This was a fun one :)

https://github.com/Binary-Gecko/ekoparty2024_challenge

There was a short period of time in history when people would unironically say "why are you asking me, go ahead and google it."
(See also: LMFGTFY)

And now we are going back to "for the love of god don't google it, ask an expert instead."

#AI #internet #DumbestTimeline

10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store!

I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order.

🧵👇

@tib3rius Piper of course: https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e

@thezdi Ugh, good luck!

In this behind the scenes look at #Pwn2Own Berlin, Zed and Dustin have run into an interesting problem - no gear! https://youtube.com/shorts/Xj9Du8iuXCw?feature=share

We have a CI job to spot unwanted utf8 letters in #curl PRs as we have noticed that GitHub will gladly show the for example (identical) Cyrillic version of a letter next to the Latin version in a diff and it is yes, entirely impossible for a human to spot the diff. I mean the diff is shown, but the significance of it is not.

Changing just a single letter like that in a URL hostname opens up for a world of grief.

my bank, deutsche bank, is serving a *revoked* tls certificate on their website db.com.

the mind reels at this level of incompetence.

https://www.ssllabs.com/ssltest/analyze.html?d=db.com

Soundcloud claims the right to train AI on your songs — but swears it hasn’t yet, honest

https://pivot-to-ai.com/2025/05/11/soundcloud-claims-the-right-to-train-ai-on-your-uploaded-music-but-swears-it-hasnt-yet-honest/ - text
https://www.youtube.com/watch?v=Cwg2TiF2Arg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

so i wrote another program for the IBM 1401 computer this past week. i wrote what it does on the card, but can you figure out how it works? the program is

,008015,022029,036043,048056,061066,070074U%U2MM%U2070WU%U2BB048B.048DATA⯒

that last little character is special!

You noticed how google search became unusably shit a few years ago?
Turns out that was on purpose

Men will literally build Kubernetes Cluster cluster at home instead of going to therapy ....

New assessment for topic: CVE-2024-58136

Topic description: "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. ..."

"On the April 9 2025, Yii released an advisory warning that Yii framework versions before `2.0.52` were susceptible to Unsafe Reflection, with this CVE essentially a patch bypass of `CVE-2024-4990` ..."

Link: https://attackerkb.com/assessments/e6d2c5ff-8653-41a3-acf1-882330960fe1

I'm watching this video on Cisco Aironet wireless bridges and the serial interface on them is wild.
It's a /text-mode browser/, pointed at its internal web interface!

https://youtu.be/a5HMiZRuBko

@jschauma Correct answers grant you points in tests. Seeking help (e.g. from the student taking the test next to you) is penalized as cheating. It seems different expectations have to be communicated very clearly and often to get through...

Students not merely cheating with, but utterly relying on AI in "a society that treats schooling as [nothing more than] a means to a high-paying job" is deeply concerning as AI may actually make you dumber:

"research shows that when students off-load cognitive duties onto chatbots, their capacity for memory, problem-solving, and creativity could suffer. Multiple studies published within the past year have linked AI usage with a deterioration in critical-thinking skills"

https://www.msn.com/en-us/news/technology/everyone-is-cheating-their-way-through-college/ar-AA1EjCRk

@Howard My son struggled with the mechanics too so I impulse-bought the cheapest light plastic knock-off at a local grocery store (for ~2 EUR IIRC?), and he loves it. It looks like the one on the picture (note the curved tiles), but I think the photo is of an actual professional one.

@bestdeadends They probably signal prosperity. With those nuts and bolts in Eastern-Europe the whole bench would be stolen in a blink of an eye.

Glad to report that binaryninja-docker still works with Binary Ninja 5.x in case you are on older glibc (or other dependency):

https://github.com/v-p-b/binaryninja-docker

BlackHoodie will be back at @reconmtl this year ☺️ It'll be two days of Breaking Down Binaries: Introduction to Reverse Engineering & Malware Analysis by Christina Johns and @sud0suw, registration is now open https://blackhoodie.re/recon/