@sassdawe Defender usually chokes IO. Are you sure you get up-to-date results (considering you can't use the system otherwise, perf/GUI updates may be late too)?

[RSS] Linux Kernel Some Vsock Vulnerabilities Analysis

https://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html

Analysis of CVE-2025-21669, CVE-2025-21670 and CVE-2025-21666

Dan Farmer, who spoke at the first #DEFCON is still at it, this time pointing out some #BMC #IPMI problems on SuperMicro (and most likley other) systems:

https://trouble.org/?p=1227

forgot how good these are

https://www.pixiv.net/en/users/24431887

How auto-generated passwords in Sitevision leads to signing key leakage - CVE-2022-35202 https://www.shelltrail.com/research/how-auto-generated-passwords-in-sitevision-leads-to-signing-key-leakage-cve-2022-35202/

Unhacked Mattress Phones Home

https://hackaday.com/2025/02/24/unhacked-mattress-phones-home/

PSA #BinDiff for IDA 9.1+ will happen: https://github.com/google/bindiff/issues/50#issuecomment-2677767234

„For more than 20 years, we’ve been buying nothing else; our own industry has withered. We regret that the local baker, butcher, and poulterer have disappeared from the shopping street. But we never bought anything from them anymore, so it’s our own fault.“ - @bert_hubert
#cloud
https://berthub.eu/articles/posts/communicating-without-musk-and-trump-cloud-kootwijk/

How have I not heard about https://wtrace.net before?!

#ReverseEngineering #Windows

[RSS] Exploiting LibreOffice (CVE-2024-12425 and CVE-2024-12426)

https://codeanlabs.com/blog/research/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426/

#lotr #memes

The system cannot.

My RSS notified me about this interesting #ReverseEngineering tool, but when I opened the repo
- It included a README and a **.zip**
- The URL was written like this: https:\\www.exetools[.]net (surprisingly, it did even work in my browser!)

Absolutely barbaric!

A couple of weeks ago, I wanted to show a friend how to use PHP.

The `foreach` docs showed `foreach ($array as &$value) {}` as the first example and was otherwise out of date with current PHP practices as well. Using `list($a, $b)` over `[$a, $b]`, old array syntax, and so on.

So I learned how the docs work these days and sat down to fix it: https://github.com/php/doc-en/pull/4451/

Big thanks to @Girgias for the great review.

Wasn't hard, you can do it too! :)

https://www.php.net/manual/en/control-structures.foreach.php

Three questions about Apple, Encryption, and the U.K. https://blog.cryptographyengineering.com/2025/02/23/three-questions-about-apple-encryption-and-the-u-k/

台湾旅行🚥🙏
#tokyocameraclub
#東京カメラ部

I spent last night writing about the things on my site that I am the most proud of https://shellsharks.com/devlog/build-then-smile

The #IndieWeb allows us to express ourselves in many ways, through our writing, through our site aesthetics, etc... over the last 5 years+ I've built a place on the web that I really enjoy hanging out at. So for everyone out there similarly building a digital "home" on the web, remember to look back and smile at what you've accomplished!

23 February 1914 | Bernard Świerczyna was born, a Polish soldier, #Auschwitz prisoner no. 1393, one of the leaders of the resistance in the camp.

3 days before he was hanged (30 December 1944) he wrote those words inside cell 28 in the basement of Block 11 at Auschwitz I.

@noctivius "get some practice with using tools and memorizing commands" - Spot on! IME people who "grew up" with these labs are too much focused on these skills, while this is the easy part of the job. The hard part is to find where to dig.

I just read this (now deleted) question on Reddit:

"Wich One İs better Hack the box Or Try Hack me?" (sic!)

This may be unpopular, but IMO
1) Nothing beats building your own environments, as you'll learn *how* the stuff works and *why* misconfigs happen.
2) Real targets rarely have as limited attack surfaces as these lab machines. A crucial skill is to filter the data you get from initial scans (IIRC OSCP labs were more realisting in this aspect).

#TryHackMe #HackTheBox #pentest #training