@mttaggart The stories title says that "[attacker] don't care about your endpoint security" which is simply not true (a lie, if you like). Stating (not suggesting) that EDR will not be effective not effective on other hosts when disabled on the pivot point is also a lie.

I absolutely agree with *your* comment, but this is just bad journalism transforming expert opinion into clickbait bullshit.

@mttaggart I've read the story, but many visitors don't. Of course if you've ever had to bypass an EDR you'll get the gist, but if you are an average reader (this is The Register, not some hacker zine) these falsehoods added by the journalist will mislead you.

@mttaggart As much as I like to bash endpoint security the title is a gross oversimplification of the problem: EDR is very much in the way while you 1. gain initial access 2. elevate your privileges 3. load a malicious kernel driver. And even after this you pwn'd 1 machine, and EDR is active on most lateral movement targets (I'd be also very interested in how "abuse this [local] kernel-level access to move laterally within the network" could be implemented in practice...).

Hi, I'm your favorite security vendor, welcome to...

"printer on fire" thread by @lauriewired unrolled from the other site:

https://threadreaderapp.com/thread/1956498902443827574.html

lp0 is a Linux error code that means “printer on fire.”

It’s not a joke. In the 50s, computerized printing was an experimental field.

At LLNL (yes, the nuclear testing site), cathode ray tubes created a xerographic printer.

...it would occasionally catch fire.

Fun fact: the #Ghidra API is quite consistent in naming methods according to the data types they accept/return, but HighVariables are returned from Varnodes via getHigh()

hashcat v7.1.0 released!

This update includes important bug fixes, new features, and support for new hash-modes, including KeePass with Argon2.

Read the full write-up here: https://hashcat.net/forum/thread-13353.html

A sad day indeed - the original Rick Roll video has finally been taken down from YouTube from a copyright claim.
https://www.youtube.com/watch?v=dQw4w9WgXcQ

@wolf480pl Just define it as a macro called theta_one or something, it'll be fine

I uploaded the updated generator script here:

https://github.com/v-p-b/phrackgen

@schrotthaufen Maybe! Is it a Linux-based thingy? Does it use X11/Wayland?

On a related note: is there a window manager/theme/config/??? that is optimized for #eInk screens?

I guess high a contrast theme, minimal animation/tiling would be essential, but I expect many little problems to solve along the way.

#Linux #OSS

Can't read LED screens on the beach so I spent some time hacking on @albinowax's old Perl script and made single-file e-books of all Phrack issues, ICYMI:

https://scrapco.de/dataslate/phrack/

(Will probably update when 72 comes out)

Liberating a Collapsible Chair from a Single Piece of Wood

https://hackaday.com/2025/08/15/liberating-a-collapsible-chair-from-a-single-piece-of-wood/

I wish watchTwr Labs was on mastodon, their blog posts are always amazing.
Today's about a Fortinet vulnerability:
https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/

squirrels always act and look like its their first day being a squirrel

finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) https://exploits.forsale/pwn2own-2024/

Following the method demonstrated by @yarden_shafir in "Your Mitigations Are My Opportunities", this implementation automates adding a driver to the HvciDisallowedImages registry entry, ensuring it will be blocked from loading after the next reboot.

https://github.com/unkvolism/Solemn

@nina_kali_nina @stevelord @kagihq @yvan What line do you draw for cheating? TBF I don't know how ranking to the sidebar works here, but given the complexity of the problem I'm fine with any "cheats" as long as I get the results relevant to my query - my problem with adtech engines was that they actively worked against me.