RE: https://mastodon.social/@bagder/116001950411560304

My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉

Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me

/cc @realhackhistory

Epstein and Steve Bannon discussing how to get spectrum boys^W^Whackers on their side as they are the "most powerful (dangerous) US group":

https://threadreaderapp.com/thread/2018146239716667744.html

Also, how to get Bannon to stage at DEFCON lol

One of many talks I missed for not going to #fosdem, happy to watch them online now! “ga68, the GNU Algol 68 compiler at FOSDEM 2026” — https://m.youtube.com/watch?v=42rOV7mBd1E

The cathartic effect of reverse engineering without a business objective should have its own therapy book.

Gen Alpha smashes the stack with "gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg"... (0x67676767)

One of our AI threat team pointed me at this:

https://zenodo.org/records/18444900

Interesting analysis of Moltshite.

#threatintel, #aislop

i made a version of wikipedia you can doomscroll
https://xikipedia.org/

[RSS] vr2jb: Pwning the PlayStation VR2 using Sony's hidden recovery mode

https://bnuuy.solutions/2026/02/01/ps-vr2-recovery-mode.html

Help needed: I'm writing a commissioned piece on getting business insurance for AI issues. Are you an expert I could quote on the topic? Do you know one? Please forward this around! Email is dgerard@gmail.com. Thank you!

[RSS] Pipe Dreams: Remote Code Execution via Quest Desktop Authority Named Pipe

https://www.netspi.com/blog/technical-blog/adversary-simulation/pipe-dreams-remote-code-execution-via-quest-desktop-authority-named-pipe/

[RSS] Notepad++ Hijacked by State-Sponsored Hackers

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

#REshare exporter for #BinaryNinja is getting into shape! A sane API and good documentation made a world of difference, but of course I found a bit in the type system that required some hacks :)

https://github.com/v-p-b/reshare

Code coming next week after some more testing.

#ReverseEngineering

According to the Epstein files, he had a "personal hacker" working for him. The FBI document says Epstein's personal hacker was an "Italian citizen born in Calabria who developed zero-day exploits and offensive cyber tools and sold the tools to governments."

https://www.justice.gov/epstein/files/DataSet%2010/EFTA01683874.pdf

"[Redacted] sold a zero-day to Hebollah. [Redacted] was known as the first person to hack and find vulnerabilities in Blackberries and iOS. He was known for finding Firefox vulnerabilities. [Redacted] former company was acquired by CrowdStrike in fall of 2017 and was currently a vice president there."

"S//NF= was very good at finding vulnerabilities was friends with "old school" European hackers. "Received a trunk of cash from Hezbollah when was in Italy; drove the money to Switzerland and deposited it in another ba [redacted]. [redacted] owned a theater company in California and he used the theater company to launder his zeroday money

"Made six figures from the sale of his zero-days. He sold his tools to United Kingdom GCHQ and provided training to the organization. He also sold his zero-days to a Central African government, as well as Hezbollah for political reasons. The Italian Government asked for help, but [redacted] declined because he felt the Government was incompetent. Calabria was mob-controlled an did not have much loyalty for his birth country.

"[Redacted] sold his exploits to the United States and United Kingdom, but he would not sell to Asian countries because he a is racist. He was also anti-Semitic. [Redacted] was terrified of Russia, however, and would never travel there. He lived in Dubai at one time, and was acquainted with the [redacted] lived in Oman as well. He may have an Iranian and Israeli passport, in addition to his Vatican City passport"

Looks likely the top commenter here is correct about "Epstein's hacker":

https://www.reddit.com/r/cybersecurity/comments/1qsi6ds/informant_told_fbi_that_jeffrey_epstein_had_a/

From a single tiny bug recursion creates infinite tiny bugs that eat your program whole.

@XC3LL Thanks for posting this, great to see someone has the guts to say the emperor is naked!

My 2c:
- Red Teams should be about the "difficult" things you mention at the end IMO. Spending resources on initial access is mostly pointless (from the client's perspective, finding 0d is always cool ofc) when a new blinky box exploit, leaked code signing cert, etc. is popping up every other week. IME many clients pay for (bad) initial access simulations because organizing assumed breach in-house is hard.
- A way to burst the bubbles you describe is to mandate scenarios based on real-world threat intel. But this works against intial access again, because RT's can't scale their R&D as black hats do (attack surface is clients vs the Internet).

RE: https://mastodon.social/@XC3LL/115990518822402879

Very valuable insight if you are into #redteaming

For researchers and those trying to disclose incidents responsibly or get help:

There is an international organization called FIRST.

From the FIRST Teams website:

"This is a list of the contact information for incident response teams participating in FIRST, the Forum of Incident Response and Security Teams. The teams are responsible for providing FIRST with their latest contact information for this page. The list is alphabetized by team name. All telephone numbers are preceded with the appropriate country code."

There are 829 teams listed. Some are government CERT teams, some are corporate incident response teams.

You might want to bookmark the site to speed up your attempt to contact these teams:

https://www.first.org/members/teams/#

#responsibledisclosure #incidentresponse #CERT

@cR0w Fursuits are a natural evolution to working in server rooms

I appear to have created a "sound card" for a 4-bit CPU.

As you do.

https://diyelectromusic.com/2026/01/31/td4-4-bit-sound/

#TD4 #SynthDIY

RE: https://diyelectromusic.com/?p=19735