@disconnect3d The chosen implementation also depends on the copy size, right?

@disconnect3d https://github.com/v-p-b/reversing-memcpy-again

A call to memcpy() in a single binary that uses glibc may behave in 12 different ways depending on the features of the specific x86-64 CPU you run it on.

Here is a list of those impls in glibc:

https://github.com/bminor/glibc/blob/12a497c716f0a06be5946cabb8c3ec22a079771e/sysdeps/x86_64/multiarch/ifunc-impl-list.c#L1174-L1218

Fwiw this may matter a lot during binary exploitation. This was important in a challenge from PlaidCTF 2025. E.g. passing a negative (or: very huge) length allowed you to write past a buffer without a crash (the given implementation was not doing a wild copy).

#linux #binaryexploitation #ctf

Hardening the Firefox Frontend with Content Security Policies
https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html

This meeting could have been a nap.

Here’s the #Ghidriff output for CLFS.sys 10.0.20348.3328 vs. 10.0.20348.3453, likely corresponding to the CVE-2025-29824 use-after-free LPE:

https://gist.github.com/v-p-b/8c43fb8e0d72814dcd03764d478622ce

[RSS] The SQL Server Crypto Detour

https://posts.specterops.io/the-sql-server-crypto-detour-5ff9ac7033de?source=rss----f05f8696e3cc---4

[RSS] The April 2025 Security Update Review

https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review

[RSS] A small bug in the signature verification of AOSP OTA packages

http://blog.quarkslab.com/aosp_ota_signature_bug.html

[RSS] Enter the IBM z17 mainframe with Telum II (more clues for Power11?)

https://www.talospace.com/2025/04/enter-ibm-z17-mainframe-with-telum-ii.html

Announce: OpenSSH 10.0 released

https://www.openwall.com/lists/oss-security/2025/04/09/1

Oh is it time for another Fortinet crit again? Unauthenticated admin password change in FortiSwitch.

CVE-2024-48887, CVSSv3 9.3

https://fortiguard.fortinet.com/psirt/FG-IR-24-435

#CVE #ThreatIntel

@rickoooooo @GossiTheDog @sadarex Thanks, this is a great resource: I think the main point here is that it was the Secretary of Defense, and two USIP board members who "fired" Moose (see the linked letter on X). Whether they had the authority to do that is disputed, but nobody even claims DOGE has any authority in this case, they just showed up like flies around a carcass.

Amazingly, DOGE seems to be a meme: their power is that people assume they have power (note that the top article doesn't even mention DOGE).

@FreeinTX @GossiTheDog @sadarex My question is if DOGE in particular in charge of any budget that is supposed to finance CISA?

@HalvarFlake one for you: Skyper / TESO on Where Warlocks Stay Up Late - Episode 4 "Eduart Steiner aka Skyper" https://www.youtube.com/watch?v=sQVLniT9CDY

“Seniors also recognize that understanding problems isn’t just coming up with an algorithm. It’s understanding who wants the problem solved, why they want it solved, who’s paying for the problem to be solved, what parts of the problem have already been solved, what different kinds of solutions are possible, whether those solutions can be scaled or extended—and much more.”

https://www.oreilly.com/radar/seniors-and-juniors/

Weaponizing DCOM for NTLM Authentication Coercions https://github.com/xforcered/RemoteMonologue

@orhun @ratatui_rs boosting for the name!

Debugging in the terminal isn't difficult anymore 🔥

🛠️ Meet **heretek** — A gdb TUI dashboard

🐛 Supports viewing stack, registers, instructions, hexdump & more!

🚀 Works with remote targets seamlessly (no gdbserver!)

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/wcampbell0x2a/heretek

#rustlang #ratatui #tui #gdb #debugging #terminal #linux #commandline

Wisdom of the Pentium-M Man

#unix_surrealism #comic #penguin #ai #technomage