#LazyWeb Can you recommend a good overview on the technical implementation of SMB signatures?

New assessment for topic: CVE-2024-22026

Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."

"CVE-2024-22026 is a local privilege escalation vulnerability in Ivanti EPMM (formerly MobileIron) server versions prior to 12.1.0.0, 12.0.0.0, and 11.12.0.1 ..."

Link: https://attackerkb.com/assessments/7f7b046e-eae8-4ef0-940e-eb49334c203e

I just realized the #Hungarian word "elszaródik" have likely been around much longer than "enshittification", meaning the same thing (usually in non-tech context though)

Yesterday I presented at the NL-NCSC / @SURF / @ACCSS symposium "Cyber Security & Society". According to Donald Tusk we are entering a new pre-war era, and I fear that he is right. I also fear that we do not have anything near a "war-time resilient" level of control over the IT infrastructures that our societies depend on utterly. We are sitting ducks & it is getting worse. Transcribed presentation, with slides, is here:
https://berthub.eu/articles/posts/cyber-security-pre-war-reality-check/

"imagine that the government decided to drop the hammer on information security earlier on, perhaps circa 2000. Would it have been good if we enshrined the prevailing security sensibilities and engineering practices of the era in law?" - @lcamtuf

https://lcamtuf.substack.com/p/im-not-cheerleading-for-the-cisa

Inside a low budget consumer hardware espionage implant - Analysis of the S8 data line locator

https://ha.cking.ch/s8_data_line_locator/

[RSS] SSD Advisory – D-Link DIR-X4860 Security Vulnerabilities

https://ssd-disclosure.com/ssd-advisory-d-link-dir-x4860-security-vulnerabilities/

Password cracking: past, present, future

#OffensiveCon24 slides

https://www.openwall.com/presentations/OffensiveCon2024-Password-Cracking/

Escaping the Safari Sandbox: A tour of WebKit IPC

#OffensiveCon24 slides

https://www.synacktiv.com/sites/default/files/2024-05/escaping_the_safari_sandbox_slides.pdf

NewJeans’ Hyper-V Part 7 - CVE-2023-36407 Analysis & Exploitation [KR]

https://hackyboiz.github.io/2024/05/12/pwndorei/newjeans-hyper-v-pt7/?s=09

Hey folks!

I'm the creator of Python @pillow & today is my birthday. Can I ask you for a favor?

I'm looking for a new role & I'd appreciate a boost. Check out my resume here:

- https://aclark.net/resume/

I'm passionate about Python, open source & making a living with open source. What's the next move?

Thank you @willmcgugan for the nudge ❤️

I rarely feel as connected to a person as I felt today looking in the eye of the guy blasting Blood for Blood from his car

Debian Users - Be aware the maintainer of the KeePassXC package for Debian has unilaterally decided to remove ALL features from it. You will need to switch to `keepassxc-full` to maintain capabilities once this lands outside of testing/sid.

You are Offline
Dont panic
Look around
Interact with reality

artist unknown

#streetart #graffiti #mural #WallArt #online #internet

LangSec Bug of the Year Discovery awards
https://langsec.org/spw24/bug-of-the-year.html?s=09

Printer Hacking talk from nullcon by @bl4sty

https://m.youtube.com/watch?v=2Lg2JgJUKmA&s=09

[RSS] Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1

https://medium.com/@clearbluejar/everyday-ghidra-symbols-prescription-lenses-for-reverse-engineers-part-1-d3efe9279a0b

[RSS] Digging for SSRF in NextJS apps

https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps

[RSS] Advisory: Next.js SSRF (CVE-2024-34351)

https://www.assetnote.io/resources/research/advisory-next-js-ssrf-cve-2024-34351

We are glad to announce that our #IBMi research will be presented at multiple prestigious conferences this June:

At @WEareTROOPERS we will show how pentesters can adopt their Windows/*nix experiences to the platform, and discover new vulnerabilities in native IBM i programs:

https://troopers.de/troopers24/talks/7sfsbf/

At @recon will dive deep into the architecture to understand its security features and present foundational tools for low-level research:

https://cfp.recon.cx/recon2024/talk/AT399C/