@joxean @wirepair I'd need something permanently online so I can ise then as CI test cases

The official @Defcon recording of HTTP/1.1 Must Die has landed - join me on the mission to help kill HTTP/1.1! https://www.youtube.com/watch?v=PUCyExOr3sE

@reynardsec What really annoys me is that some teams decide to publish a latest tag, yet they have no process for updating is, so the latest tag becomes anything but... It would be much more honest if they called it "favorite" or something that doesn't imply freshness when they don't even attempt to guarantee that.

I'm looking for publicly available reverse engineered program databases (idb, gpr, bndb, ... ), preferably for relatively small programs.

Any tips?

#ReverseEngineering

@algernon I ran some tests and you are right: LLMs are still far from reaching n-gate-level snark

@algernon Wait, could an LLM faithfully imitate n-gate?

@algernon Please, by all means! :D

@algernon I miss n-gate's webshit weekly so much :,(

Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.

Integrators should update today!

https://project-zero.issues.chromium.org/issues/428075495

Hi there! This is #nakeddiefriday again!

Today I'd like to present you one of frequent sources of pain for C64 owners, the infamous PLA. This is MOS 7700R2. They failed way too often, and considering this is custom silicon, the only option was to get another one of the same.

Many thanks to @root42 for providing this sample!

SiPron link: https://siliconprawn.org/archive/doku.php?id=infosecdj:mos:7700r2

#electronics #reverseengineering #retrocomputing

New Project Zero issue:

Dolby Unified Decoder: Out of bounds write in evolution parsing

https://project-zero.issues.chromium.org/issues/428075495

CVE-2025-54957

These kinds of issues are more common than people would expect. I remember running tcpdump in 2003 and seeing some obvious kernel data being leaked over the network. Similar to the coredump case, it's there but nobody really looks:
https://bird.makeup/users/grsecurity/statuses/1252558055629299712

How I Reversed Amazon's Kindle Web Obfuscation Because Their App Sucked https://blog.pixelmelt.dev/kindle-web-drm/

OOC: Honestly, just read this guy's explanation. It's way better than mine: https://paulkedrosky.com/weekend-reading-plus-spvs-meta-and-fiber-buildout-2-0/

@waifu 1 point because in this part of the world nobody trusts anyone with paper checks. The conclusion is that I'm essentially a teenager.

My OBTS v8 slides for Apple Compressor (part of Final Cut Pro) unauthenticated LAN RCE. No CVE? Because it’s not patched…🫣

https://github.com/ChiChou/slides/blob/b737cc3037408221217d59c8fc6b8a82706b7062/Queen%20B%200-click%20RCE%20for%20Apple%20Compressor.pdf

[RSS] Denial of Fuzzing: Rust in the Windows kernel

https://research.checkpoint.com/2025/denial-of-fuzzing-rust-in-the-windows-kernel/

(fair warning: if you are a JSF author, you better not come to punching distance of me)

"Which of course makes perfect sense when you are in the business of breaking stuff so people have to pay you for fixing it."

This is an old article, but this one sentence explains so many things!

https://dzone.com/articles/why-you-should-avoid-jsf