So I didn't know, but Europe already has a backup of PubMed, the database of biomedical research publications. The US PubMed broke down over the weekend. And here is our alternative: https://europepmc.org/ #pubmed #pmc

@buherator kdnet has had support for the virtio NIC for years.

In Windows just configure kdnet as you would with any other supported NIC and, in QEMU, configure the virtual NIC as

-netdev user,id=net0 -device virtio-net,netdev=net0,disable-legacy=on

@itanium Thanks, I'll give this a shot!

🚀 New Blog & PoC Release: Abusing IDispatch for COM Object Access & PPL Injection 🚀
I've developed a PoC exploit that demonstrates an interesting bug class in COM servers implementing IDispatch, allowing indirect object creation within the target process. Specifically, by leveraging the ability to instantiate STDFONT—a legacy COM class not designed for cross-process use—I was able to achieve code injection into a Windows PPL (Protected Process Light) process. This technique enables interaction with protected processes like LSASS.
This research builds on the work of @tiraniddo who identified how COM object manipulation via IDispatch can lead to unexpected process interactions. My PoC takes this concept further by demonstrating its practical impact through registry manipulation and .NET payload execution inside PPL processes.
🔍 Blog Post: https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
💻 PoC & Source Code: https://github.com/T3nb3w/ComDotNetExploit
Key Highlights:
🔹 Exploiting IDispatch in OOP COM servers
🔹 Abusing STDFONT instantiation for process injection
🔹 Achieving code execution inside PPL and accessing LSASS
🔹 Bypassing SEC_IMAGE integrity checks
🔹 Leveraging OnlyUseLatestCLR for compatibility

I keep hearing that Sup shouldn't exist because X exists.

I made Sup to replace Snapchat and Facebook Messenger in my own friend group

I think it might be useful to other friend groups or families too, being that you can join with an email or Pixelfed/Loops or Mastodon account

Not only that, but Sup will be modular, allowing for rich integration with pretty much any other chat platform (Signal, Matrix, Delta, etc)

It's like Beeper, but federated and open source. 🚀

#sup #supApp #supMessenger

[RSS] A Series of io_uring pbuf Vulnerabilities

https://u1f383.github.io/linux/2025/03/02/a-series-of-io_uring-pbuf-vulnerabilities.html

CVE-2024-0582, CVE-2024-35880, ???

Hi! The slides for my talk today at RE//verse 2025 (@REverseConf), "Reconstructing Rust Types: A Practical Guide for Reverse Engineers", are now published: https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025

It's been great to catch up with so many folks - if you're at the conference, come by and say hi!

The presentation was recorded, and the video will be published at a future date!

#reverseengineering #rust #rustlang #malware #infosec #REverse2025

@randahl no Liechtenshaming, please!

This is the most important comment I have heard this week — Poland’s Prime Minister Donald Tusk:

“500 million Europeans are asking 300 million Americans to defend them against 140 million Russians […] Europe, if there is something we lack today, it is not economic or demographic power, but the belief that we are truly a global force.”

I think Tusk hits the bullseye here. Those 140 million Russians are already fully occupied by fighting Ukraine, and our leaders act like we are Liechtenstein.

If you are looking for my slides from my Reverse talk, you can find it and useful artifacts here: https://github.com/mahaloz/talks/tree/main/2025/REverse_SAILR

Framework Desktop: It's not a $3k 1Petaflop 128k Blackwell DIGITS, but it does have Strix Halo/Ryzen AI Max+ 395 unified memory(DDR5x tho) with a 256 wide bus soldered memory on the board - capability that would cost $6k in a Macbook for $2k.

New Framework desktop, engineering sample torn down by iFixit - skip to 7:20.

https://www.youtube.com/watch?v=5mGzEsRM3hs&t=553s

@cR0w Oooh this one looks juicy! Like auth bypass for the thing that stores *everything*?

There is one democratic leader in this. The rest are Putin's fascist henchmen.

To the Swedish and French governments, and to all politicians who believe that they can stop data from ending up in the wrong hands with rules and restrictions: don’t be naive.

"depending on the context "1 in 4" also means 'Guaranteed'" - https://bird.makeup/users/gf_256/statuses/1895366648628158503

Sadly gf_256 is not near here, but this is basically the idea behind the the Probabilistic Method in mathematics :)

https://en.wikipedia.org/wiki/Probabilistic_method

The thing about computer virus detection is once you get deep enough into industry you realize programmers write everything to look like a virus that's going to break the computer.

I'd celebrate #Skype's death with champagne if it wasn't ditched for #!&% teams (yes, lowercase!)

Instead let us enjoy this 2011 presentation about Skype's anti-debug tricks:

https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf

The end of Skype. It was pretty good until Micro$oft bought it. https://www.nytimes.com/2025/02/28/technology/microsoft-skype-shutting-down.html

I used the Mastodon client hosted at brutaldon.org to connect to infosec.exchange with the elinks browser - the UI is...not great, but I guess it's just my terminal vs the default elinks configs :D

Anyway, you can ditch your uncool, sellout browsers and experience the Fediverse truly freely!

@cR0w You don't need to spin up a server, they have a hosted instance that can connect to infosec.exchange as a client, will post a screenshot in a sec :D