I have a question for people who understand COMPILERS.

So the cross-platform standard for storing symbol information seems to be DWARF.

Are there limitations on what kinds of systems one can generate DWARF files for? Say I'm targeting an exotic platform— generating an NES ROM or making a compiler for an 8-bit microcomputer. Can I just haul off and make a DWARF for that? Would existing retrocomputing tooling, like I don't know if there are existing NES debuggers, support loading such a DWARF?

Made a proof-of-concept for CVE-2024-53104 (the USB webcam overflow). Causes a kernel oops for a read of 0x0041414141414141:

https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py https://gist.github.com/zhuowei/e489b14c3fdb807cb964d105521fb354

I followed Amnesty International’s analysis from https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/ and made an emulated USB device with raw-gadget and Facedancer. It worked on the first try, at least in my virtual machine/virtual USB port…

Learning Linux Kernel Modules Using COM Binary Support

https://hackaday.com/2025/04/13/learning-linux-kernel-modules-using-com-binary-support/

🚨 Calling all Chromium developers and fans! 🚨

Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.

Contribute to repos like chromium, v8, Skia, and more!
🖥️ Payment via GitHub Sponsors.

Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md

#Chromium #BugBounty #OpenSource #DeveloperCommunity

Why 40,000 People Die for Every 1% Increase in Unemployment - The Big Short

https://www.youtube.com/watch?v=_XgU6ZT1QDk

Companies are refusing to hire or even laying off plumbers because hucksters backed by massive unicorn-chasing investment money told them they can build plumbing faster and cheaper out of cardboard.

A few years from now, there’s going to be a hell of a market for people who can replace cardboard toilets with real ones.

And also for people who can replace carpets. And walls and floors.

This is a post about LLM-generated code.

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 004f2a10

tls_post_process_client_hello

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=light

We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab in partnership with @ostifofficial and commissioned by the @sovtechfund.

Learn more: https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/

DECORE posted some ADCS magic but I couldn’t yet figure out how to switch language o.O

https://devco.re/blog/2025/04/10/taking-over-the-entire-domain-in-minutes-what-have-you-overlooked-in-active-directory/

Edit: This doesn’t seem like anything Earth-shattering, but a nice summary of state of ADCS security (spoiler: it is bad)

TIL PHP OpCache has a Lua interpreter embedded o.O

https://github.com/php/php-src/blob/master/ext/opcache/jit/ir/dynasm/minilua.c

After installing April's updates, Windows 10 and 11 systems now have an empty C:\inetpub directory.

This seems... unexpected?

🚨 New advisory was just published! 🚨

A critical Remote Code Execution (RCE) vulnerability has been discovered in Calix. This vulnerability arises due to improper sanitation of user input in a CWMP (CPE WAN Management Protocol) service. Exploiting this flaw allows an attacker to execute arbitrary system commands with root privileges, leading to full system compromise: https://ssd-disclosure.com/ssd-advisory-calix-pre-auth-rce/

I just published a post on my blog about the IBM i 7.6 announcement - enjoy!

https://www.ibmi4ever.com/posts/20250409-ibmi-76-has-been-announced/

#IBMi #ACS

Static Analysis via Lifted PHP (Zend) Bytecode | Eptalights https://eptalights.com/blog/04-php-support