Posts
2591
Following
625
Followers
1394
"I'm interested in all kinds of astronomy."
repeated

Wild Magic:

Verbal component: "Now I finally have some time to get back to my hobbies!"

Effect: Immediate routine breaking event selected from the random table below with a D12 roll

1. Ear infection
2. Tonsillitis
3. Head lice
4. PTA conflict
5. Skipping naps
6. Family holiday
7. Ear infection again
8. The poops
9. Can't sleep won't sleep
10. Childhood illness
11. Kindergarten break
12. More lice

1
2
0
repeated
repeated

There’s a new entry in our tool suite designed to assist with and against binary targets!

Oneiromancer by @raptor uses the locally running aidapal LLM by @atredis to analyze and improve pseudo-code.

https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm

0
3
0
repeated
Multiple Eclipse ThreadX NetX Duo HTTP server vulnerabilities by Talos:

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2104
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2105
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2098

CVE-2025-0728, CVE-2025-2258, CVE-2025-0727, CVE-2025-2259, CVE-2025-0726, CVE-2025-2260

/via @talosvulns
1
2
2
repeated

The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.

writeup: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./

PR to impacket:
https://github.com/fortra/impacket/pull/1947/files

0
5
0
repeated

Ray of Sickness, edition:

Casting time: immediate
Range: the whole family
Components: verbal
Duration: the next 2 weeks
Verbal components that automatically cast this spell:

"Hey, we haven't been sick for almost a week!"

"Only two more days and we are visiting Grandma!

"Yes, we are going to the birthday party this weekend!"

"It has been rough, but I finally booked that weekend getaway we have been planning!"

"I have a very important meeting tomorrow."

1
3
1
repeated
repeated

After discovering that digital braille readers can cost up to $20,000, a 14-year-old boy named Yash Mehta has created his own version for less than $50.

He is in the ninth grade and has a passion for engineering and helping others.

https://www.forbes.com/sites/kevinanderton/2024/11/30/14-year-old-boy-invents-digital-braille-reader-and-wins-3500/

1
12
0
repeated
US travel, in-person conferences
Show content

This is not a subtoot, I just don’t want to hijack someone else’s post.

People are asking about the future of in-person academic conferences in the US now that <gesticulates> this. People who are unable or unwilling to travel are going to miss out.

This is not a new problem. People from some countries, notably in Africa, but also South and Southeast Asia, have found themselves arbitrarily denied entry to the US for decades.

People from geographically remote regions must pay significantly more for their longer-haul flights. [Why was WorldCon 2010 so tiny? It was in Melbourne.]

People with disabilities get to play all these games on the Extra Hard difficulty level.

Carers. Queer people. Immune compromised people. Single parents.

In-person conferences _already have been_ selecting against many groups of people.

I commend the organizers of conferences talking about how they are going to retain the attendees they’re accustomed to having, but I’d like them to give a thought to the many participants who have already been excluded.

1
10
0
[Full-Disclosure] [CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

https://seclists.org/fulldisclosure/2025/Apr/17
0
0
0
repeated

I have a question for people who understand COMPILERS.

So the cross-platform standard for storing symbol information seems to be DWARF.

Are there limitations on what kinds of systems one can generate DWARF files for? Say I'm targeting an exotic platform— generating an NES ROM or making a compiler for an 8-bit microcomputer. Can I just haul off and make a DWARF for that? Would existing retrocomputing tooling, like I don't know if there are existing NES debuggers, support loading such a DWARF?

2
3
0
repeated

Made a proof-of-concept for CVE-2024-53104 (the USB webcam overflow). Causes a kernel oops for a read of 0x0041414141414141:

https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py https://gist.github.com/zhuowei/e489b14c3fdb807cb964d105521fb354

I followed Amnesty International’s analysis from https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/ and made an emulated USB device with raw-gadget and Facedancer. It worked on the first try, at least in my virtual machine/virtual USB port…

0
10
0
repeated
repeated

🚨 Calling all Chromium developers and fans! 🚨

Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.

Contribute to repos like chromium, v8, Skia, and more!
🖥️ Payment via GitHub Sponsors.

Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md

0
3
0
Edited 2 days ago

Why 40,000 People Die for Every 1% Increase in Unemployment - The Big Short

https://www.youtube.com/watch?v=_XgU6ZT1QDk

0
0
2
repeated

Companies are refusing to hire or even laying off plumbers because hucksters backed by massive unicorn-chasing investment money told them they can build plumbing faster and cheaper out of cardboard.

A few years from now, there’s going to be a hell of a market for people who can replace cardboard toilets with real ones.

And also for people who can replace carpets. And walls and floors.

This is a post about LLM-generated code.

10
15
0
repeated
repeated
Edited 4 days ago

https://www.synacktiv.com/en/publications/ios-184-dlsym-considered-harmful

I got weird crash for a while on strcmp when using Frida on macOS for some system processes, so I guess this is the root cause…

1
2
0
repeated

We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab in partnership with @ostifofficial and commissioned by the @sovtechfund.

Learn more: https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/

0
5
0
Show older