Fair warning:

If you are a person involved in creating splash windows for first browser startup and we ever meet in person, I will hurt you.

Today's Tutorial [June 29, 2026]

Lesson 230: Hacking Windows Course (Chapter 27: Debugging WriteFile x86)

Dynamic reverse engineering analysis, debugging, the Windows API WriteFile function in x86 Assembly.

#STEM #Windows #ReverseEngineering

https://github.com/mytechnotalent/Reverse-Engineering

Did you wake up today thinking "gosh, I wonder what's the difference between semantic and syntactic entailment?" If yes, I have great news!

This is the latest in my series of articles meant to explain the foundations of math in an accessible way. My inspiration is looking at Wikipedia and then trying the opposite.

https://lcamtuf.coredump.cx/blog/logic/

As promised, the stallman copypasta being read out in the nude (with my adorable british accent, as it's recently been called) https://fansly.com/post/927628617683320837

It's also pinned on my onlyfans if you're on there

@stf The main issue that I don't plan to move to Emacs, although I'm sure org-mode can do literally *everything* (khm..Unix philosophy...khm) :D

GDB is the Swiss Army knife of Linux & embedded debugging. Learn breakpoints, stepping & memory inspection: fast and hands-on. Debuggers 1012: Introductory GDB https://ost2.fyi/Dbg1012

AFL++ 5.02c release! important bugfix release for persistent fuzzing mode. New afl-health tool, C11 guidance instrumentation (helps coverage!). https://github.com/AFLplusplus/AFLplusplus/releases/tag/v5.02c #fuzzing #afl

AI guardrails will always fail. NIST just proved it mathematically https://www.covertswarm.com/post/ai-guardrails-will-fail-nist-mathematical-proof

I wish all live gig MCs a very merry Shut The Fuck Up

New directory traversal CVE!
CVE-2026-45390
n/a - n/a
In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the desired extraction directory (to an attacker that can reach a tar decompression endpoint).

@brouhaha This sounds strangely similar to the no-search fedi crowd...

Do excellent vulnerability reports

It is time for me to try to help future reporters by providing a short guide on how to submit a truly excellent vulnerability report to an Open Source project.

https://daniel.haxx.se/blog/2026/06/29/do-excellent-vulnerability-reports/

Hey, are you interested in implementing cryptography using C and Rust?

The Firefox Cryptography Engineering team is #hiring for TWO Senior Software Engineers.

Remote in Canada or any of the European countries where Mozilla has an entity: Germany, France, UK, Finland, Belgium, Spain, Netherlands or Sweden

Apply here!
- Europe: https://www.mozilla.org/en-US/careers/position/gh/8016848/
- Canada: https://www.mozilla.org/en-US/careers/position/gh/8016824/

Reach out if you have questions. It's not my team but I have some background info :)

#fedihire #jobs

[RSS] unpacking iDRAC9/iDRAC10

https://trouble.org/?p=1467

You can circumvent clamonacc by placing your malware in directories with a pathlength greater than 1024 characters, which is perfectly valid on eg. ext4. The code provides 1024 bytes to readlink(), which will happily truncate the path when its longer than that. Afterwards clamav tries to open a nonexistant file.

@stf Several editors highlight "TODO" specifically, but I want a way to format custom sets of markers, possibly depending on the extension/project I'm working on. Another example is marking findings in my notes with different severity labels.

WinPE as a stateless harness for Windows driver testing and fuzzing https://bednars.me/blog/winpe-harness

Luma 1.1.0 comes with #radare2 shell, markdown renderer, sidebar listing modules and threads, improved disassembly and analysis features, much more solid colaboration ux and tons of bug fixes! https://github.com/frida/luma/releases/tag/1.1.0

@stf How does org-mode help with customizing highlighters?

@paniash @tarsius Good point, a simple regex-based highlighter would probably cover most of the use cases!