"You possessive apostrophe!" - sounds like a great insult!

𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝗹𝗶𝘃𝗲 𝘄𝗲𝗯𝗶𝗻𝗮𝗿 𝗼𝗻 𝗠𝗮𝗿𝗰𝗵 𝟲𝘁𝗵!
Discover how to eliminate debugging inefficiencies and accelerate vulnerability research with time travel analysis.

Register now 👇
https://www.linkedin.com/events/exploitingaroutervulnerabilityw7299810055170805761/

#cybersecurity #webinar #vulnerability #malware #reverseengineering

[RSS] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit

https://icode4.coffee/?p=1081

[RSS] ENOMEM In Linux Kernel

https://u1f383.github.io/linux/2025/03/04/enomem-in-linux-kernel.html

"In this article, I will explore the feasibility of precisely managing memory usage within the Linux kernel" CVE-2023-2236

I wonder what the person who took that famous photo of the Doge Shiba Inu makes of all this now?

dae69e7cae50e60bb184359e5e4a3a91fb7045378fdd0be36a043e9634c5b952

High level diff of iOS 18.4beta1 vs iOS18.4beta2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_4_22E5200s__vs_18_4_22E5216h/README.md

@cR0w Thank you!

@cR0w context please?

Adapt to removal of Windows Arm32 .NET debugging

> .NET support for Windows on Arm32 has ended. Debugging support for this platform will be removed from Visual Studio 2022 starting with the 17.14 update.

https://learn.microsoft.com/en-us/visualstudio/debugger/adapt-to-removal-of-windows-arm32-dotnet-debugging?view=vs-2022

I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!

These five stood out among the 352 CVEs actively discussed across the Fediverse.

For each CVE, I’ve included a standout post from the community.

Enjoy exploring! 👇

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd

Listen, I'm not going to pretend that I'm even remotely surprised, but I will tell you that this is a slap in the face to every person in the infosec community that has worked to track and thwart Russian APTs for the last several decades.

https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security

Happy #303day to all who celebrate.

It took me a whole year to finally upload last year's jam...

https://music.axwax.eu/axwax-303-day-2024/

#MyMusic #BonkWaveAdjacent

today, i have IP-blocked the entirety of alibaba cloud’s IPv4 range (47.80.0.0/13, 47.74.0.0/15, 47.76.0.0/14). And you could ask - domi, what the hell, that’s kinda sorta a lot of addresses?

fucking watch this: that’s sakamoto Mk5, my Ryzen 9 7950X3D server. Never before have I seen forgejo taking this much CPU.

They’ve generated 9GB of access logs (!) and 230GB of generated tarballs (!!!) before I got to my laptop, investigated and ip-banned them. I’m positive that most forgejo deployments in existence wouldn’t survive this.

If you needed another reason to fuck generative AI today - here’s one

So I didn't know, but Europe already has a backup of PubMed, the database of biomedical research publications. The US PubMed broke down over the weekend. And here is our alternative: https://europepmc.org/ #pubmed #pmc

@buherator kdnet has had support for the virtio NIC for years.

In Windows just configure kdnet as you would with any other supported NIC and, in QEMU, configure the virtual NIC as

-netdev user,id=net0 -device virtio-net,netdev=net0,disable-legacy=on

@itanium Thanks, I'll give this a shot!

🚀 New Blog & PoC Release: Abusing IDispatch for COM Object Access & PPL Injection 🚀
I've developed a PoC exploit that demonstrates an interesting bug class in COM servers implementing IDispatch, allowing indirect object creation within the target process. Specifically, by leveraging the ability to instantiate STDFONT—a legacy COM class not designed for cross-process use—I was able to achieve code injection into a Windows PPL (Protected Process Light) process. This technique enables interaction with protected processes like LSASS.
This research builds on the work of @tiraniddo who identified how COM object manipulation via IDispatch can lead to unexpected process interactions. My PoC takes this concept further by demonstrating its practical impact through registry manipulation and .NET payload execution inside PPL processes.
🔍 Blog Post: https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
💻 PoC & Source Code: https://github.com/T3nb3w/ComDotNetExploit
Key Highlights:
🔹 Exploiting IDispatch in OOP COM servers
🔹 Abusing STDFONT instantiation for process injection
🔹 Achieving code execution inside PPL and accessing LSASS
🔹 Bypassing SEC_IMAGE integrity checks
🔹 Leveraging OnlyUseLatestCLR for compatibility

I keep hearing that Sup shouldn't exist because X exists.

I made Sup to replace Snapchat and Facebook Messenger in my own friend group

I think it might be useful to other friend groups or families too, being that you can join with an email or Pixelfed/Loops or Mastodon account

Not only that, but Sup will be modular, allowing for rich integration with pretty much any other chat platform (Signal, Matrix, Delta, etc)

It's like Beeper, but federated and open source. 🚀

#sup #supApp #supMessenger

[RSS] A Series of io_uring pbuf Vulnerabilities

https://u1f383.github.io/linux/2025/03/02/a-series-of-io_uring-pbuf-vulnerabilities.html

CVE-2024-0582, CVE-2024-35880, ???