From announce at lists.nycbug.org Wed Mar 4 17:41:01 2026 From: announce at lists.nycbug.org (NYC*BUG Announcements) Date: Wed, 4 Mar 2026 17:41:01 -0500 Subject: [announce] Next NYC*BUG: Tonight! 2026-03-04 @ 18:45 local (23:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St Message-ID: Weird Code Injection Techniques on FreeBSD With libhijack.pdf remote presentation, Shawn Webb 2026-03-04 @ 18:45 local (23:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'. FreeBSD is a widely-used open source operating system, powering your Playstation 4 and 5, Netflix, Juniper devices, and many other devices. libhijack is a post-exploitation tool to make code injection easier. In as little as four lines of code, developers can inject a complete shared object into another process fully anonymously. libhijack makes it easy to force the target process to create new anonymous memory mappings, inject code into memory-backed file descriptors, and finally call fdlopen on the memfd. This presentation walks attendees through various methods in which to stealthily inject code into a target process - some of these methods are new variants of prior work and remain unique to libhijack. Shawn Webb is the co-founder of the HardenedBSD Project and the founding president of The HardenedBSD Foundation, a tax-exmpt not-for-profit 501?3 charitable organization in the US. While Shawn has a few decades of experience in infosec, both as a profession and a hobby, he considers himself a perpetual newb. He works for IOActive, an offensive security company, spending his time finding vulnerabilities in customer products. While working in the NSA?s backyard, he had the opportunity to be mentored by two interns - an experience that changed his life. He and his interns focused on the intersection of human rights and information security and cybersecurity. Shawn ?lattera? Webb also maintains a post-exploitation tool called libhijack. It makes runtime process infection and runtime function hooking for remote processes over the ptrace boundary incredibly simple on FreeBSD. -------------- next part -------------- An HTML attachment was scrubbed... URL: From announce at lists.nycbug.org Fri Mar 13 13:03:32 2026 From: announce at lists.nycbug.org (NYC*BUG Announcements) Date: Fri, 13 Mar 2026 13:03:32 -0400 Subject: [announce] Next NYC*BUG: April 1st. With MWL! Honestly! Message-ID: Believe it or not, we were able to convince Michael W. Lucas to give the April 1st talk for NYC*BUG. His talking entitled : "What's Changed Since The Last Time I Came this Way: a talk that was supposed to be about OpenZFS." Details to follow. From announce at lists.nycbug.org Mon Mar 30 20:58:34 2026 From: announce at lists.nycbug.org (NYC*BUG Announcements) Date: Mon, 30 Mar 2026 20:58:34 -0400 Subject: [announce] Wednesday NYC*BUG Michael W Lucas Message-ID: What's Changed Since The Last Time I Came this Way - a talk that was supposed to be about OpenZFS, Michael W Lucas 2026-04-01 @ 18:45 local (22:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'. Michael W Lucas and Allan Jude are busy working on a new OpenZFS book, which means not only documenting everything that?s changed in the last 12 years but discovering everything that they got wrong the first time. The quest for accuracy has taken Lucas deep into mailing list archives, Usenet, VAX installation manuals, the Kremlin?s first Internet connection, the United Nations? effort to merge the BSD projects, and the ULTRIX and S51K filesystems, and left MWL more convinced than ever that filesystems are nothing but a April Fools? prank. This hurriedly conceived and hastily assembled talk will update you on new OpenZFS features, but will also try to determine if it?s a good prank?or not. Michael W Lucas? name may ring a bell for some in the BSD community. He?s written several shelves of books. But for anyone who has seen him speak in public during Ante COVID days, it was clear they are mere transcriptions of his rambling presentations. For this NYC*BUG meeting, he is unlikely to edit out any of his expected corny jokes we endure during his conference presentations. More likely, you know his name from his grotesque horror fiction. In the same way his technical books are just transcriptions of his presentations, his fictionaal horror is just a simple reflection of someone who lives in a haunted house filled with (pet) rats in Detroit. Nearest NYC Subway is the 14th Street/Eighth Avenue station L, A, C, E. To get to the backroom, you must enter the front door, follow the long bar on your left, and walk all the way to the back. At the rear of the BrassMonkey, you will see an alcove for the 3 bathrooms our room is off to your right.