#ToddlerDnD Wild Magic:

Verbal component: "Now I finally have some time to get back to my hobbies!"

Effect: Immediate routine breaking event selected from the random table below with a D12 roll

1. Ear infection
2. Tonsillitis
3. Head lice
4. PTA conflict
5. Skipping naps
6. Family holiday
7. Ear infection again
8. The poops
9. Can't sleep won't sleep
10. Childhood illness
11. Kindergarten break
12. More lice

#DnD #parenting

Unlocking secret ThinkPad functionality for emulating USB devices:

https://xairy.io/articles/thinkpad-xdci

#reverseengineering #informationsecurity #hardware #hacking #infosec #cybersecurity

There’s a new entry in our #Rust tool suite designed to assist with #reverseengineering and #vulnerabilityresearch against binary targets!

Oneiromancer by @raptor uses the locally running aidapal LLM by @atredis to analyze and improve #IDA pseudo-code.

https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm

High level diff of iOS 18.5 beta 1 vs. iOS 18.5 beta 2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_5_22F5042g__vs_18_5_22F5053f/README.md

The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.

writeup: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./

PR to impacket:
https://github.com/fortra/impacket/pull/1947/files

Ray of Sickness, #ToddlerDnD edition:

Casting time: immediate
Range: the whole family
Components: verbal
Duration: the next 2 weeks
Verbal components that automatically cast this spell:

"Hey, we haven't been sick for almost a week!"

"Only two more days and we are visiting Grandma!

"Yes, we are going to the birthday party this weekend!"

"It has been rough, but I finally booked that weekend getaway we have been planning!"

"I have a very important meeting tomorrow."

#parenting #DnD

A Tricky Commodore PET Repair and a Lesson About Assumptions

https://hackaday.com/2025/04/14/a-tricky-commodore-pet-repair-and-a-lesson-about-assumptions/

After discovering that digital braille readers can cost up to $20,000, a 14-year-old boy named Yash Mehta has created his own version for less than $50.

He is in the ninth grade and has a passion for engineering and helping others.

https://www.forbes.com/sites/kevinanderton/2024/11/30/14-year-old-boy-invents-digital-braille-reader-and-wins-3500/

I have a question for people who understand COMPILERS.

So the cross-platform standard for storing symbol information seems to be DWARF.

Are there limitations on what kinds of systems one can generate DWARF files for? Say I'm targeting an exotic platform— generating an NES ROM or making a compiler for an 8-bit microcomputer. Can I just haul off and make a DWARF for that? Would existing retrocomputing tooling, like I don't know if there are existing NES debuggers, support loading such a DWARF?

Made a proof-of-concept for CVE-2024-53104 (the USB webcam overflow). Causes a kernel oops for a read of 0x0041414141414141:

https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py https://gist.github.com/zhuowei/e489b14c3fdb807cb964d105521fb354

I followed Amnesty International’s analysis from https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/ and made an emulated USB device with raw-gadget and Facedancer. It worked on the first try, at least in my virtual machine/virtual USB port…

Learning Linux Kernel Modules Using COM Binary Support

https://hackaday.com/2025/04/13/learning-linux-kernel-modules-using-com-binary-support/

🚨 Calling all Chromium developers and fans! 🚨

Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.

Contribute to repos like chromium, v8, Skia, and more!
🖥️ Payment via GitHub Sponsors.

Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md

#Chromium #BugBounty #OpenSource #DeveloperCommunity

Why 40,000 People Die for Every 1% Increase in Unemployment - The Big Short

https://www.youtube.com/watch?v=_XgU6ZT1QDk

Companies are refusing to hire or even laying off plumbers because hucksters backed by massive unicorn-chasing investment money told them they can build plumbing faster and cheaper out of cardboard.

A few years from now, there’s going to be a hell of a market for people who can replace cardboard toilets with real ones.

And also for people who can replace carpets. And walls and floors.

This is a post about LLM-generated code.

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 004f2a10

tls_post_process_client_hello

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=light

https://www.synacktiv.com/en/publications/ios-184-dlsym-considered-harmful

I got weird crash for a while on strcmp when using Frida on macOS for some system processes, so I guess this is the root cause…

We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab in partnership with @ostifofficial and commissioned by the @sovtechfund.

Learn more: https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/