buherator
Posts
2541Following
620Followers
1360
buherator
buherator
#test
Show content
5 images, let's see how bsky (and my x-poster) handles this...
0
0
0
@algernon @cR0w hey, it seems browsers have a text2speech api built-in these days:
https://codepen.io/matt-west/pen/DpmMgE
this actually seems easier than I thought!
https://codepen.io/matt-west/pen/DpmMgE
this actually seems easier than I thought!
1
0
4
@molly0xfff also, this reply captures the X vibe perfectly:
4
1
12
buherator
buherator
Edited 6 days ago
This "analysis" by Wallarm - claiming active exploitation of CVE-2025-24813 Tomcat RCE - is wrong in multiple ways (maybe LLM slop?):
https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:
https://github.com/iSee857/CVE-2025-24813-PoC/
This PoC will raise the EPSS score too.
Edit: Wallarm published an update showing that exploit traffic was detected before a PoC was public. Problem is my writeup&PoC was published well before their detection :P
https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:
https://github.com/iSee857/CVE-2025-24813-PoC/
This PoC will raise the EPSS score too.
Edit: Wallarm published an update showing that exploit traffic was detected before a PoC was public. Problem is my writeup&PoC was published well before their detection :P
0
4
9
buherator
buherator
(De)Merit Badges
https://tested-store.com/collections/demerit-badges
I need something like these for the next #failnight!
https://tested-store.com/collections/demerit-badges
I need something like these for the next #failnight!
0
0
7
buherator
buherator
I used the Mastodon client hosted at brutaldon.org to connect to infosec.exchange with the elinks browser - the UI is...not great, but I guess it's just my terminal vs the default elinks configs :D
Anyway, you can ditch your uncool, sellout browsers and experience the Fediverse truly freely!
Anyway, you can ditch your uncool, sellout browsers and experience the Fediverse truly freely!
0
0
0
buherator
buherator
I think I should display this somewhere in a frame
https://youtu.be/My_13FXODdU?si=5l_PiCdfXbY3ohSx&t=540
https://youtu.be/My_13FXODdU?si=5l_PiCdfXbY3ohSx&t=540
1
2
4
buherator
buherator
@404mediaco The description is pretty vague and I don't have a supscription so I looked at the traffic: it seems the /api/offices/[id] endpoint is serving the "extra" messages. My educated guess is they forgot to restrict POST/PUT (which is actually pretty lame)...
1
2
3
buherator
buherator
I'm still looking for that brain activity sensor that someone used to make a propeller hat that spins faster when you think harder.
1
0
4