Day 13 of Advent of Compiler Optimisations!

You're calling a function inside a loop, but its result never changes between iterations. Does the compiler spot this and hoist it out? Turns out the answer depends on which compiler you use! Clang pulls off the optimisation beautifully, but gcc stumbles—even with explicit hints. What's going on?

Read more: https://xania.org/202512/13-licking-licm
Watch: https://youtu.be/dIwaqJG0WDo

#AoCO2025

Can anyone test my *SMALLEST* SSHD backdoor?

- Survives updates.
- Does not use ~/.ssh/authorized_keys or PAM modules.
- Does not create any new file.

Just SSHD trickery.

Source at https://thc.org/tips

I published an #IDA importer for the REShare #ReverseEngineering exchange format:

https://github.com/v-p-b/reshare-ida

I also wrote up my development experiences, incl. tips for IDA's type info API:

REshare Ramblings - Bad Vibes with IDA
https://scrapco.de/blog/reshare-ramblings-bad-vibes-with-ida.html

I'm still looking for contributors, esp. on the #radare2 and #BinaryNinja side!

[RSS] A look at an Android ITW DNG exploit

https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html

Interesting links of the week:

Strategy:

* https://www.ofcom.org.uk/siteassets/resources/documents/consultations/7986-cfi-security-resilience/annexes/detica-report.pdf?v=334114 - the start of OFCOM's journey to improve telecomms (from 2013)
* https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far - sometimes it's okay for NCSC to be deceptive
* https://arxiv.org/pdf/2512.03641 - modelling adversary decisions
* https://www.ncsc.gov.uk/blog-post/what-makes-a-responsible-cyber-actor - NCSC discuss responsible threat actors
* https://www.interface-eu.org/publications/cyber-red-flags - just what makes an irresponsible threat actor
* https://www.csis.org/analysis/criteria-cyber-situational-awareness - what does situational awareness mean in cyber
* https://www.redteammaturity.com/ - a maturity model for red teams
* https://redteam.guide/ - a handy guide to red team capability
* https://engage.mitre.org/ - if ATT&CK is operational, where do you start with forward planning your operational capability

Standards:

* https://www.rfc-editor.org/rfc/rfc6918.html - deprecating the fun bits of ICMP

Threats:

* https://medium.com/@meeswicky1100/unmasking-a-new-dprk-front-company-dredsoftlabs-bf9ed544d690 - beware of DredSoftLabs, a North Korean enterprise
* https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/ - CrowdStrikes latest missive on naughty pandas

Detection:

* https://api.gcforum.org/api/files/public/upload/c77233d5-139d-4fbd-a1a4-793a6f29916b_STC-report.pdf - spotting spoofed callers

Exploitation:

* https://scrapco.de/ - fun projects from @buherator
* https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/ - spoofing the printer
* https://zplin.me/papers/GREBE.pdf - deep dive on Linux kernel bugs and exploitability
* https://faith2dxy.xyz/2025-11-28/extending_race_window_fallocate/ - winning races with the Linux kernel

Hard hacks:

* https://ioninja.com/ - manipulating protocols at the bits and bytes
* https://blog.byteray.co.uk/critical-vulnerabilities-in-rut22gw-industrial-lte-cellular-routers-f4eb8768feb7 - LTE modems go brrrrrrr
* https://mp.weixin.qq.com/s/mfXBJmTuDsE5Y5ufbffkjw?poc_token=HL9bPGmjQcx4HjY2q6nc3pvfsIFWuwnJf-vGJx33 - attacking the Globalstar uplink

Nerd:

* https://oswatcher.github.io/frontend/ - how Windows has changed over time
* https://social.coop/@eb/115646613032814668 - @eb's prompt for F/OSS projects

#security, #research

[RSS] ActivID administrator account takeover : the story behind HID-PSA-2025-002

https://www.synacktiv.com/publications/activid-administrator-account-takeover-the-story-behind-hid-psa-2025-002.html

When seven German journalist students do a better job of tracking down the sources of the drone flights over Europe than the security services...

https://www.digitaldigging.org/p/they-droned-back

...on the topic of argv[0] being mutable https://social.treehouse.systems/@grawity/114910244850655560

Day 12 of Advent of Compiler Optimisations!

Your loop checks the same condition every iteration, even though it never changes. Seems wasteful, right? The compiler thinks so too—and its solution is something that sounds completely backwards. Making your code bigger to make it faster? What's the trick?

Read more: https://xania.org/202512/12-loop-unswitching
Watch: https://youtu.be/-VCrYshE7iQ

#AoCO2025

@VoltPaperScissors The DMV sloth with a painfully slow stamping hand from Zootopia? :D

@algernon On what ground?

@VoltPaperScissors Slowloris!

Free Micropatches for Windows Remote Access Connection Manager DoS (0day)
https://blog.0patch.com/2025/12/free-micropatches-for-windows-remote.html

@uint8_t @karotte @gsuberland

@dey "flying in airplanes used
to be fun, but now it resembles a dystopian bin-packing problem in which
humans, carry-on luggage, and five dollar peanut bags compete for real estate while crying children materialize from the ether and make obscure demands in unintelligible, Wookie-like languages while you fantasize about who you won’t be helping when the oxygen masks descend."

Hope this cheers you up :) https://www.usenix.org/system/files/1309_14-17_mickens.pdf

"Base Score: 9.8 (Critical)"

https://hackerone.com/reports/3462525

If you just updated React / NextJS for #react2shell , you now get to update again. Two additional vulnerabilities identified in follow-up work were just published: CVE-2025-55183 (DoS), CVE-2025-55184 (Source Code Exposure)

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

https://nextjs.org/blog/security-update-2025-12-11

[RSS] The FreePBX Rabbit Hole: CVE-2025-66039 and others

https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/

[RSS] exploits.club Weekly(ish) Newsletter 93 - Old QEMU Bugs, Android Auto Bluetooth PoCs, BeeStation P20, and More

https://blog.exploits.club/exploits-club-weekly-ish-newsletter-92-s23-n-day-pocs-printer-overflows-dng-oob-writes-and-more-2/

@Viss you don't really talk about it because 1) NDA 2) you look at the damn code all the time?