bent // broken 2025: virtual fest schedule:

https://bentbrokenfest.wordpress.com/bent-broken-2025-virtual-fest-schedule/

#circuitbending festival starting in ~7 hours (if I can convert time zones correctly)

If you don’t think this administration is so incompetent or callous as not to do this, you haven’t been paying attention.

MCP Job Security Pass - LLVM Pass to save Reverse Engineers from Automation :D

https://github.com/thebabush/mcp-job-security

My father-in-law is a COBOL programmer on social security and he's basically ready to join ISIS at this point

The BlackHoodie training at @offensive_con deals with compiler backdoors and is sponsored by @hexrayssa what an honor♥️The training takes place May 15th and registration is now open https://blackhoodie.re/Offensivecon2025/

I'll be doing a speaking!

https://bird.makeup/@offensive_con/1904596974763995528

New updates to the Decompilation Wiki by harpend (on GitHub). We have a new in-depth Switch structuring section and a new Loop Reduction section.

https://decompilation.wiki/fundamentals/structuring/schema-based/switch-structuring/

Kagi empowers you to personalize your search results, allowing you to see more of what you prefer, less of what you don't, or block content entirely.

View the top domains that users create personalizations for: https://kagi.com/stats?stat=leaderboard

#Kagi #AdFree #Search

Another must-watch talk from RE//verse 2025 is live! Zion Basque challenges decompilers to step up their game and introduces a roadmap for a practical solution to solve some of the trickiest compiler behavior's to analyze. Check it out here: https://youtu.be/VP29biKLoSw

@inthehands "Safely rewriting that code would take years" is a massive understatement from Wired too.

I always give that story as an assignment to my Software Design and Development students. One of the things we talk about is that if the developer •hadn’t• managed to build the game, if the project had collapsed at any point before release, it probably would have saved the company.

The worst possible outcome here is that these DOGEbags manage to build •something• and actually think it works.

Holy shit.

Just wow, wow, holy shit:

Completely rewriting a multi-million line COBOL codebase that has life-or-death consequences for real people in the space of a few months, using gen AI?

I’ve been writing software for 40-some years, and I have to say: this may be, without exaggeration, the stupidest software-related idea I’ve ever heard from leadership.

https://www.wired.com/story/doge-rebuild-social-security-administration-cobol-benefits/

ReactOS 0.4.15 Released

https://reactos.org/project-news/reactos-0415-released/

"Now, kernel access checks are fully functional and prevent unauthorized access to system objects. As a result, the Windows kernel now works with the vast majority of modules from ReactOS."

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.

Gemini 2.5 "reasoning", no real improvement on river crossings

https://awful.systems/post/3875809

"I think chain of thought / reasoning is a fundamentally dishonest technology. At the end of the day, just like older LLMs it requires that someone solved a similar problem (either online or perhaps in a problem solution pair they generated if they do that to augment the training data)"

“Vulgar Display of Power”

https://tante.cc/2025/03/28/vulgar-display-of-power/

> It is a display of power: You as an artist, an animator, an illustrator, a writer, any creative person are powerless. We will take what we want and do what we want. Because we can.

(⁠ノ⁠｀⁠Д⁠´⁠)⁠ノ⁠彡⁠┻⁠━⁠┻
(Days without cleaning up after a "coding assistant" in the prod: 0)

https://www.androidauthority.com/google-android-development-aosp-3538503/

Here are my notes on using a Python virtual environment with IDA Pro:

https://williballenthin.com/post/using-a-virtualenv-for-idapython/

#idapro

use-after-free (maybe?) in libspf2 /by @hanno

https://www.openwall.com/lists/oss-security/2025/03/28/1

Maybe @thezdi could shed some light on CVE-2023-42118 ?