A couple of weeks ago, I wanted to show a friend how to use PHP.

The `foreach` docs showed `foreach ($array as &$value) {}` as the first example and was otherwise out of date with current PHP practices as well. Using `list($a, $b)` over `[$a, $b]`, old array syntax, and so on.

So I learned how the docs work these days and sat down to fix it: https://github.com/php/doc-en/pull/4451/

Big thanks to @Girgias for the great review.

Wasn't hard, you can do it too! :)

https://www.php.net/manual/en/control-structures.foreach.php

Three questions about Apple, Encryption, and the U.K. https://blog.cryptographyengineering.com/2025/02/23/three-questions-about-apple-encryption-and-the-u-k/

台湾旅行🚥🙏
#tokyocameraclub
#東京カメラ部

I spent last night writing about the things on my site that I am the most proud of https://shellsharks.com/devlog/build-then-smile

The #IndieWeb allows us to express ourselves in many ways, through our writing, through our site aesthetics, etc... over the last 5 years+ I've built a place on the web that I really enjoy hanging out at. So for everyone out there similarly building a digital "home" on the web, remember to look back and smile at what you've accomplished!

23 February 1914 | Bernard Świerczyna was born, a Polish soldier, #Auschwitz prisoner no. 1393, one of the leaders of the resistance in the camp.

3 days before he was hanged (30 December 1944) he wrote those words inside cell 28 in the basement of Block 11 at Auschwitz I.

@noctivius "get some practice with using tools and memorizing commands" - Spot on! IME people who "grew up" with these labs are too much focused on these skills, while this is the easy part of the job. The hard part is to find where to dig.

I just read this (now deleted) question on Reddit:

"Wich One İs better Hack the box Or Try Hack me?" (sic!)

This may be unpopular, but IMO
1) Nothing beats building your own environments, as you'll learn *how* the stuff works and *why* misconfigs happen.
2) Real targets rarely have as limited attack surfaces as these lab machines. A crucial skill is to filter the data you get from initial scans (IIRC OSCP labs were more realisting in this aspect).

#TryHackMe #HackTheBox #pentest #training

[RSS] Spice86: Reverse engineer and rewrite real mode DOS programs

https://github.com/OpenRakis/Spice86

[RSS] From Zero to Emo - My Journey of Many Failures in kernelCTF

https://u1f383.github.io/linux/2025/02/21/from-zero-to-emo-my-journey-of-many-failures-in-kernelCTF.html

🆕 blog! “Why are QR Codes with capital letters smaller than QR codes with lower-case letters?”

Take a look at these two QR codes. Scan them if you like, I promise there's nothing dodgy in them.

   

Left is upper-case HTTPS://EDENT.TEL/ and right is lower-case https://edent.tel/

You can clearly see that the one on the left is a "s…

👀 Read more: https://shkspr.mobi/blog/2025/02/why-are-qr-codes-with-capital-letters-smaller-than-qr-codes-with-lower-case-letters/
⸻
#qr #QRCodes

it took me so much time to finish this exploit but I finally did it! my first guest-to-host virtualbox escape is finally ready, using a combination of 2 bugs I can target the latest version :)
Eternal thank you to my dear friend Corentin @onlytheduck for constantly encouraging me and guiding me how to approach, research and exploit hypervisors ✊⭐️

[RSS] Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].

https://www.ibm.com/support/pages/node/7183835?myns=swgother&mynp=OCSWG60&mynp=OCSSB23CE&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSS9QQS&mync=A&cm_sp=swgother-_-OCSWG60-OCSSB23CE-OCSSTS2D-OCSSC5L9-OCSS9QQS-_-A

#teachers #teaching #history #political

Released Pwndbg 2025.02.19 with new commands for dumping Linux kernel nftables, initial LoongArch64 support and more!

See changelog on https://github.com/pwndbg/pwndbg/releases/tag/2025.02.19 !

#pwndbg #gdb #pwning #reverseengineering #binaryexploitation #kernel #debugging

[RSS] Pluralistic: Ad-tech targeting is an existential threat

https://pluralistic.net/2025/02/20/privacy-first-second-third/

Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.

— Andy Rooney

@4Dgifts "Von Neumann himself attributed his generation's success to 'a coincidence of some cultural factors' that produced 'a feeling of extreme insecurity in the individuals, and the necessity to produce the unusual or face extinction'" (The Man from the Future, the Visionary Ideas of John von Neumann, quoting from Stanislaw Ulam's Andventures of a Mathematician)

I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.

Slides are here:
https://docs.google.com/presentation/d/1-CgBbVuFE1pJnB84wfeq_RadXQs13dCvHTFFVLPYTeg/edit?usp=drivesdk

Writing a #Ghidra processor module

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/?ref=blog.exploits.club

"In this article we will create a Ghidra processor module for the iRISC processors, these processors are embedded in the ConnectX series of NICs from NVIDIA/Mellanox."

Not a beginners tutorial, as it skims over many important steps and details, but still good to have more of these as there's always a trick or two to learn.