Posts
4244
Following
736
Followers
1632
"I'm interested in all kinds of astronomy."
repeated
repeated

CVE-2026-42980: Reversing and Exploiting the Windows Kernel WMI Underflow https://blog.grunt.ar/bin-exploitation/binary-gecko-academy/cve-2026-42980-wmi-underflow-en/

0
4
0
repeated

So @chompie1337 and I are on a mission to find creative artists who want to help design the cover for Phrack #73.

retro sci-fi & chrome futures
▸ cyberpunk / terminal aesthetics
▸ dystopian systems
▸ hacker manuals from an alternate timeline
▸ weird cool stuff and machines

Keen? Fancy helping?

📮 arts@phrack.org
⏰ Deadline: August 15

0
8
0
repeated

Show HN: Sx 2.0 – Share AI skills with your team through a Dropbox folder

Wait a moment. Aren't "AI" "skills" just markdown files in a skills directory? So to share them through Dropbox, you'd... drop them in your dropbox folder? And doing so needs a tool? What happened to cp? Or selecting files with your mouse, right click, copy, and paste it somewhere? Or I dunno, any of the myriad ways you can get files from one place to another on the same computer?

Oh, right, yes. We do not touch computers anymore. We let our agents do that! Right, right, sorry. I got left behind y'know, still have this mushy thing in my skull, so sorry. I'll try to use it less  to keep up with "progress".

#algernonReviewsHackerNews

3
1
0
On the bright side now I *think* I figured out why the documented process fails, and now that I understand the problem better I know how to solve it correctly.

Now I'm entering the "How Could This Ever Work?!" phase.

#fail
0
0
3
This is pretty cool: AI conference prompt injects chatbots to watermark their output in order to catch reviewers who use LLM for peer review:

https://pivot-to-ai.com/2026/07/10/neurips-conference-ai-cheats-outraged-they-got-caught/

/via @pivot-to-ai.com
0
5
0
repeated

First batch of 44CON 2026 tickets are available now.

These are the lowest-priced tickets we'll offer.

Prices go up with each batch, so if you want in early, now is the time...

Get yours: https://44con.com/product/44con-2026-ticket/

0
3
0
repeated

A little bit on machine-id from a friend:

https://ransomware.sh/posts/machine-id/

,

3
3
0
In case you haven't figured it out already: meming is my coping mechanism
4
17
46
repeated

today on MALtv 😢

0
4
0
repeated

Default deny

I'll open by saying that I'm not anti-AI. I think it can be a net positive. Take my own profession, information security: the world is worse off because most code out there hasn't been looked at by a security engineer. LLMs can automate finding security bugs, so we can get better software for less.

But then, I have to square this with the fact that one of the first casualties of AI were “bug bounty” programs that paid people to report security flaws. LLMs could produce plausibly-sounding reports long before they could find real bugs. Unscrupulous “researchers” figured out they could extract money from the 5-10% of vendors who were not paying attention by slop-bombing us all and wasting everyone’s time.

When it comes to social media, there’s a similar dynamic at play. Human writing, good or bad, was inherently rate-limited; LLM output is not. If someone spent hours or days writing an article, it clearly mattered to them and I could spare minutes of my time to read and engage. For LLM output, this no longer holds. There’s an infinite supply of content entirely disconnected from the human condition that still demands your attention and time.

In contrast to infosec, social media engagement isn’t utilitarian: you gain nothing if you read 1,000 machine-generated opinion pieces a day. Promoters say that it shouldn’t matter who or what is doing the writing — you should only ask if the output is good. To me, quality is secondary. I come here to talk to humans, not to yell into the probabilistic token-void.

Yes, there are rare exceptions, there are people who use LLMs as an assistive technology, and so on. But in 99% of the cases, if you couldn’t be bothered to write it, I won’t bother to read it. Default deny.

7
9
0
repeated

Micropatches released for Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-20871)
https://0patch.com/blog/micropatches-released-for-desktop-window-manager-elevation-of-privilege-vulnerabi

1
4
0
@infoseclogger been there when the CISO who ordered the gig started to create users for initial access like red.team1, red.team2...
1
0
0
repeated

"Everything sucks and it's all connected" w/ @adz and @tbernard @ Localfirst Conf

0
3
0
[RSS] LIEF v1.0.0: Brand-new Runtime API and DWARF/PDB -> C/C++ generation!

https://lief.re/blog/2026-07-13-lief-1-0-0/
0
2
1
[RSS] Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)

https://blog.amberwolf.com/blog/2026/july/dell-bios-passwords-weak-xor-encryption-allows-recovery-from-spi-flash-cve-2026-40639/
0
1
2
@wirepair A major difference between old/new-school hacking is "how to get the boxes" vs. "which boxes to open" :)
0
0
1
repeated
repeated

In response to a request from me the have released records relating to late 90s group milw0rm. Additional records not included in this Vault release were located by the FBI and I have requested these be processed for potential release as well.
https://vault.fbi.gov/milw0rm/milw0rm-final/view

3
6
0
Show older