Posts
2513Following
650Followers
1472
repeated
Tim Blazytko
mr_phrazer@bird.makeup
The slides from our @reconmtl talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolodev), are now online!
Slides: https://synthesis.to/presentations/recon25_mba_obfuscation.pdf
Plugin: https://github.com/mrphrazer/obfuscation_analysis
0
2
0
repeated
Tim (Wadhwa-)Brown 
timb_machine@infosec.exchange
Interesting Git repos of the week:
Detection:
* https://github.com/telekom-security/tpotce - have some honey
Exploitation:
* https://github.com/tlsfuzzer/tlsfuzzer - fuzz TLS
* https://github.com/ShawnDEvans/smbmap - map SMB shares
* https://github.com/nccgroup/fuzzowski - another nice fuzzer
Data:
* https://github.com/sneakers-the-rat/gpu-free-ai - the AI implementation you don't want to use!
0
3
0
repeated
Again with the showing Bill how wrong he was when he said memory interference flaws were just theoretical.
https://www.securityweek.com/rowhammer-attack-demonstrated-against-nvidia-gpu/
1
2
0
repeated
repeated
catsynth / amanda c
catsynth@mstdn.socialNew Daily Disc! #Kraftwerk: Computer World 😻🎹 💿 https://youtube.com/shorts/w5xbsBiBCcc?feature=share
0
1
0
repeated
Meredith Whittaker
Mer__edith@mastodon.worldYes, I did sound the alarm on agentic AI's privacy threat, and rightly so.
https://observer.com/2025/07/signal-meredith-whittaker-agentic-ai-risk/
2
16
0
repeated
buherator
buheratorhttps://www.atredis.com/blog/2025/7/7/uncovering-privilege-escalation-bugs-in-lenovo-vantage
0
0
1
buherator
buheratorSummary post of vulnerabilities disclosed by Cisco Talos
https://blog.talosintelligence.com/asus-and-adobe-vulnerabilities/
0
0
1
buherator
buheratorhttps://github.blog/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
0
0
1
buherator
buheratorhttps://starlabs.sg/blog/2025/07-fooling-the-sandbox-a-chrome-atic-escape/
0
0
2
buherator
buheratorhttps://www.synacktiv.com/en/publications/let-me-cook-you-a-vulnerability-exploiting-the-thermomix-tm5
0
1
1
repeated
0patch
0patch@infosec.exchangeMicropatches Released for "WSPCoerce" Coerced Authentication via Windows Search Protocol (NO CVE/WONTFIX) https://blog.0patch.com/2025/07/micropatches-released-for-wspcoerce.html
1
3
0
buherator
buheratorhttps://blog.exploits.club/exploits-club-weekly-newsletter-79-lenovo-lpes-whatsapp-vulns-forgotten-syzkaller-bugs-and-more/
0
0
1
repeated
Jon Greig
jgreig@ioc.exchangeIn a rare move, CISA gave federal agencies just one day to patch Citrix Netscaler bug CVE-2025-5777
Patch ASAP #CitrixBleed2 #2Citrix2Bloody
https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
0
3
0
repeated
/r/netsec
_r_netsec@infosec.exchangePre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257
0
3
0
repeated
daniel:// stenberg://
bagder@mastodon.socialIt has officially begun. The CRA info request counter is no longer at zero.
25
18
0
repeated
The Seven Voyages Of Steve
sinbad@mastodon.gamedev.placeIt makes me laugh/cry that we spent decades trying to get the software industry to internalise that it takes far more effort to support & maintain systems than it does to write them in the first place, and yet seemingly every trendy development in the last 5-10 years has been about making that initial stage faster & sloppier at the expense of everything else
5
12
0