I just published the materials of my MIPS reverse engineering workshop from Recon, enjoy :) I've got this strange obsession with cross-architectural malware, and now you can too!
back in the day, I used to give small tours of the Marin military bunkers and silos. people flew in for the RSA conference and I offered it as grounded antidote to the urban drinking/dining rapid consumption culture.
got me wondering about starting @BSidesColdWar that rotates around historic locations, with talks about mistakes of the past being here again now.
any interest?
each event could even have a patch...
Interesting Git repos of the week:
Detection:
* https://github.com/hasamba/DFIR-Companion - incident support π€
* https://github.com/GyulyVGC/sniffnet - that packer smells kinda funny π
Bugs:
* https://github.com/0xHossam/UnCanny - the bullying of NTLM must stop!
* https://github.com/prdgmshift/usbliter8 - A12/A14 SecureROM exploit
* https://github.com/rub-softsec/onelogon - stealing AD creds via Netlogon
* https://github.com/bikini/exploitarium - fresh bugs today
Exploitation:
* https://github.com/MazX0p/LACUNA-Chain - build your own stack and profit
* https://github.com/Shac0x/Wonka - like picking LSASS's wallet for tickets
* https://github.com/netinvent/windows_tools - there's a snake coming through the window
* https://github.com/mitre/grid-watch - MITRE's CTID lab for OT π€
Hard hacks:
* https://github.com/datalocaltmp/Peepo - @datalocaltmp's primitive attacks on watchOS π€
* https://github.com/hacefresko/forticrack_v8 - unpack that Fortinet firmware
Data:
* https://github.com/idaholab/raven - tools for risk modeling
Development:
* https://github.com/uellenberg/Insert - you wanna write self modifying code? how about a language where it's a first class feature?
Nerd:
* https://github.com/maestro-os/maestro - a Linux-like kernel in Rust
Are we there yet?
Version 1 - 27 June 2026
"The question: has AI-assisted vulnerability discovery become a genuinely new kind of offensive capability β or is it the same work as before, now automated and far cheaper?
The distinction decides the right policy response: a new capability class would justify containing it (export controls, deployment gates), while mere automation calls for absorbing it (defensive tooling, faster patching, hardening)."
https://tzafaar.codeberg.page/other/are-we-there-yet.html
What do you think?
Secret Panel HERE π« https://patreon.com/mrlovenstein/posts/keeping-it-real-26175234
TIL a 9-year-old girl researched the decibel levels of public hand dryers after noticing her ears were ringing after using one. Nearly 4 years later, her research was accepted into the Canadian journal Paediatrics & Child Health, and Dyson planned to have her meet with an acoustic engineer.
https://abcnews.com/GMA/Wellness/13-year-girls-research-showing-hand-dryers-harm/story?id=64237013
#til #todayilearned
https://www.reddit.com/r/todayilearned/comments/1ufpr3g/til_a_9yearold_girl_researched_the_decibel_levels/
IDA 9.4 teasers continue with two new navigation features:
1οΈβ£ Jump Anywhere is now the default G dialog β search functions, names, types, and segments in one box with live previews.
2οΈβ£ Pathfinder, a new tool for asking "can this code reach that?" directly from the xref graph.
Read the blog for the full breakdown.
π https://hex-rays.com/blog/ida-9.4-smarter-navigation-and-quality-of-life-improvements
Just stop using LastPass already, folks.
https://blog.lastpass.com/posts/klue-supply-chain-incident-and-lastpass-response
When EPA isn't EPA'ing: What Tools Like Certify, Certipy and checkMSSQLStatus.py miss https://www.abdulmhsblog.com/posts/pitfallswithepa/
Slides from my #Troopers26 talk "Get in Loser, We're Upgrading the Internet -- Lessons from Deploying Post-Quantum Cryptography across Akamai's global Content Delivery Network"
This malware is pretty cool, it took me a while to get to the 4th obfuscation layer myself in IDA even when using a deobfuscation plugin myself, mixes its own obfuscated code deep in legitimate "goodware" code, uses lots of MBAs, has anti-VM tricks. High quality malware.
https://www.elastic.co/security-labs/oxloader-malware-loader-infostealer
https://www.twitch.tv/curlhacker is live, the presentation starts in a few minutes
all the hackerone reports for the curl 8.21.0 vulnerabilities are now public
Keeping the Web Open and Private in the Bot Era
In which an AI peddler suggests that to solve the bot problem we should perhaps enact some funky workaround that involves such reputable companies and projects like Cloudflare, Mozilla Firefox, Google Chrome, and Microsoft Edge (all of them ran by companies staunchly resisting the root cause of the Crawler problem: AI).
If we'd all just use PACT, we would be able to efficiently block the bots! Except, of course, if you're running an unsupported browser, and have not sent enough signals back home that you're a human.
But sure, sure. Lets use a klunky workaround that doesn't exist, wouldn't work, instead of addressing the problem in the first place.
How utterly predictable, how utterly disappointing nevertheless.