"You should be able to talk to your PC"[1]

^ This is a fundamental misunderstanding that reminds me (again) of one of my favorite failed experiments of '90s internet: the online 3D shopping center.[2]

C-levels of the time spared no expense to build a complete VRML model of a shoping center in the browser, where you could walk around, take the escalator for a better view on the virtual fountain or even rent a virtual space for your goods.

What the inventors didn't understand is that of course people don't go to the mall to use the escalator, but to buy stuff.

Online banking, shopping, etc. became popular even over phone-based services because people realized that clicking on stuff is more effective than talking (and walking).

Chatbots are the 3D escalators of todays technology.

[1] https://www.theverge.com/report/822443/microsoft-windows-copilot-vision-ai-assistant-pc-voice-controls-impressions
[2] https://web.archive.org/web/20070610120220/https://index.hu/tech/net/plaza0607/

That progress bar...

When giving #infosec advice it's easy to forget that the average person probably only knows about Uniform Resource Locators and the Domain Name System.

And Public Key Infrastructure of course.

VSCode doesn't know the powers I possess!

"Last week the @FFmpeg account began taunting security researchers. Foolish thing to do, as it ignores the asymmetry of their attack surface vs ours.

So as an exercise I found a stack-based buffer overflow on software that he wrote." - @ortegaalfredo

https://threadreaderapp.com/thread/1991974275532636263.html

Normally I'm all for these stunts, but this one...

#select goes brrrr....

Thanks @pancake for the swag!

User-friendly GUI: please provide command line parameters in this text box!

Me, knowing that one of the characters will need escaping:

@david_chisnall @j Wait people refuse to use services if they don't have *stickers*??

@mttaggart I accidentally made this gif this morning before shit went down

https://apnews.com/article/japan-softbank-son-nvidia-ai-chips-d8a10172850628c317a214280a4d94c9

This article highlights how much control endpoint security vendors have over customer machines, and transitively over companies and maybe even nations:

https://www.huntress.com/blog/rare-look-inside-attacker-operation

You only install this stuff, because you trust the vendor (and their government, etc.). Or not, see Kaspersky vs. US.

#AntiVirus #EDR #HackBack

/me after a chill Sunday with #IDAPython

I'm now basically doing this out of spite.

I'm old enough to remember years ago comrades predicting the inevitable fall of software and services which work just fine today.

@freddy The Machine Spirit only accepts such an invocation if you first offer the sacrifice of debugging.

As a result of working on r4ghidra I set the ambitious goal to create REshare, an exchange format for #ReverseEngineering tools:

https://github.com/v-p-b/reshare/

The code is still in its early days (literally) but the fact that it works with complex, real life binaries tells me that this goal is worth pursuing.

I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!

My talk about integrating #ReverseEngineering tools is to be broadcasted in a couple of hours for #r2con2025:

https://rada.re/con/2025/

I'll release a ton of code and will be around on Discord for questions and comments.

Thanks to @disasmwinnie now you'll lose a bit less hair when testing Oracle Forms:

https://github.com/silentsignal/oracle_forms/pull/3#issuecomment-3434380477

#pentesting

This website just made my day, what a beauty! 😍

https://undocumented.ntinternals.net/

@algernon @tauon