Find your first zero-day vulnerability!

In this article, we want to share a step-by-step guide on how to run American Fuzzy Lop ++ (AFL++) to fuzz an open source target.
https://www.hackers-arise.com/post/exploit-development-fuzzing-with-american-fuzzy-lop-afl-to-find-zero-day-vulnerabilities
#AFL #Fuzzing #Hacking #ZeroDay

Safe #Rust AIN'T SAFE!? (cve-rs explainer)

https://youtu.be/vfMpIsJwpjU

@raptor I'm working myself through https://rust-exercises.com/100-exercises/ right now :)

Can't wait for your recommendations!

🤣🤣🤣
[CVE-2024-40896][libxml2] XXE protection broken in downstream code
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6

"...bug should occur if you compile libraptor with the commit above and libxml2 2.11 or greater."

PoC:
https://git.libreoffice.org/core/+/cdda6533b44333b18d3dc6306dfd0f7058e40b32/unoxml/qa/unit/data/cve_2012_0037.rdf

🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄
As always, we at @starlabs_sg are sharing what we learnt. This time, it's brought to you by Cherie-Anne Lee

https://starlabs.sg/blog/2024/all-i-want-for-christmas-is-a-cve-2024-30085-exploit/

More than funds, what Wikipedia really needs is more good editors. The number of people who regularly edit articles in English Wikipedia hasn't grown substantially in years, while the number of articles has, and editor demographics remains skewed. The foundation itself largely stays away from editing, leaving it to volunteers. While articles that get a lot of attention are often good, it's not hard to find ones with biased and promotional content in less-visited topics, and in other languages.

Oh my god, I just learned of a hilariously obvious bug that Nintendo (of all companies) failed to fix.

So, NES & SNES games often have a problem with pressing left+right and up+down, at the same time. This is because that's not supposed to be possible. It's physically prevented from happening by the design of the controller itself.

Former NSA cyberspy's not-so-secret hobby – Xmas light hacks • The Register
https://www.theregister.com/2024/12/25/joyce_christmas_lights/

#frombsky

Elon Musk has ordered everyone to stop donating to Wikipedia.

I never started, until this morning.

https://donate.wikimedia.org is the link, if anyone feels like disobeying a direct order from a billionaire jerkwad.

Happy Holidays to my oncall buddies today. I wish you all a quiet and uneventful shift.

I survived #Whamageddon \o/

@stf @pluralistic @cstross I learned at Bsky that at least author royalties are independent from distributors which is good news!

https://bsky.app/profile/notaname.info/post/3le53oer4hk24

To avoid sudden dangerous drops of frustration during these peaceful Holidays I'm configuring Postfix.

#Christmas #MontyPython

@infosecdj That's a good one, thanks! I'd be also interested in broader topics like contemporary literature, sci-fi, etc.

What are the online #book stores that are neither a) monopolistic giants built on enshittification nor b) copyright bullies?

If I ask for a unicorn, which ones do at least give authors a more fair share for their work?

The slides for the keynote our Cristofaro Mune(@pulsoid) has given at @h2hconference
"False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here:

https://raelize.com/upload/research/2024/2024_H2HC2024_False-Injections-Tales-of-Physics-Misconceptions-and-Weird-Machines.pdf

Enjoy!

nice one, asus

https://www.windowslatest.com/2024/12/22/asus-bombards-windows-11-with-christmas-exe-malware-like-christmas-wreath-banner/

In light of the Crowdstrike outage over 5 months ago, what specific changes has your organization made to your enterprise security program? What changes to policies, procedures, training, alerting, testing, and your written IRP have you made? Please share!

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

https://www.bleepingcomputer.com/news/security/european-space-agencys-official-store-hacked-to-steal-payment-cards/