Modern (11/2022) Windows Kernel Debug on Proxmox:

- I couldn't get NET to work so far, neither with virtio nor e1000 vNIC's

- Windows 11 refuses to recognize serial ports too, even with virtio drivers. It'd have been royal to use WinDbg from Store but :(

- Windows Server 2022 does recognize COM ports (maybe drivers can be transplanted to 11?)

- COM ports can be connected from the Proxmox host using socat as described here:

https://forum.proxmox.com/threads/two-windows-guests-communicating-via-serial-console-comn.67588/

- You should of course disable Secure Boot - you can do that in the VM's BIOS under Device Manager / Secure Boot Config / Attempt Secure Boot

TBC

Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russian intelligence services. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

I just pushed an update to logparse to detect the near-collision blocks (w/ no difference) of TextColl.
Thanks Marc!
https://github.com/corkami/collisions

The livestream on multi-hashcolls is up.
Covering the hashcoll tag in VT, specific file format structures, defanging files, Stevens' DetectColl, safe hashes...
https://www.youtube.com/live/1D6C6z_25cE?si=GmDi17uII1xj7rUi&t=33

Do I have anyone here who reads #Chinese and can help me with a story?...

[RSS] RSync: Heap Buffer Overflow, Info Leak, Server Leaks, Path Traversal and Safe links Bypass

https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088

[RSS] PaloAlto OpenConfig Plugin: Command Injection Vulnerability

https://github.com/google/security-research/security/advisories/GHSA-73px-m3vw-mr35

CVE-2025-0110

Valve releases full Team Fortress 2 game code to encourage new, free versions
Other Source games also get the Half-Life 2 anniversary update treatment.
https://arstechnica.com/gaming/2025/02/valve-releases-full-team-fortress-2-game-code-to-encourage-new-free-versions/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

TIL there is a non-stop Mythbusters channel on YT :O

https://www.youtube.com/watch?v=brUPUA0WNQ8

#Ghidra 11.3.1 is out, change log:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.3.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Has anyone managed to remote kernel debug Windows VMs over IP with virtio NIC drivers?

@LivingCooki I only hoped it has

Be Careful What You Ask For: Voice Control

https://hackaday.com/2025/02/19/be-careful-what-you-ask-for-voice-control/

🚀 Master heap exploitation with Corelan in Zagreb! Hands-on, real-world skills from the best. Limited spots—sign up now! 🔥
https://deep-conference.com/training-corelan-heap-exploit-development-masterclass-for-windows/

After a long and restful break since leaving my last role, I'm back to actively looking for new problems to solve. If you know of anyone looking for someone with an extensive background in security leadership, application security, & penetration testing, let me know!

Resume: https://adamcaudill.com/resume/

[RSS] Ivanti Endpoint Manager - Multiple Credential Coercion Vulnerabilities

https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/

CVE-2024-10811: Credential Coercion Vulnerability in GetHashForFile
CVE-2024-13161: Credential Coercion Vulnerability in GetHashForSingleFile
CVE-2024-13160: Credential Coercion Vulnerability in GetHashForWildcard
CVE-2024-13159: Credential Coercion Vulnerability in GetHashForWildcardRecursive

[RSS] Hackaday Europe 2025: Speakers, Lightning Talks, and More!

https://hackaday.com/2025/02/18/hackaday-europe-2025-speakers-lightning-talks-and-more/

[RSS] Auto-Download Your Kindle Books Before February 26th Deadline

https://hackaday.com/2025/02/18/auto-download-your-kindle-books-before-february-26th-deadline/

Four years ago I got my first threat of violence for my Open Source work that I ended up reporting to the police. Thick skin and all that, but there are limits...

https://daniel.haxx.se/blog/2021/02/19/i-will-slaughter-you/