CISA: CISA Adds One Known Exploited Vulnerability to Catalog (link updated)
HOT OFF THE PRESS! CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability.

#cisa #kev #knownexploitedvulnerability #zeroday #vulnerability #CVE_2024_8963 #activeexploitation #eitw #ivanti #ivanticsa

@exclamationmark @catsalad @hacks4pancakes @jerry @malwaretech I guess that doesn't change the quality of local hospitals? (Private institutions are better but can't do everything)

@exclamationmark @catsalad @hacks4pancakes @malwaretech @jerry I'm sure he lucky winner will just love the Hungarian healthcare conditions! /s

WHO Cybersecurity Operations Engineer position available:

https://careers.who.int/careersection/ex/jobdetail.ftl?job=2406981&tz=GMT%2B02%3A00&tzname=Europe%2FZurich

It's in Budapest

#fedijob #fedijobs #position #blueteam

Cat's out of the bag: I am pursuing a native FIPS 140-3 validation for the Go standard library.

Trying to do it right, making it seamless and without compromising on security.

First time a Go module is validated. Wish me well. And consider sponsoring!

https://go.dev/issue/69536

Want to move to Real World Binary Exploitation? Grab this last opportunity of the year and register to my Windows Exploit Engineering Foundation training at #hexacon https://www.hexacon.fr/trainer/halbronn/

https://2024.issta.org/details/issta-2024-papers/89/Better-Not-Together-Staged-Solving-for-Context-Free-Language-Reachability

This is a super interesting approach to figuring out how to nagivate paths through parsers written to accept context free languages, when the grammar of the parser is known: break up the grammar into parts and do different complimentary stages of CFG exploration based on those parts of the original grammar

Our latest blog post 📜 shows application developers effective steps they can take to 🛑prevent attacks in a world of rich media client interactions. 👀 Check it out now to learn how to protect your apps!

https://blog.doyensec.com/2024/09/19/phishing-case-study.html

#doyensec #appsec #security #DevOps #developers

I jokingly said on the #vlang Discord that my IDE setting for tabs is "sin(time)*4-4 spaces", and of course spytheman instantly implemented it in ved
#programming #editor

"These outsiders saw the giant lie [...] And they saw it by doing something the rest of the suckers never thought to do: they looked."

#hacking

"The selling point of generative A.I. is that these programs generate vastly more than you put into them, and that is precisely what prevents them from being effective tools for artists."

[RSS] Vulnerabilities in Open Source C2 Frameworks

https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/

With Kagi, not only can you see how many ads/trackers a website has before clicking, but you can also personalize your search by ranking domains to tailor the experience to your specific needs👇

#AdFree #Search #Kagi

SAP Hash Cracking Techniques https://redrays.io/blog/sap-hash-cracking-techniques/

@kaoudis my problems with physics started with the 3 different notations of derivation...

good news: I can now publish my work on "RTL debugger", an interactive tool that lets you single-step your hardware design and observe its state, currently integrated into VS Code as an extension but using an open protocol https://github.com/amaranth-lang/rtl-debugger

right now it's in a very early state and not all that useful, but this should change in the coming days

This looks amazing: THE JUNKYARD: An End-Of-Life Pwnathon (February 21-22, 2025) DistrictCon: https://www.districtcon.org/junkyard

new blogpost time!!

this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty

lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c:

have fun!

https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/

OpenHCL: Evolving Azure’s virtualization model

https://techcommunity.microsoft.com/t5/windows-os-platform-blog/openhcl-evolving-azure-s-virtualization-model/ba-p/4248345?s=09

@da_667 "It's backup day today so I'm pissed off. Being the BOFH, however, does have it's advantages. I reassign null to be the tape device - it's so much more economical on my time as I don't have to keep getting up to change tapes every 5 minutes. And it speeds up backups too..." https://bofh.bjash.com/bofh/bofh1.html