Posts
2575
Following
624
Followers
1379
"I'm interested in all kinds of astronomy."
repeated

Project Zero Bot

New Project Zero issue:

inotify_rm_watch() race with umount() can lead to superblock-related UAF

https://project-zero.issues.chromium.org/issues/379667898

CVE-2024-53143
0
1
0
Edited 2 months ago
#hupol #mfa #vent
Show content
It seems Hungarian education is going so great that one teachers union (we have two of course...) felt that after years of doing nothing now it's time to issue an outraged communique about...

... having to switch to MFA on government portals.

My humble opinion is that these bureaucrats should be reassigned to the job of cleaning dog shit off the streets.

(FD: I have a loving family of teachers)
0
0
2
Lead-free solder is how EU kills innovation.
0
0
3
repeated

Using a 1-line change of the BishopFox PoC for CVE-2025-0282, we can easily see the vulnerable Ivanti web server crash.
https://github.com/BishopFox/CVE-2025-0282-check

Given that there's no stack canary, and there's only 9 bits of ASLR entropy, we can probably successfully brute force a successful exploit if we want to.

4
6
0
repeated

Fearsome File Formats by @Ange is a follow-up to Funky File Formats. He explores file fuzzing, hashquines and ways in which files can contain unexpected things (for example different files altogether!)

The Talk: https://media.ccc.de/v/38c3-fearsome-file-formats

The Previous Talk: https://media.ccc.de/v/31c3_-_5930_-_en_-_saal_6_-_201412291400_-_funky_file_formats_-_ange_albertini

0
4
0
The first actually useful desoldering tutorial I encountered:

https://youtu.be/Z38WsZFmq8E?feature=shared
0
1
7
repeated

Deleting any ad-supported apps you don't absolutely need is attack surface reduction. https://www.wired.com/story/gravy-location-data-app-leak-rtb/

3
9
0
repeated

In the aerospace world, a "flat sat" (https://www.esa.int/Enabling_Support/Space_Engineering_Technology/Opened-out_FlatSat_for_CubeSat_testing) is a development mockup of satellite splayed out on a bench with all the boards easily accessible for testing.

Is there a similar term of art for a spread-out functional prototype that's not a spacecraft? I feel like it should have a name but I'm not aware of one.

3
1
0
repeated

In my latest stream, I walked through the binaries of PoCorGTFO.
Not just pure hex analysis, I also covered a few challenging or fun facts along the way.
https://www.youtube.com/live/POg2Qpxbplk?si=oDBmmd1v9pMiRjMY

0
3
0
repeated

It's 2025 and the techbros are still out there with their AGI fantasies.

So Mystery AI Hype Theater 3000 will also still be here taking it all apart with ridicule as praxis.

@alex & I will kick off the new year by aiming that praxis at ARC, o3 and all things OpenAI:

Monday, Jan 13, noon Pacific
https://www.twitch.tv/dair_institute

1
4
0
repeated

Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's security update.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february/

2
5
0
@cR0w You can't improve perfection.
0
0
0
@cR0w This meme should be on display at the Louvre xD
0
0
1
repeated

Currently working on adding comment-overlays to Function-Graph-Overview.

The idea is to add special begin- and end- comments, and use those to draw overlays on the graph (think C#'s region thingy).

I hope this will make the CFG more viable as a code-understanding tool, as we'll be able to better document our findings.

0
1
0
repeated

AI generated content in a nutshell

(Disclaimer: This has to be one of the worst videos I've ever watched... enjoy)

3
3
0
repeated
repeated

Reviving a Classic: The Journey to Reconstruct F-15 Strike Eagle II's Code

In a remarkable feat of reverse engineering, a hobbyist has successfully reconstructed the executable for the 1989 game F-15 Strike Eagle II, bringing nostalgia and technical prowess together. This mi...

https://news.lavx.hu/article/reviving-a-classic-the-journey-to-reconstruct-f-15-strike-eagle-ii-s-code

0
3
0
@tmr232 I see you are motivated by challenges! :)
0
0
1
repeated

“Why don’t you take some of that ‘go to mars’ money and actually help rather than Monday morning quarterbacking during a live fire?”

The CEO of Watch Duty is bringing the energy that we need to 2025.

https://sfstandard.com/2025/01/09/wildfires-watch-duty-elon-musk-los-angeles/

1
8
0
repeated

Alternative takes:

If you're worried about how it affects the critical thinking of users, just wait until you see what it does to investors!

Maybe this is how AI takes over: by lowering the bar for competence until a stochastic parrot can fly over it.

The second one is actually close to Frank Herbert's objection and the cause of the Butlerian Jihad in the Dune backstory.

1
2
0
Show older