[RSS] unpacking iDRAC9/iDRAC10

https://trouble.org/?p=1467

You can circumvent clamonacc by placing your malware in directories with a pathlength greater than 1024 characters, which is perfectly valid on eg. ext4. The code provides 1024 bytes to readlink(), which will happily truncate the path when its longer than that. Afterwards clamav tries to open a nonexistant file.

@stf Several editors highlight "TODO" specifically, but I want a way to format custom sets of markers, possibly depending on the extension/project I'm working on. Another example is marking findings in my notes with different severity labels.

WinPE as a stateless harness for Windows driver testing and fuzzing https://bednars.me/blog/winpe-harness

Luma 1.1.0 comes with #radare2 shell, markdown renderer, sidebar listing modules and threads, improved disassembly and analysis features, much more solid colaboration ux and tons of bug fixes! https://github.com/frida/luma/releases/tag/1.1.0

@stf How does org-mode help with customizing highlighters?

@paniash @tarsius Good point, a simple regex-based highlighter would probably cover most of the use cases!

It’s not about the children, it’s about how monetize surveillance: demand the illiberal, stupid, self-defeating & impossible, & then criminalise the wrong people for circumvention
https://alecmuffett.com/article/161699
#AgeVerification #australia

side channel attacks per packet

Scales of the Universe:

Out Sun is five billion years old and will live another five billion.

A star with ten times the mass, lives some twenty million years, larger stars have an even shirter lifetime.

A star with half the mass of the Sun will live hundred billion years. Our universe is 13.7 billion years old -- the oldest low mass stars are not even past their teenage years yet.

#VicisAstro #astrodon #SciComm #astrophysics #astronomy

This year there’s no r2con. I mean, that was obvious because April’s CFP deadline passed a while ago, but it’s probably good to make it clear.

Organizing a physical or virtual event requires an energy that this year (at least) I prefer to use it for other stuff.

But also, because AI is reshaping the field and we need to redefine some rules to keep the vibe and quality of the contents.

A new opportunity to become a gatekeeper for open source: selling vulnerability analysis, deduplication, coordination and patching to commercial users.

That‘s what Chainguard and the Linux Foundation are trying to be. And they plan to use AI, of course. That will include patching and assigning CVEs.

My guess: upstream gets these AI patches „for free“ and is flagged if it does not take them.

A global LTS source distro, sitting between traditional distros and projects.

https://www.theregister.com/security/2026/06/27/its-looking-like-a-hot-messy-summer-for-security-teams-as-ai-finds-countless-previously-hidden-vulns/5260478

@eingemaischt right??

And that’s a wrap for the LHC sort of! Coming “soon” (2030ish), the HL-LHC.

This seem like a systemic reverse-centaur: you can't build "AI-driven inspection systems" with general-purpose LLMs, you can only use LLMs then validate *their* output with other, reliable[1] methods. Whoever decided to use LLMs like that is unfit for the job.

[1] ML-based image classification, trained on a very narrow set of labeling data can be more reliable than a human. Try to achieve the same numbers with LLMs, I'll wait!

RE: https://aus.social/@perkinsy/116825631938165912

The Deadliest Design Mistakes in History

https://www.youtube.com/watch?v=uFbxUPbZovM

We can't stop here, this is .BAT country!

Interesting experiment: #ReverseEngineering Windows Defender with different LLMs:

Deepseek:
https://blog.deeb.ch/posts/reversing-defender-deepseek/

Qwen:
https://blog.deeb.ch/posts/reversing-defender-qwen/

Opus:
https://blog.deeb.ch/posts/reversing-defender-opus/

[RSS] Linternals: The (Modern) Boot Process [0x01]

https://sam4k.com/linternals-the-modern-boot-process-part-1/

Did you know that Microsoft applied for a permit for a warehouse in southern Sweden - and once they had built the "warehouse" they declared they were going to host a datacenter there with diesel backup generators?

I mean, we hear this happening all the time and so let's hate on data centers, right?

The difference is that this is Sweden, and we don't accept that shit. They were not allowed to run their diesel generators, had to purchase battery power instead and in the end they closed the data center down since they couldn't win this fight.

That's how you deal with it.

(They are now using other datacenters in other locations in Sweden, fully compliant with the laws, with renewable energy and not using water for cooling as far as I can see)