@swapgs TIL, thanks!

ugh. I picked up a shitty NUC from ewaste and it had a label on it for an AI company.
ahh, another startup that burnt out trying to build some silly AI project on crap hardware. I wonder what they did? I check their URL:
ahh. healthcare. great, great.

@swapgs My problem is that Monorail appends a prefix (6 ASCII chars IIRC) to the JSON response that kills httpx unless I hack around it manually:

https://github.com/v-p-b/p0-bot-akkoma/blob/aa9dacb01711a5b00a607a64217aa8d29055e6d9/p0bot.py#L45

You can also see it when you check the raw response in browser devtools.

Any ideas?

@swapgs There is one thing though that I don't understand, so I'll probably upload to GH shortly...

@swapgs I can if you are interested, but it's really not anything fancy.

Since I literally have to watch the paint dry, here's a bot for Project Zero issues too:

@p0bot

That’s no moon – it’s the Moon 🌗

The first colour images from ESA JUICE’s close lunar encounter last night are out.

Taken by the monitoring cameras, both show sunlit craters & shadows on the surface with parts of the spacecraft in the foreground.

At the top of the second image, you can just make out Earth as a small dark circle, surrounded by the ring of its backlit atmosphere.

We arrive (t)here tonight 🛰️🌏

Kudos to @stim3on for the magical processing 🙇‍♂️

#JUICELEGA

#LazyFedi What is the easiest way to generate a (machine-readable) function call graph from an NPM package?

Alternatively, what is the easiest way to generate a function call graph for packages of any package manager?

#Programming #StaticAnalysis

The Insane Engineering of the Gameboy

https://www.youtube.com/watch?v=BKm45Az02YE

UPDATE: Palo Alto Cortex XSOAR CommonScripts Critical Vulnerability (CERT-EU Security Advisory 2024-083)

On August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.

https://www.cert.europa.eu/publications/security-advisories/2024-083/

Linux: landlock can be disabled thanks to missing cred_transfer hook; and Smack looks dodgy too

https://bugs.chromium.org/p/project-zero/issues/detail?id=2566

This is CVE-2024-42318

Object file exporter extension for #Ghidra

https://github.com/boricj/ghidra-delinker-extension

There's an article written by me in Phrack Magazine: http://www.phrack.org/issues/71/11.html#article.
Very proud to be in that historic hacking magazine! For me, this is a major achievement :)

Bonus: the source code and binaries are here https://github.com/cryptax/talks/tree/master/Phrack-71

Enjoy! And if you really like it, I'd appreciate you nominate it here https://www.virusbulletin.com/conference/peter-szor-award/

Anybody with a paper edition to send me? This offer still stands: https://mastodon.social/@cryptax/112775284733028530

#phrack #dart #reverse #flutter

@pancake Isn't this achievable by a blog-like ActivityPub service (or an actual ActivityPub-enabled blog engine, like WriteFreely)?

@pancake You mean you'd like to e.g. show RSS content under your own account?

This definitely sounds like a feature request, still I think a 3rd-party service with scoped credentials (at least Akkoma supports this, my bots have post-only creds for example) can still hit a sweet spot.

OpenBSD crond / crontab set_range() heap underflow - CVE-2024-43688

https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt

https://vulnerability.circl.lu/cve/CVE-2024-43688

#vulnerability #cron #crontab #infosec #crond #openbsd #unix

@kpwn I have no first-hand experience, but this must be pretty nice (Steven Seeley does it) for advanced topics: https://srcincite.io/training/

@pancake Fediverse SW (plz don't just promote Mastodon) have nice open API's so we can go nuts with our ideas without going through standardization rituals.

A quick search got me this little tool: https://codeberg.org/MarvinsMastodonTools/feed2fedi , and IIRC there was some service that did the same without coding/hosting yourself.

On the other hand I use Fedi as an RSS _generator_, so I kind of agree that having some features built-in makes a difference - question is how we determine if the API is not enough?

Along with the release of the latest Phrack, today in #Hungary we celebrate the founding of our nation by Saint Istvan

http://phrack.org/issues/71/1.html new Phrack is out!