Come learn Windows Internal with
@yarden_shafir at Recon Montreal on June 23-26 #reverseengineering #cybersecurity https://recon.cx/2025/training.html#trainingWindowsInternals

Updates on Paragon scandal in Italy via Guardian:

-Journalist union filed criminal complaint due to Meloni's government not answering Qs.

• President of 🇮🇹 parliament invoked rule to not respond Qs claiming all unclassified info has been made public.

-Italy's foreign intelligence agency AISE, confirmed it is a customer of Paragon in Parliament, and that the the contract is suspended.

Still lots of unanswered questions.

https://www.theguardian.com/world/2025/feb/19/journalists-launch-legal-action-against-italian-government-over-spyware-claims

thanks "security researchers" !

https://github.com/curl/curl.dev/pull/6

After what feels like a century of delays.. Apple's new C1 baseband aka 'Sinope' aka 'INITIUM' etc. looks pretty interesting; PAC, ASLR & repurposed iBoot on the bb with some very familiar Synopsys licensed IP blocks + EM4 ARCv2 cores ;) good luck doing exdev on this platform lol

Obsidian is now free for work.

Starting today, the #Obsidian Commercial license is optional. Anyone can use Obsidian for work, for free. Explore the organizations that support Obsidian on our site.

https://obsidian.md/blog/free-for-work/

New Parallels "victim"-assisted LPE 0day dropped due to ZDI not playing well with the reporter:
https://jhftss.github.io/Parallels-0-day/

I've confirmed that it works fine on Intel. Though ARM may require some retooling (if it's vulnerable)

[RSS] LSA Secrets: revisiting secretsdump

https://www.synacktiv.com/en/publications/lsa-secrets-revisiting-secretsdump

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 005b45b0

aes_gcm_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005b45b0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005b45b0.json&colors=light

ICYMI: I am now selling print books directly from my store. Buy print, get the ebook free.

Only Run Your Own Mail Server and Dear Abyss right now, but it's a start!

https://mwl.io/archives/23992

@dey OK it says "network debugging is supported" then lists no compatible NIC's :D

For educational purposes we disclose this recent hackerone report on #curl claiming its sprintf() implementation is bad because it can be made to deref a bad pointer when you use it incorrectly. You know, exactly how all sprintf() implementation work - by design.

This is not the first time we had this "flaw" reported. (I did not check the "AI slop" checkbox on this one)

https://hackerone.com/reports/2990139

It's so cold outside my balls are freezing off, yet the sun is shining so bright I can't read my screen because the wall behind it is white.

I could really use some climate change rn...

@dey problem is COM ports don't show up at all, independently from the debugger setup. kdnet NIC diagnostics seem useful though!

@dey no it's not me.

@dey umm, what do you think I should look at here?

Modern (11/2022) Windows Kernel Debug on Proxmox:

- I couldn't get NET to work so far, neither with virtio nor e1000 vNIC's

- Windows 11 refuses to recognize serial ports too, even with virtio drivers. It'd have been royal to use WinDbg from Store but :(

- Windows Server 2022 does recognize COM ports (maybe drivers can be transplanted to 11?)

- COM ports can be connected from the Proxmox host using socat as described here:

https://forum.proxmox.com/threads/two-windows-guests-communicating-via-serial-console-comn.67588/

- You should of course disable Secure Boot - you can do that in the VM's BIOS under Device Manager / Secure Boot Config / Attempt Secure Boot

TBC

Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russian intelligence services. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

I just pushed an update to logparse to detect the near-collision blocks (w/ no difference) of TextColl.
Thanks Marc!
https://github.com/corkami/collisions

The livestream on multi-hashcolls is up.
Covering the hashcoll tag in VT, specific file format structures, defanging files, Stevens' DetectColl, safe hashes...
https://www.youtube.com/live/1D6C6z_25cE?si=GmDi17uII1xj7rUi&t=33

Do I have anyone here who reads #Chinese and can help me with a story?...