Using a 1-line change of the BishopFox PoC for CVE-2025-0282, we can easily see the vulnerable Ivanti web server crash.
https://github.com/BishopFox/CVE-2025-0282-check
Given that there's no stack canary, and there's only 9 bits of ASLR entropy, we can probably successfully brute force a successful exploit if we want to.
Fearsome File Formats by @Ange is a follow-up to Funky File Formats. He explores file fuzzing, hashquines and ways in which files can contain unexpected things (for example different files altogether!)
The Talk: https://media.ccc.de/v/38c3-fearsome-file-formats
The Previous Talk: https://media.ccc.de/v/31c3_-_5930_-_en_-_saal_6_-_201412291400_-_funky_file_formats_-_ange_albertini
Deleting any ad-supported apps you don't absolutely need is attack surface reduction. https://www.wired.com/story/gravy-location-data-app-leak-rtb/
In the aerospace world, a "flat sat" (https://www.esa.int/Enabling_Support/Space_Engineering_Technology/Opened-out_FlatSat_for_CubeSat_testing) is a development mockup of satellite splayed out on a bench with all the boards easily accessible for testing.
Is there a similar term of art for a spread-out functional prototype that's not a spacecraft? I feel like it should have a name but I'm not aware of one.
In my latest stream, I walked through the binaries of PoCorGTFO.
Not just pure hex analysis, I also covered a few challenging or fun facts along the way.
https://www.youtube.com/live/POg2Qpxbplk?si=oDBmmd1v9pMiRjMY
It's 2025 and the techbros are still out there with their AGI fantasies.
So Mystery AI Hype Theater 3000 will also still be here taking it all apart with ridicule as praxis.
@alex & I will kick off the new year by aiming that praxis at ARC, o3 and all things OpenAI:
Monday, Jan 13, noon Pacific
https://www.twitch.tv/dair_institute
Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's security update.
Currently working on adding comment-overlays to Function-Graph-Overview.
The idea is to add special begin- and end- comments, and use those to draw overlays on the graph (think C#'s region thingy).
I hope this will make the CFG more viable as a code-understanding tool, as we'll be able to better document our findings.
AI generated content in a nutshell
(Disclaimer: This has to be one of the worst videos I've ever watched... enjoy)
Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0062b660
ossl_parse_query
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0062b660.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0062b660.json&colors=light
Reviving a Classic: The Journey to Reconstruct F-15 Strike Eagle II's Code
In a remarkable feat of reverse engineering, a hobbyist has successfully reconstructed the executable for the 1989 game F-15 Strike Eagle II, bringing nostalgia and technical prowess together. This mi...
#news #tech #GameReconstruction #ReverseEngineering #F15StrikeEagleII
“Why don’t you take some of that ‘go to mars’ money and actually help rather than Monday morning quarterbacking during a live fire?”
The CEO of Watch Duty is bringing the energy that we need to 2025.
https://sfstandard.com/2025/01/09/wildfires-watch-duty-elon-musk-los-angeles/
Alternative takes:
If you're worried about how it affects the critical thinking of users, just wait until you see what it does to investors!
Maybe this is how AI takes over: by lowering the bar for competence until a stochastic parrot can fly over it.
The second one is actually close to Frank Herbert's objection and the cause of the Butlerian Jihad in the Dune backstory.