@tmr232 I think that'd be in the release documents, and I can't find anything promising when searching for .py's either. But that's just a quick look.

Generated docs for the latest #Ghidra 11.2.1 are now available at:

https://scrapco.de/ghidra_docs/

Differences from previous version:

https://gist.github.com/v-p-b/fb76fae8cbcb490a33039892c3feea9b

@da_667 "gone" is a bit strong phrase to use when everyone is free to copy your stream for a whole week

#Ghidra 11.2.1 released

What's New:
https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.2.1_build/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html

Change History:
https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.2.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html

Upcoming hardening in PHP https://dustri.org/b/upcoming-hardening-in-php.html

and here's how we worked on the recent #curl CVE from it first being reported until published earlier today: https://hackerone.com/reports/2764830

@Viss best reaction I've seen so far xD

Dear Developers,

if you write #documentation, include the *context* where a piece of code/config/prayer/... should go, pretty please!

Thank you,

Your Fellow IT People

[oss-security] shell wildcard expansion (un)safety

https://seclists.org/oss-sec/2024/q4/56

CVE-2024-9681 HSTS subdomain overwrites parent cache entry

https://curl.se/docs/CVE-2024-9681.html

[RSS] On the limits of time travel in the face of undefined behavior in C

https://devblogs.microsoft.com/oldnewthing/20241104-00/?p=110466

New assessment for topic: CVE-2024-35250

Topic description: "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ..."

"The ks.sys driver on Windows is one of the core components of Kernel Streaming and is installed by default ..."

Link: https://attackerkb.com/assessments/b966571c-c90a-4055-af54-ee6af8389f53

Exciting news! I’m starting X-Force’s new offensive research team (XOR) and hiring a security researcher. Want to work with researchers (like @fuzzysec and I) to find bugs, exploit popular targets, and share your work? Apply for this unique (remote) role 😊https://careers.ibm.com/job/21219320/security-researcher-san-jose-ca/

Don't threaten us with a good time

#ElonMusk #Twitter #Meme

Interested in accessing a binary as a CFG? @ArastehCma has a solid video showing how to access Ghidra's analysis as a CFG (with an awesome intro!):
https://www.youtube.com/watch?v=eTRo3xw1Gbs

Want to do the same thing in Binary Ninja? See below. (Spoiler: it's already exposed as one!)

Dutch researchers @midnightbluelab
found a critical zero-click vuln in a photo app enabled by default on Synology storage devices, putting millions of systems at risk of being hacked. They found Synology systems owned by police/law firms/critical infrastructure contractors online and all vulnerable to attack. Synology has called the vuln "critical" and issued a patch last week but apparently didn't notify customers. Synology devices don't have automated update capabilities. Here's my story: https://www.wired.com/story/synology-zero-click-vulnerability/

@kimzetter Kim, did you see https://infosec.exchange/@adamshostack/113414081797045521 ?

@wdormann @kimzetter Maybe @thezdi can shed some light on that candidate ID?

Early 2020 I wrote this blog post about how #Microsoft #OneDrive exports malformed #ZIP files that cannot be unzipped by widely-used tools (this only happens for large, > 4GB ZIP files):

https://www.bitsgalore.org/2020/03/11/does-microsoft-onedrive-export-large-ZIP-files-that-are-corrupt

Fast-forward 4.5 years, and Microsoft *still* hasn't fixed this!

Just ran into this again with a 6.5 GB file! Luckily the Fix-OneDrive-Zip tool by Paul Marquess helped me out again:

https://github.com/pmqs/Fix-OneDrive-Zip

#wtfZIP #wtfMicrosoft

@cR0w There's room for actors in different timezones