In this video, I'm analyzing a really confusing dialog on macOS. Let's dig a bit deeper into what it should do and what it's actually doing. #reverseengineering
Recently I switched my music experience from SoundCloud to Bandcamp. I went through my playlists, albums and likes and bought matching tracks on Bandcamp.
At some point I want to delete my SoundCloud account. As they do not offer a data export feature (against GDPR) I created this project to make the export: https://codeberg.org/janikvonrotz/export-soundcloud-data
#SoundCloud #BandCamp #BandCampFriday #stopUsingSpotify #StopUsingSoundCloud #Data #datahoarder #archiving
@vosje62 @buherator Here is a compendium of pain points. Additions welcome: https://berthub.eu/articles/posts/what-the-open-world-must-do-better/
On the ethical obligation to use LLMs for vulnerability research: https://addisoncrump.info/research/a-horrible-conclusion/
Interesting links of the week:
Strategy:
* https://x-c3ll.github.io/posts/Rant-Red-Team/ - @XC3LL talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card
Threats:
* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - @greynoise discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - @rapid7's excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)
Detection:
* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - @zeek discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - @jmhill describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of @huntress's excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - @da_667's survivors guide to @suricata
Bugs:
* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - @index continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw
Exploitation:
* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ - leaking Signal IDs from @sj
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
* https://secure.dev/securing_ggml_rpc.html - attack and defend on GGML
Hard hacks:
* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon
Hardening:
* https://itsfoss.com/news/amutable-linux-security/ - @pid_eins triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked
Friendly reminder that Binary Ninja aarch64 disassembler is freaking awesome! I need to finish my soft fork of it but I love this one, and it's so fast :-]
https://github.com/Vector35/binaryninja-api/tree/dev/arch/arm64/disassembler
i do not value your privacy, which is why my website does not have any trackers on it what so ever. i have positively no idea if any human being besides myself has ever actually opened my website. your privacy is worth zero dollars to me. you couldn't even pay me to take it away.
RE: https://infosec.exchange/@BleepingComputer/116024815101538859
Such a great example of how one vulnerability can lead to discovering a ton more based almost purely on visibility. I found this 2 days after the first SmarterMail vuln. Three other researchers had identified the bug and reported it, and we only discovered the research collision when they asked us to reserve a CVE.
Under analyzed software vulnerability clustering is really interesting.
Update: Lacking any evidence that Signal considers sender consistency a security sensitive property - and given the limited impact I decided to just report this as a UI bug.
tl;dr you can trivially make signal polls that only members using Signal Desktop group can see/interact with/react to.
This allows you to basically hide messages from certain other members. Not great in principle, not very useful in practice. Might have it's uses when combined with other vectors.
I could go into history here, but suffice it to say: if someone tries to explain Class A, Class B, or Class C addresses to you, plug your ears and scream at them not to contaminate your brain with information obsoleted more than two decades ago.