@Sempf why on earth would you nmap a cdn? you won't see the origin ports, and even at the application layer you'd only see the proxy. there may be some L7 proxy trickery or even some TCP level magic that works, but nmap is not the right tool to test those.

RE: https://infosec.exchange/@BleepingComputer/115367382398075001

Another one??

A new breed of analyzers.

And they use AI.

https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/

Frida 17.4 introduces Simmy, a new backend for Apple’s Simulators on macOS.

Spawn, attach, and instrument apps — just like on a real device. #ios #reverseengineering

If you're curious, here are 158 of Joshua's reported issues on #curl to give you an idea what we talk about.

We have manually gone trough them all and dismissed or addressed them. None of them has been deemed a security problem. Not all the PRs for the valid problems have been merged yet.

https://gist.github.com/bagder/d1fff7f0471fbbe71354048a282e098e

It took four years, but now there is spec for lock files https://snarky.ca/why-it-took-4-years-to-get-a-lock-files-specification/

[RSS] In-depth analysis and deobfuscation of Zelix KlassMaster's flow obfuscation

https://github.com/LvStrnggg/zkm-flow

[RSS] Hacking the Nokia Beacon 1 Router: UART, Command Injection, and Password Generation with Qiling

https://spaceraccoon.dev/nokia-beacon-router-uart-command-injection/

Sent from Los Gatos, California, U.S.A. on July 16, 1995. https://postcardware.net/?id=36-67

@foolishowl @danirabbit do you have an idea why they won't use Signal? It's free and easy, but I got similar responses about installing it before, never knew why.

INTERVIEW of "MB" WhereWarlocksStayUpLate:

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

You have inspired many. We are fans:⚡️🌊🎠

https://wherewarlocksstayuplate.com/interview/mohammed-bagha/

Learn Turbo Pascal - a video series originally released on VHS

https://www.youtube.com/watch?v=UOtonwG3DXM

#pascal #turbopascal #retrocomputing

The IBM System/360 machine instructions reference card #s360 #assembly #mainframe https://archive.computerhistory.org/resources/access/text/2010/05/102678081-05-01-acc.pdf

@jautero This reminds me that the Sun isn't very hot, there's just lots of it[1] :)

I think this is a reasonable stance. What I do find unreasonable are design choices that (sorry, example again) make people shovel down megabytes of code into a client-side VM to display black on white text. I don't think this would cross anyones mind 20y ago, and not only because perf constraints. But our thinking changed at some point.

[1] https://www.youtube.com/watch?v=6tu0mIpX8nU

@jautero I qouted an example and there are others in the post. Also, not even considering performance, have you ever used MS Teams and thought "hmm, that's some fine piece of software"?

Yes we are all normal here in HUMANSVILLE. We are all HUMANS of course. No need to check.

The Debugging Book

Interactive guide exploring automated debugging, testing, and program repair with Python examples for researchers and developers.

https://www.debuggingbook.org/

#Fuzzing #Testing

Fun times with Telerik UI and DoS by default (it will hit for a long time I think). Sometimes it may lead to more fun, like RCE :)
Gadgeting inspired by @pwntester Oleksandr and @stevenseeley

Blog:

https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-ajax-unsafe-reflection-cve-2025-3600

[RSS] Reverse Engineering Denuvo in Hogwarts Legacy

https://momo5502.com/posts/2025-10-03-reverse-engineering-denuvo-in-hogwarts-legacy/

[RSS] Analyzing and Breaking Defender for Endpoint's Cloud Communication

https://labs.infoguard.ch/posts/attacking_edr_part5_vulnerabilities_in_defender_for_endpoint_communication/