@SecurityWriter Strong Dwayne Elizondo Mountain Dew Herbert Camacho vibes!

Narrator: "Here's how the hack actually works"
Narrator: *Not actually explaining how the hack works.*

Gotta love USA-style storytelling!

I think I should display this somewhere in a frame

https://youtu.be/My_13FXODdU?si=5l_PiCdfXbY3ohSx&t=540

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248) - watchTowr Labs https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

There are numerous times where I think "if that person simply had better aim, the world would be so very different".

But then I remember that where we are right now globally is not down to one or two evil people - but the result of rot in many social, economic, and governmental systems. The people we think are making evil choices are avatars for the system, more than individuals.

We have to fix the systems.

EDIT: They're still evil assholes. I just mean they're replacable, not unique.

Computer History IBM 1130 System Engineering 1965

https://www.youtube.com/watch?v=SNqii4Hnu9A

[RSS] Pwn everything Bounce everywhere all at once (part 2)

http://blog.quarkslab.com/pwn-everything-bounce-everywhere-all-at-once-part-2.html

New pre-auth RCE exploit chains for old SOPlanning bugs #NoCVE

[RSS] Pwn everything Bounce everywhere all at once (part 1)

http://blog.quarkslab.com/pwn-everything-bounce-everywhere-all-at-once-part-1.html

Blast from the past: new, configuration independent exploitation method of CVE-2009-1151 (pre-auth RCE in phpMyAdmin)

@codecolorist This is epic!

https://gfw.report/publications/ndss25/en/ lmao

@freddy IME a consultants (incl pentesters) are hired in large part to outsource responsibility. We all know testing can't be perfect, but if there was a test and still there was an exploited bug, you have a scapegoat.

Example: you discover 10 SQLi's, which is a lot. Dev fixes all of them bit doesn't go any further in root cause analysis. When the 11th SQLi gets exploited it will be the pentesters fault that it was not in the report, because a) people think in checkbox lists b) doing proper analysis is expensive c) the consultant is not "one of us" ...

Mildly amusing: this Aussie dude got fed up with people parking in his driveway so he installed a motion-activated sprinkler.

The swift strict memory safety proposal has been accepted: https://forums.swift.org/t/accepted-se-0458-opt-in-strict-memory-safety-checking/78116

We found out that machines performed 7% better if we trapped them in an endless loop of profound existential anguish

@lcamtuf "given the opportunity to pretend to be an AI" is genius!

This is a pretty good summary of #pentest as a profession:

https://www.reddit.com/r/Pentesting/comments/1ixoq2g/pentesting_is_the_hardest_cybersecurity/

(I don't think comparisons to other fields makes much sense though)

@yeslikethefood @raptor For some time I went to IT expos for the target trialware

[RSS] Reverse Engineering PowerPoint's XML to Build a Slide Generator

https://merlinai.framer.website/blog/ppt-generator

[RSS] Mixing up Public and Private Keys in OpenID Connect deployments

https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html

Fediverse is protecting my mental health by not showing my own posts to me again