The Deadliest Design Mistakes in History

https://www.youtube.com/watch?v=uFbxUPbZovM

We can't stop here, this is .BAT country!

Interesting experiment: #ReverseEngineering Windows Defender with different LLMs:

Deepseek:
https://blog.deeb.ch/posts/reversing-defender-deepseek/

Qwen:
https://blog.deeb.ch/posts/reversing-defender-qwen/

Opus:
https://blog.deeb.ch/posts/reversing-defender-opus/

[RSS] Linternals: The (Modern) Boot Process [0x01]

https://sam4k.com/linternals-the-modern-boot-process-part-1/

Did you know that Microsoft applied for a permit for a warehouse in southern Sweden - and once they had built the "warehouse" they declared they were going to host a datacenter there with diesel backup generators?

I mean, we hear this happening all the time and so let's hate on data centers, right?

The difference is that this is Sweden, and we don't accept that shit. They were not allowed to run their diesel generators, had to purchase battery power instead and in the end they closed the data center down since they couldn't win this fight.

That's how you deal with it.

(They are now using other datacenters in other locations in Sweden, fully compliant with the laws, with renewable energy and not using water for cooling as far as I can see)

Reviewers noted that while Vim for Gameboy featured one of the deepest command systems on the platform, its soundtrack consisted primarily prolonged silence punctuated with occasional terrifying beeps.

I've been thinking for a while about creating customized #Markdown highlighting, e.g. making all "TODO" strings stand out in my notes.

Are there any tools/frameworks out there (esp. for #Vim / #Neovim ) that allow me to add new formatting rules on the top of existing highlighters?

In case you wondered, writing an article for @phrack is going great (I have 3 pages of disorganized notes, 7 IDA windows open, this diagram and 3 days to finish)

I just published the materials of my MIPS reverse engineering workshop from Recon, enjoy :) I've got this strange obsession with cross-architectural malware, and now you can too!

https://github.com/pinkflawd/MIPSReverseEngineeringWorkshop

back in the day, I used to give small tours of the Marin military bunkers and silos. people flew in for the RSA conference and I offered it as grounded antidote to the urban drinking/dining rapid consumption culture.

got me wondering about starting @BSidesColdWar that rotates around historic locations, with talks about mistakes of the past being here again now.

any interest?

each event could even have a patch...

@algernon Obviously you use another Android phone of record your Android phone!

https://rule11.tech/papers/2018-complexitysecuritysec-dullien.pdf

Interesting Git repos of the week:

Detection:

* https://github.com/hasamba/DFIR-Companion - incident support 🤖
* https://github.com/GyulyVGC/sniffnet - that packer smells kinda funny 👃

Bugs:

* https://github.com/0xHossam/UnCanny - the bullying of NTLM must stop!
* https://github.com/prdgmshift/usbliter8 - A12/A14 SecureROM exploit
* https://github.com/rub-softsec/onelogon - stealing AD creds via Netlogon
* https://github.com/bikini/exploitarium - fresh bugs today

Exploitation:

* https://github.com/MazX0p/LACUNA-Chain - build your own stack and profit
* https://github.com/Shac0x/Wonka - like picking LSASS's wallet for tickets
* https://github.com/netinvent/windows_tools - there's a snake coming through the window
* https://github.com/mitre/grid-watch - MITRE's CTID lab for OT 🤖

Hard hacks:

* https://github.com/datalocaltmp/Peepo - @datalocaltmp's primitive attacks on watchOS 🤖
* https://github.com/hacefresko/forticrack_v8 - unpack that Fortinet firmware

Data:

* https://github.com/idaholab/raven - tools for risk modeling

Development:

* https://github.com/uellenberg/Insert - you wanna write self modifying code? how about a language where it's a first class feature?

Nerd:

* https://github.com/maestro-os/maestro - a Linux-like kernel in Rust

#security, #research, #code

Are we there yet?
Version 1 - 27 June 2026

"The question: has AI-assisted vulnerability discovery become a genuinely new kind of offensive capability — or is it the same work as before, now automated and far cheaper?

The distinction decides the right policy response: a new capability class would justify containing it (export controls, deployment gates), while mere automation calls for absorbing it (defensive tooling, faster patching, hardening)."

https://tzafaar.codeberg.page/other/are-we-there-yet.html

What do you think?

Secret Panel HERE 🫂 https://patreon.com/mrlovenstein/posts/keeping-it-real-26175234

TIL a 9-year-old girl researched the decibel levels of public hand dryers after noticing her ears were ringing after using one. Nearly 4 years later, her research was accepted into the Canadian journal Paediatrics & Child Health, and Dyson planned to have her meet with an acoustic engineer.

https://abcnews.com/GMA/Wellness/13-year-girls-research-showing-hand-dryers-harm/story?id=64237013
#til #todayilearned
https://www.reddit.com/r/todayilearned/comments/1ufpr3g/til_a_9yearold_girl_researched_the_decibel_levels/

[RSS] What does it mean when the bottom bit of my HMODULE is set?

https://devblogs.microsoft.com/oldnewthing/20260619-00/?p=112447

New vulnerability report from Talos:

vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366

CVE-2026-22879

IDA 9.4 teasers continue with two new navigation features:
1️⃣ Jump Anywhere is now the default G dialog — search functions, names, types, and segments in one box with live previews.
2️⃣ Pathfinder, a new tool for asking "can this code reach that?" directly from the xref graph.

Read the blog for the full breakdown.
👉 https://hex-rays.com/blog/ida-9.4-smarter-navigation-and-quality-of-life-improvements

[RSS] Coverage bitmap [Build simple #fuzzer series]

https://carstein.github.io/rust/2026/06/07/coverage-bitmap.html