Posts
2606
Following
625
Followers
1389
"I'm interested in all kinds of astronomy."
[RSS] Time Travel Analysis for fuzzing crash analysis

https://eshard.com/posts/back-to-the-crash

Accidental timing: this one from eShard is different from my previous #TimeTravelDebugging post!
0
1
5
repeated

Time Travel Analysis with a full-system android emulator gives you the full picture.

But if you're just looking at one part of an app, a lighter method can be enough.

Here’s how we used Frida to do it: https://eshard.com/posts/frida-tracer-lightweight-time-travel-analysis

0
2
1
repeated
Edited 10 days ago

I wanted to quickly explain why, school kids should learn markdown instead of MS Office, and ended up writing a major Epos on Markdown vs obsolete writing formats:

https://ia.net/topics/markdown-and-the-slow-fade-of-the-formatting-fetish

This is, I kid you not, about 1/6th of what I wrote. I'll publish the rest later.

13
13
0
repeated

We're pleased to announce that folks can now contribute financially to the project through GitHub Sponsors! πŸŽ‰

https://github.com/sponsors/AsahiLinux

1
4
0
repeated
repeated

"Then CSS came along, it was a fucking miracle." β€” https://eev.ee/blog/2020/02/01/old-css-new-css/

learned at least 7 different things about the web from this post

0
10
0
@froge @hacks4pancakes It depends how you define the "market". If you have pentests/a SOC solely because they're regulatory requirements, your perfect provider is one with a gang of amateurs working for peanuts. It's not only cheaper than the alternative, but you won't even have to deal with non-trivial vulnerabilities/alerts!

(Yes, there are is such a market.)
0
0
1
repeated
Edited 11 days ago

"Each man thought: one of the others is bound to say something soon, some protest and then I will murmur agreement, not actually say anything. I am not as stupid as that, but definitely murmur very firmly, so that the others will be in no doubt that I thoroughly disapprove, because at a time like this it behooves all decent men to nearly stand up and be almost heard. But no one said anything. The cowards, each man thought."

Terry Pratchett - Guards, Guards.

0
3
0
@hacks4pancakes "none of the jobs I just named are the typical entry level tracks of 'junior pen tester' and 'SOC analyst'"

I can only talk about pentesting but my stance has for long been that pentesting shouldn't have been an entry level position in the first place. Inviting people to this path with 0 experience in dev or ops is a scam that has long-term negative effects on the industry as a whole.
2
1
6
repeated
Edited 10 days ago

Hello friends. The dreaded and long awaiting blog on WHAT THE FUCK HAPPENED TO THE CYBERSECURITY JOBS MARKET has arrived.

https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/

I'm sorry.

18
20
0
@wdormann @cy @cR0w I'm not saying pw guessing is not in the picture, but metadata can be a good prefilter (and also something to count with when testing).
1
0
1
repeated

I enjoyed this idea that authoritarian states are more like the movie Brazil than the book 1984 - because authoritarianism breeds incompetence.

https://observer.com/2025/02/terry-gilliams-brazil-at-40-more-prescient-than-orwell/

1
4
0
repeated
repeated

oh fuck, val kilmer is dead

4
3
0
@wdormann @cy @cR0w Not sure this came up while I was sleeping, but regular ZIP archives don't encrypt metadata (file names) so "trying to send an executable in a pw protected archive" may be grounds for a block too.
1
0
1
This follow-up to CVE-2024-57882 by Solar Designer also worth reading:

https://seclists.org/oss-sec/2025/q2/3

"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."

"net.mptcp.enabled can be set from inside an unprivileged net namespace"
0
0
3
"bribing a senator with a 9-letter name will alter the last letter in their name on their subsequent appearances"

https://banyaszvonat.github.io/breaking-videogames/2025/03/30/off-by-one-or-is-it-two.html

#gamehacking #Disgaea
0
1
1
@GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks!
1
0
2
repeated
Show older