Thankfully booting from install floppy with `mount root=/dev/hda1` and re-running LILO has fixed the boot.

"I sure wish there was a CTF between Christmas and New Year's"

Good news! @hxp will be running the 38C3 CTF, and it's a qualifier for @defcon CTF too!

https://2024.ctf.link/

Today I have a day off, so I'm going to do exactly what I do on my days off: useless stuff!

I found a curious program, but it comes precompiled for Slackware 3.0 circa 1995, so I have to install it. I assume a.out, though some say it's actually ELF, so maybe I'm looking at recompiling the kernel later.

Finding the distro alone is a bit of a challenge!

🧵

The Db2 for i (SQL) and RPG PTFs for #IBMi 7.5 TR5 and 7.4 TR11 are released today.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2024/12/tr-ptfs-for-db2-now-available.html

@DJGummikuh it is easy to get wrong. I wrote about it a little in my weekly email last week: https://lists.haxx.se/pipermail/daniel/2024-December/000091.html

25 years later, #curl is now at 0 sscanf calls - and we do not allow new ones to get added

IBM i 7.5 TR 5 and 7.4 TR 11 are now GA - already installed on the first partitions here! 😀

For more information about the contents in the TR's, see these links:
https://www.ibm.com/support/pages/ibm-i-75-tr5-enhancements
https://www.ibm.com/support/pages/ibm-i-74-tr11-enhancements

#IBMi

@ranjit wrong language subtitles are the best

NATO Secretary-General Mark Rutte delivered a speech recently, urging us to mentally prepare for war. It is worth your time to read the actual speech "But if we are not strong enough, if Putin and others would think that we cannot defend ourselves, then they might start to try to attack us. And already this is happening in the terrain of cyber" -> https://www.nato.int/cps/en/natohq/opinions_231348.htm

Yesterdays link to the Let‘s Encrypt blog dragged in some people who seem to think that CAs are unnecessary or even evil.

LE is s very small group who set out to improve the terrible CA situation and the fucking middle box corruptions.

They did that successfully with a budget that a medium sized city spends on its department for car license plates.

So, my advice: don‘t yell at people who made the world somewhat better or you‘ll soon run out of ones who try.💁🏻‍♂️

Reverse Engineering an STM32 firmware with radare2 https://medium.com/techmaker/reverse-engineering-stm32-firmware-578d53e79b3 #firmware #reverseengineering #radare2

CVE-2024-55557 - Weasis 4.5.1 https://www.partywave.site/show/research/CVE-2024-55557%20-%20Weasis%204.5.1

"let me use an AI and file another bug against #curl

https://github.com/curl/curl/issues/15736

A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html

Ever wanted to know what data #PowerShell or other programs send to AMSI. I wrote a C# COM server implementation that logs this data as a JSON string. Had some fun learning more about COM and .NET AOT with this little project https://github.com/jborean93/AmsiProvider

#PaloAltoNetworks
has just released a PANOS update, 10.2.13, which includes this interesting little fix. Looking at the portal logs from the management console or CLI I can't see any cleartext passwords being logged in regular or debug mode.

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-13-known-and-addressed-issues/pan-os-10-2-13-addressed-issues

Here's the slides to my PoC 2024 keynote "An insider perspective on the offensive industry": https://webdl.nso.group/OffIndustry-PDF.pdf

My apologies for the delay in publishing these.