👷 After 15 years of entrepreneurship and a few months of sabbatical I'm looking for a regular old job.

My ideal role would be primarily technical, aimed to dissect software to uncover vulnerabilities. Beyond bug mining I'd love to learn to mine better and make new kinds of pickaxes.

My public works and contact info are on my homepage:

https://scrapco.de

Get in touch if you want to know more!

Boosts are appreciated! #FediHire

lol, ok!

source:

https://www.youtube.com/watch?v=bzGuq97oROc

Slides like this will always have a special place in my heart! Source:

https://www.youtube.com/watch?v=goEb7eKj660

I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:

https://github.com/v-p-b/prefetch-lib

For dogfooding I exploited HEVD on Windows 11 24H2:

https://github.com/v-p-b/HEVD-prefetch

[oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract

https://www.openwall.com/lists/oss-security/2025/06/16/5

Exquisite bug!

I tried to improve on @carrot_c4k3 's work to bypass Windows KASLR with a prefetch side-channel. I summarized my results in a new blog post, spiced up with some geek art:

https://scrapco.de/blog/visualizing-prefetch-infoleaks-to-defeat-kaslr.html

@kajer

Make some noise!

This was the original version. While Adeptus Mechanicus clearly represents my general understanding of things, the Sister of Sororitas praying on a hill of skulls better captures my current mental state. #wh40k #IT #Windows

I have no idea why this works now and why it didn't work before...

Praise be the Omnissiah!

@Viss sauce plz

Had to make a proper GIF of this

@martinvermeer @oivaeskola

@david_chisnall @kenshirriff Just for the record, I find this part of AS/400 history pretty fascinating (from Inside AS/400, by Frank Soltis) :)

Would you?

@mttaggart or maybe giving RNGs full access to your repos is not a great idea?

@kimzetter Thank you! So DOGE still doesn't have the authority but lower-ranking staff basically obey their requests that don't align with cabinet secretaries or agency heads? Why don't they just go full-on Cheryll on these requests?

This could be us but you vibe coding

https://suberic.net/~dmm/projects/mystical/README.html

h/t @neauoire

What if humanity forgot how to make CPUs? by @lauriewired

https://threadreaderapp.com/thread/1922015999118680495.html