Perspectives on Trust in Hardware Supply Chains" [] by Bunny Huang, discusses the complexities and vulnerabilities within hardware supply chains. Key points from the talk include: Diversification and Simplification: In chaotic times, it's beneficial to diversify by having multiple, hyper-efficient locations rather than centralized single points of failure. Simplifying business processes and legal contracts can reduce complexity and improve understanding for everyone involved []. Trust in Hardware: The speaker suggests moving the "root of trust" or "source of truth" into hardware, such as using…

Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

  • Haco
  • September 25, 2025
  • 3 min read

In the "Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots" talk by Black Hat, Ellen Scott discusses the increasing ubiquity of Generative AI chatbots and the security incidents that can arise from their misuse. The talk outlines three main incident scenarios and provides a playbook for investigation and response []. Here's a summary of the key takeaways: Chatbot Risk Classification []: Low Risk: Chatbots providing general information (e.g., a weather chatbot). Incidents primarily involve brand damage, like a chatbot giving Taylor Swift-themed weather reports…

Running the “Reflections on Trusting Trust” Compiler

  • Haco
  • September 9, 2025
  • 26 min read

Supply chain security is a hot topic today, but it is a very old problem. In October 1983, 40 years ago this week, Ken Thompson chose supply chain security as the topic for his Turing award lecture, although the specific term wasn’t used back then. (The field of computer science was still young and small enough that the ACM conference where Ken spoke was the “Annual Conference on Computers.”) Ken’s lecture was later published in Communications of the ACM under the title “.” It is a classic paper, and a…

Microarchitecture Vulnerabilities: Past, Present, and Future

  • Haco
  • September 4, 2025
  • 1 min read

Past Present Logic Issues Exploitation Techniques Physical Domain in Software Mitigation Efforts Physical hardware cannot be changed in the field Vendors build in "Survivability features" Microcode is the most common used tool for mitigations Other firmware is also used "Chicken bits" to disable / change behavior Some issues are best mitigated in software Mitigations are not always possible/reasonable and almost difficult and time-consuming to engineer Prevention Pre-silicon Post-silicon Future Take Aways

SysBumps: Exploiting Speculative Execution in System Calls

  • Haco
  • September 2, 2025
  • 3 min read

The video presents an attack technique called SysBumps, demonstrated by researchers Hyerean Jang, Taehun Kim, and Youngjoo Shin at Black Hat Europe 2024. Here’s what it’s about: What SysBumps DoesSysBumps breaks Kernel Address Space Layout Randomization (KASLR) on macOS systems running on Apple Silicon, including M-series chips. It uses speculative execution within system calls, triggering side-channel behaviors that allow an unprivileged attacker to detect kernel memory layout. How the Attack WorksBy system calls that involve speculative execution, attackers can influence the translation lookaside buffer (TLB). This manipulation allows…

Bypassing ARM’s Memory Tagging Extension with a Side-Channel Attack

  • Haco
  • September 2, 2025
  • 2 min read

This explains a research project on how to bypass ARM's Memory Tagging Extension (MTE), a hardware feature designed to prevent memory corruption vulnerabilities. Here are the key takeaways: ARM MTE: MTE works like a "lock and key" system. Pointers have a "key" (a 4-bit tag) and memory objects have a "lock" (also a 4-bit tag). If the key and lock don't match when a pointer tries to access memory, the program will crash, preventing an attack. The Challenge: The tags are randomly generated, making it difficult for an…

Uncovering Supply Chain Attack with Code Genome Framework

  • Haco
  • September 2, 2025
  • 2 min read

This talk from IBM Research focuses on using AI and machine learning to combat supply chain attacks. The presenters highlight the increasing lack of trust in software due to major security breaches like the XZ backdoor. Here are the key takeaways: The Problem: There's a "semantic gap" between what code is expected to do and what it actually does. This gap is exploited in supply chain attacks where malicious code is hidden in software updates or open-source projects. The Solution: The researchers introduce the "Code Genome Framework," an…