📢 We’re now releasing weekly mass testing results 📢

https://mass.rev.ng

Here you can find a weekly report on using revng to decompile tons of binaries.

There’s information about crashes, timeouts and nice graphs.

Our goal is to now bring them all down week-by-week 🦾

Been doing a fun new reverse engineering project: Figuring out the file formats of the 1999 Windows/PS1 game Attack of the Saucerman. It's the first time I'm doing this on a 3D game. I'm now at a point where I can partially display the levels, and extract most of the assets:
https://github.com/lethal-guitar/SaucerMapViewer

I already made an attempt many many years ago, but was only armed with a hex editor at the time and couldn't make any sense of the data. (cont.)

Qubes OS Summit 2024 just started

You can assist live on YouTube

https://vpub.dasharo.com/e/16/qubes-os-summit-2024/

#qubesos

#OpenSSH 9.9 has been released: https://www.openssh.com/txt/release-9.9

The significant new feature is support for post-quantum mlkem768x25519-sha256 KEX as specified in https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03

#pqcrypto #postquantumcryptography

gaining access to anyones browser without them even visiting a website

https://kibty.town/blog/arc/

Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

https://github.com/0xdea/tactical-exploitation

"The Other Way to Pen-Test" -- @hdm & @Valsmith

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.

Crowdstrike is telling Falcon users not to install macOS Sequoia.

Apple's New macOS Sequoia Update Breaking Major Security Tools https://it.slashdot.org/story/24/09/19/1851232/apples-new-macos-sequoia-update-breaking-major-security-tools?utm_source=rss1.0mainlinkanon

Couldn't let #talklikeapirateday happen without a little bit of #pc #ansi #art to commemorate.
Here's a little sketch of perhaps my number one fave pirate, Guybrush Threepwood :) arrrr! /piratevoice

In part 3 of his series on exploiting #Exchange #Powershell after ProxyNotShell, ZDI researcher @chudypb chains 3 bugs that lead to RCE, mainly by abusing the single-argument constructor conversions. Read the details at https://www.zerodayinitiative.com/blog/2024/9/18/exploiting-exchange-powershell-after-proxynotshell-part-3-dll-loading-chain-for-rce

Someone asked me to explain the whole supply chain, shell company, pager scenario to them in simple, anyone terms. I said in a nutshell, the coyote and rest of us watching learned that the roadrunner owned the Acme company.

Ruby-SAML pwned by XML signature wrapping attacks - https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/ #ruby #rails #sso #saml

A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data.

https://www.bleepingcomputer.com/news/technology/ftc-exposes-massive-surveillance-of-kids-teens-by-social-media-giants/