What comes after world domination?

This is the abstract for my scheduled talk at foss-north 2025 in April. What do you think is next?

https://foss-north.se/2025/

New year, new skills, new exploits! 💻🎯

Corelan classes are coming your way! Learn Windows stack & heap exploitation from corelanc0d3r.

🔥 Hands-on labs, real-world scenarios & an elite alumni network. Spots fill up fast—register now! 👉 [https://www.corelan-training.com/index.php/training-schedules

As the next step in my quest to make it easier to poison AI crawlers, I present you: OCIocaine: a project where #DockerCompose meets #Caddy and #Iocaine, to poison AI crawlers for all your sites, automatically.

The idea here is to provide a docker compose file that starts up Caddy and Iocaine, configured so that Caddy will reverse proxy for any and all services on the same docker network, as long as they have a few labels that tell it to do so. In addition, a Caddyfile snippet will be available for all of these, which takes care of routing bad visitors to Iocaine.

And if that's not enough, the whole thing comes preconfigured with a wordlist (a list of English words), and traning data (the complete works of Shakespeare), and a list of known AI crawlers (courtesy of ai.robots.txt).

All you have to do is copy the sample configuration, create a network, start it up, and deploy labeled containers into the same network, and OCIocaine takes care of the rest.

@drwhax You should have an adjustable one: standing all the time is just as bad for your back as sitting. The trick is to change positions and move around as much as you can.

WordPress 6.8 is due to switch their password hashing to bcrypt, and their application passwords to BLAKE2b.

Great news:

They disarmed the 72 char footgun with bcrypt in the way I recommended (HMAC, rather than just SHA2, to prevent hash shucking, and base64 to prevent NUL truncation).

https://core.trac.wordpress.org/changeset/59828

[RSS] ACS Password Leaks Are A Security Issue On #IBMi

https://www.itjungle.com/2025/02/17/acs-password-leaks-are-a-security-issue-on-ibm-i/

Our work featured in IT Jungle

🚨Secure Boot relies on revocation lists (dbx) to block malicious bootloaders, but discrepancies between the @uefiforum & @microsoft lists create security gaps.

👉Call for a single and openly maintained revocation list -- a unified source of truth!

https://www.binarly.io/blog/from-trust-to-trouble-the-supply-chain-implications-of-a-broken-dbx

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/ssa/rewritePPC64latelower.go:55 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/ssa/rewritePPC64latelower.go#L55

func rewriteValuePPC64latelower_OpPPC64AND(v *Value) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=light

@cryptax The calling convention defines how return value is set, so it may very well affect the decompilation afaik

@cryptax I guess that's the result of incorrectly identified calling convention? You can check/set with right click on func name -> Edit Function Signature

New updates in LIEF including better support for PE modifications and ARM64EC/ARM64X binaries.

Blog post: https://lief.re/blog/2025-02-16-arm64ec-pe-support/

Stop saying “artificial intelligence”. (And “neural networks” too.)

Be more specific. Say “reinforcement learning”. Say “generative modelling”. Say “Bayesian filtering”. Say “statistical prediction”.

These are incredibly useful tools that have nothing to do with “intelligence”.

And say “model trained on plagiarised data”.

Say “bullshit generator”.

Say “internet regurgitator”.

These are also nothing to do with intelligence, but they have the added bonus of being useless, too.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab2bd98

x86_skip_prefixes

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=light

Microsoft Productivity Pack for Windows (1992)

@G33KatWork Almost the same vibes: https://www.youtube.com/watch?v=AZfxXQUSNIQ

@G33KatWork I don't like cars and I don't know shit about them. This is still highly entertaining!

FYI: I have made public new #NetBSD AMIs for #AWS #ec2. These are evbarm and amd64 images for NetBSD/10.1 and now have their boot messages sent to the serial console (although it takes EC2 about 5-8 minutes from instance creation until `aws ec2 get-console-output` shows the messages).

These AMIs should be public and ready for you to launch in us-east-1a:

https://stevens.netmeister.org/615/netbsd-amis.html

Serious question to US folks: Does Mint 400 have a Fear&Loathing track these days?

CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

https://seclists.org/oss-sec/2025/q1/140

"This vulnerability is related to BeyondTrust CVE-2024-12356"

https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/