📢Call for beta testers!📢
The beta for "Fuzzing 1001: Introductory Fuzzing" will start ~ March 7th. It will take ~6 hours to complete. If you're interested in participating, please sign up below.
https://forms.gle/fxCM9Y1CprUJgQi59

Lesser known tricks, quirks and features of #C

https://jorenar.com/blog/less-known-c

CP/M-86 for Newbies is a starter kit for CP/M-86 with everything ready to unpack and run. It bundles the PCe PC emulator (Windows only), preconfigured PCe environments for running different CP/M-86 versions including Concurrent CP/M-86 and Concurrent DOS, and other software such as the Pirx Commander file manager.

https://github.com/MarekStarobrat/Pirx.Commander/tree/main/Releases/CPM-86

#cpm #retrocomputing

Our latest issue of ThinkstScapes is now available for download.

For this issue (covering the last quarter of 2024) we tracked over over 1400 talks and scoured content from almost 1100 blog posts.

As always, PDF, ePUB and an audio summary are available free (with no reg-wall) at https://thinkst.com/ts

We've issued our first short-lived (6 day) certificate! https://letsencrypt.org/2025/02/20/first-short-lived-cert-issued/

Come learn Windows Internal with
@yarden_shafir at Recon Montreal on June 23-26 #reverseengineering #cybersecurity https://recon.cx/2025/training.html#trainingWindowsInternals

Updates on Paragon scandal in Italy via Guardian:

-Journalist union filed criminal complaint due to Meloni's government not answering Qs.

• President of 🇮🇹 parliament invoked rule to not respond Qs claiming all unclassified info has been made public.

-Italy's foreign intelligence agency AISE, confirmed it is a customer of Paragon in Parliament, and that the the contract is suspended.

Still lots of unanswered questions.

https://www.theguardian.com/world/2025/feb/19/journalists-launch-legal-action-against-italian-government-over-spyware-claims

thanks "security researchers" !

https://github.com/curl/curl.dev/pull/6

After what feels like a century of delays.. Apple's new C1 baseband aka 'Sinope' aka 'INITIUM' etc. looks pretty interesting; PAC, ASLR & repurposed iBoot on the bb with some very familiar Synopsys licensed IP blocks + EM4 ARCv2 cores ;) good luck doing exdev on this platform lol

Obsidian is now free for work.

Starting today, the #Obsidian Commercial license is optional. Anyone can use Obsidian for work, for free. Explore the organizations that support Obsidian on our site.

https://obsidian.md/blog/free-for-work/

New Parallels "victim"-assisted LPE 0day dropped due to ZDI not playing well with the reporter:
https://jhftss.github.io/Parallels-0-day/

I've confirmed that it works fine on Intel. Though ARM may require some retooling (if it's vulnerable)

[RSS] LSA Secrets: revisiting secretsdump

https://www.synacktiv.com/en/publications/lsa-secrets-revisiting-secretsdump

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 005b45b0

aes_gcm_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005b45b0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005b45b0.json&colors=light

ICYMI: I am now selling print books directly from my store. Buy print, get the ebook free.

Only Run Your Own Mail Server and Dear Abyss right now, but it's a start!

https://mwl.io/archives/23992

@dey OK it says "network debugging is supported" then lists no compatible NIC's :D

For educational purposes we disclose this recent hackerone report on #curl claiming its sprintf() implementation is bad because it can be made to deref a bad pointer when you use it incorrectly. You know, exactly how all sprintf() implementation work - by design.

This is not the first time we had this "flaw" reported. (I did not check the "AI slop" checkbox on this one)

https://hackerone.com/reports/2990139

It's so cold outside my balls are freezing off, yet the sun is shining so bright I can't read my screen because the wall behind it is white.

I could really use some climate change rn...

@dey problem is COM ports don't show up at all, independently from the debugger setup. kdnet NIC diagnostics seem useful though!

@dey no it's not me.

@dey umm, what do you think I should look at here?