Presenting "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at RECON Montreal 2025!
Sharing research on discovering Rust dependencies in compiled binaries.
See you there! 🚀
#RECON2025 #RustLang #ReverseEngineering

RUMOURS are TRUE 🤷‍♀️

PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈
at https://www.offensivecon.org/
BERLIN ("The 𞅀-Day Edition").

Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️

As of recently, we also invite past, present and future bug hunters to submit proposals for guest blog posts on our team blog.

https://attackanddefense.dev/about/#guest-blog-posts

If you've discovered a potential vulnerability in Firefox, please see our way to get rewarded for your work. We do not require exploits. Just a bug description is enough.

Of course, we reward and encourage sending us more details (PoC, detailed report, regression range, potential fix). But to qualify for a bug bounty, all you need is a bug.

Please check our bounty FAQ at https://www.mozilla.org/en-US/security/bug-bounty/faq/

If you've discovered vulnerabilities in major browsers like Chrome, Safari, or Firefox, our program offers a fast, efficient way to get rewarded for your work. We focus exclusively on browsers with a large market share, ensuring your findings have real impact.

Our process is designed for efficiency—eliminating the usual delays and bureaucratic hurdles. You can submit vulnerabilities in minutes, receive detailed feedback within 72 hours, and be compensated with quick payouts within 15 days after validation.

We handle the full disclosure process, including vendor communications and paperwork, so you can focus on what matters: your research. Plus, you can maintain anonymity while receiving fair compensation for your contributions.

Check out the list of supported browsers and get started here: https://ssd-disclosure.com/product-index/

[RSS] Symbol Database for Reverse Engineers

https://symbol.exchange/grep?q=apr_

#ReverseEngineering

UVB-76 operator talking with a pirate - YouTube
https://www.youtube.com/watch?v=jKrNyPnTucQ

@Remittancegirl "Adversity sparks initiative." - Love this!

"Your call is so important to us, we have fired all the humans and replaced them with a terrible automated system that cannot understand you.

Please hold while we pay our executives another bonus for some reason.

Did you know you can use the Internet to discover our website can't answer your question?"

That SAP NetWeaver bug is pretty ouchy:

https://x.com/gothburz/status/1915755189019017411

#sap, #threatintel

Sent by Remington from Seattle, Washington, U.S.A. on October 16, 1995. https://postcardware.net/?id=27-70

this seems fun
https://www.fixbrowser.org/blog/fixproxy

"Back in 2018, [hyp3rlinx] reported a '.library-ms' File NTLM information disclosure vulnerability [...] this security flaw was finally deemed important by Microsoft and it received CVE-2025-24054"

https://seclists.org/fulldisclosure/2025/Apr/28

Original post:
https://web.archive.org/web/20190106181024/https://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.LIBRARY-MS-FILETYPE-INFORMATION-DISCLOSURE.txt

It's kinda been raised, but its nuts that (according to Mandiant/M-Trends) in 2025:

- vulnerabilities/exploits are the most frequently observed initial vector;

- the top 4 exploited vulns belong to security vendors.

What are we doing here? 🤯😱

Understanding the classical model for linking series by Raymond Chen

The algorithm:
https://devblogs.microsoft.com/oldnewthing/20130107-00/?p=5633

You can override an LIB with another LIB, and a LIB with an OBJ, but you can’t override an OBJ:
https://devblogs.microsoft.com/oldnewthing/20130109-00/?p=5613

Using the classical model for linking to provide unit test overrides:
https://devblogs.microsoft.com/oldnewthing/20250416-00/?p=111077

@kaaswe For example writing a CV not only is required to get you a job but also writing one can give you an overview about your skills and achievements that can guide you where to apply in the first place. From an employer standpoint this gives confidence that the candidate won't change their mind and quit after 6 months. Examples from the line of work may be even more important: working through implementing a simple script (instead of quickly generating it with an LLM) can give you ideas about what the hard parts of the problem are, lead to more generic solutions, help when debugging other people's code etc...

@kaaswe IMO it's more of a problem of the general approach to problems optimizing for minimal investment (which usually results in not even considering what other goals there can be).

@radareorg TIL thanks!

@radareorg what is " m' navigation workflow" (other than something that's impossible to google for)?

“Going to the cloud” can mean renting services/servers that you could get from anywhere. There’s little lock-in. The same four words “going to the cloud” might also mean locking your operations to a specific cloud provider, forever. This difference is vital, yet often ignored: https://berthub.eu/articles/posts/beware-cloud-is-part-of-the-software/