#ToddlerDnD Wild Magic:
Verbal component: "Now I finally have some time to get back to my hobbies!"
Effect: Immediate routine breaking event selected from the random table below with a D12 roll
1. Ear infection
2. Tonsillitis
3. Head lice
4. PTA conflict
5. Skipping naps
6. Family holiday
7. Ear infection again
8. The poops
9. Can't sleep won't sleep
10. Childhood illness
11. Kindergarten break
12. More lice
Unlocking secret ThinkPad functionality for emulating USB devices:
https://xairy.io/articles/thinkpad-xdci
#reverseengineering #informationsecurity #hardware #hacking #infosec #cybersecurity
There’s a new entry in our #Rust tool suite designed to assist with #reverseengineering and #vulnerabilityresearch against binary targets!
Oneiromancer by @raptor uses the locally running aidapal LLM by @atredis to analyze and improve #IDA pseudo-code.
https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm
High level diff of iOS 18.5 beta 1 vs. iOS 18.5 beta 2 🎉
https://github.com/blacktop/ipsw-diffs/blob/main/18_5_22F5042g__vs_18_5_22F5053f/README.md
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.
writeup: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./
PR to impacket:
https://github.com/fortra/impacket/pull/1947/files
Ray of Sickness, #ToddlerDnD edition:
Casting time: immediate
Range: the whole family
Components: verbal
Duration: the next 2 weeks
Verbal components that automatically cast this spell:
"Hey, we haven't been sick for almost a week!"
"Only two more days and we are visiting Grandma!
"Yes, we are going to the birthday party this weekend!"
"It has been rough, but I finally booked that weekend getaway we have been planning!"
"I have a very important meeting tomorrow."
A Tricky Commodore PET Repair and a Lesson About Assumptions
https://hackaday.com/2025/04/14/a-tricky-commodore-pet-repair-and-a-lesson-about-assumptions/
After discovering that digital braille readers can cost up to $20,000, a 14-year-old boy named Yash Mehta has created his own version for less than $50.
He is in the ninth grade and has a passion for engineering and helping others.
This is not a subtoot, I just don’t want to hijack someone else’s post.
People are asking about the future of in-person academic conferences in the US now that <gesticulates> this. People who are unable or unwilling to travel are going to miss out.
This is not a new problem. People from some countries, notably in Africa, but also South and Southeast Asia, have found themselves arbitrarily denied entry to the US for decades.
People from geographically remote regions must pay significantly more for their longer-haul flights. [Why was WorldCon 2010 so tiny? It was in Melbourne.]
People with disabilities get to play all these games on the Extra Hard difficulty level.
Carers. Queer people. Immune compromised people. Single parents.
In-person conferences _already have been_ selecting against many groups of people.
I commend the organizers of conferences talking about how they are going to retain the attendees they’re accustomed to having, but I’d like them to give a thought to the many participants who have already been excluded.
I have a question for people who understand COMPILERS.
So the cross-platform standard for storing symbol information seems to be DWARF.
Are there limitations on what kinds of systems one can generate DWARF files for? Say I'm targeting an exotic platform— generating an NES ROM or making a compiler for an 8-bit microcomputer. Can I just haul off and make a DWARF for that? Would existing retrocomputing tooling, like I don't know if there are existing NES debuggers, support loading such a DWARF?
Made a proof-of-concept for CVE-2024-53104 (the USB webcam overflow). Causes a kernel oops for a read of 0x0041414141414141:
https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py https://gist.github.com/zhuowei/e489b14c3fdb807cb964d105521fb354
I followed Amnesty International’s analysis from https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/ and made an emulated USB device with raw-gadget and Facedancer. It worked on the first try, at least in my virtual machine/virtual USB port…
Learning Linux Kernel Modules Using COM Binary Support
https://hackaday.com/2025/04/13/learning-linux-kernel-modules-using-com-binary-support/
🚨 Calling all Chromium developers and fans! 🚨
Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.
Contribute to repos like chromium, v8, Skia, and more!
🖥️ Payment via GitHub Sponsors.
Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md
Why 40,000 People Die for Every 1% Increase in Unemployment - The Big Short
Companies are refusing to hire or even laying off plumbers because hucksters backed by massive unicorn-chasing investment money told them they can build plumbing faster and cheaper out of cardboard.
A few years from now, there’s going to be a hell of a market for people who can replace cardboard toilets with real ones.
And also for people who can replace carpets. And walls and floors.
This is a post about LLM-generated code.
Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 004f2a10
tls_post_process_client_hello
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=light
https://www.synacktiv.com/en/publications/ios-184-dlsym-considered-harmful
I got weird crash for a while on strcmp when using Frida on macOS for some system processes, so I guess this is the root cause…
We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab in partnership with @ostifofficial and commissioned by the @sovtechfund.
Learn more: https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/