Kernel fuzzing on Mac with syzkaller

Guide to build a VM, add a vulnerable driver and crash it using syzkaller from macOS.

https://slava-moskvin.medium.com/fuzzing-the-kernel-with-syzkaller-part-1-setting-up-on-mac-and-crashing-a-vulnerable-driver-b2a3949ea575

#fuzzing #kernel

https://www.theregister.com/2025/12/01/infosec_news_in_brief/?td=rt-3a

switzerland has chucked microsoft out the window now too

@mainframed767 @defcon https://video.infosec.exchange needs more <3

Security product vulns are maddening but will also never not be funny to me.

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025.

https://www.cve.org/CVERecord?id=CVE-2025-10101

And another one:

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

https://www.cve.org/CVERecord?id=CVE-2025-8351

@R41N3RZUF477 the most concerning part of admin protection's design was just that UI Access seemed to not considered part of the boundary. Of the 9 bugs I reported, 5 were basically ways of getting control over a UI Access process and from there full admin. I think if you're going to break app compat anyway you might as well have done something more than UAC with bells on it.

I wasn't imagining things, Administrator Protection has indeed been pulled for now. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/administrator-protection/?tabs=intune#system-requirements

🌍Making #radare2 more portable and accessible to new audiences has been always a priority for us.

At #r2con2025, @AbhiTheModder created a web frontend for #radare2 using the webassembly builds to allow Chromebook students reverse engineer crackmes from the browser!

• Select version of r2
• Create multiple tabs
• Keyboard driven
• Analyze large binaries

This sandboxed environment is ideal for education as well as for malware analysis and the whole toolchain can be used from the commandline with wasmer.

• Try it online https://r2.revengi.in
• HTML radare2 Widget https://radareorg.github.io/r2wasm/index.html
• Source code https://github.com/radareorg/r2web
• Watch the presentation 👇

https://youtu.be/TblF4f91NnA

🎅🎁 Ho ho ho #Telco📡! 5GC Pentest Burp Suite ext under the tree! 🔐🎄 https://github.com/PentHertz/5GC_API_Pentest ✨🎉🚀 #5GSecurity

Petition in Germany to recognize unpaid contribution to free and open source software projects as 'society-beneficial volunteering' (ehrenamt)!

This will give volunteering for e.g. @postmarketOS , @freifunk , @kde , @nextcloud , @Mastodon and other libre projects the same legal status as taking care of an elderly family member or volunteering for a youth association, which provides tax benefits and relaxes requirements for receiving unemployment benefits.

Interested people may sign it using one of the two following links.

The petition in german language: https://www.openpetition.de/petition/online/anerkennung-von-open-source-arbeit-als-ehrenamt-in-deutschland#petition-main

The petition in english language: https://www.openpetition.de/petition/online/recognition-of-work-on-open-source-as-volunteering-in-germany

News article (German): https://www.heise.de/news/Petition-Open-Source-Arbeit-soll-als-Ehrenamt-gelten-11094436.html

News article (English): https://www.heise.de/en/news/Petition-Open-source-work-should-count-as-volunteer-activity-11095357.html

The petition is organized by @webvision.

If you're not a resident of Germany, go ahead and use this thread to organize similar initiatives in your country of residence.

#deutschland #foss #floss #volunteer #ehrenamt #freiwilligkeit #openSource #freeSoftware

@algernon gummy bears! (make you swallow a lot)

I had a particularly mind-numbing exchange with a chatbot today so decided to dedicate spare resources of one of my VPSs to #iocaine. I brought the domain online about an hour ago, and there are already dumb bots in the maze, continuously consuming my bandwidth and CPU.

/cc @algernon

@mattgodbolt @kouhai FTR it's https://xania.org/feed.atom

This December, I'll be posting an article & video each day until Christmas in the Advent of Compiler Optimisations! #AoCO2025

Each day we'll explore a fun optimisation in C or C++; some low-level, x86 or ARM-specific, some high-level. Hope you'll join me!

YT: https://youtube.com/mattgodbolt
Blog: https://xania.org

libmicrovmi - A cross-platform unified Virtual Machine Introspection API library

https://github.com/Wenzel/libmicrovmi

https://github.com/the-P1neapple/WinJS-Microsoft-Account-Bypass

>you can skip the forced microsoft account during setup by accessing the hidden javascript console

@crcollins unfortunately part of the problem is that the independet stores UX was simply shit as if they didn't really want my money...

Every Sora AI vid. burns 1 kW hour & emits 466 grams of carbon. The Sora 2 platform alone emits nearly a quarter of the carbon of all Meta/Facebook.

👉🏻 https://reclaimedsystems.substack.com/p/every-sora-ai-video-burns-1-kilowatt