I recently saw an amazing Navajo rug at the National Gallery of Art. It looks abstract at first, but it is a detailed representation of the Intel Pentium processor. Called "Replica of a Chip", it was created in 1994 by Marilou Schultz, a Navajo/Diné weaver and math teacher. Intel commissioned the weaving as a gift to the American Indian Science & Engineering Society. 1/6

While Burp's browsers are devouring my disk space at least their disk usage diagram looks nice

We just published v4.1.0 of the eslint plugin `no-unsanitized`, which prohibits the usafe of XSS sinks (e.g., `innerHTML=` or `setHTMLUnsafe()`) without the use of a preconfigured sanitizer library.
The rule helps finding and preventing XSS in various Mozilla projects, including Firefox.
Technical Details at https://frederikbraun.de/finding-and-fixing-dom-based-xss-with-static-analysis.html and source at https://github.com/mozilla/eslint-plugin-no-unsanitized

[RSS] In the Windows kernel, what is a LUID, and what makes it loo-ey?

https://devblogs.microsoft.com/oldnewthing/20240830-00/?p=110198

[RSS] The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/

NVD are you okay?

We broke 10k stars on #GitHub! Remaining in the 1st and 2nd positions on #Google for, “Reverse Engineering Tutorial”. Special thanks to @0xinfection @hasherezade @fox0x01 @three_cube @binitamshah and all of you! #ReverseEngineering https://github.com/mytechnotalent/Reverse-Engineering

this is my emotional support carwash. whenever I get sad I ssh into this Montenegrin carwash I found on shodan 12 years ago and spin the rollers a bit. makes me feel real again

Capt. Grace Hopper on Future Possibilities: Data, Hardware, Software, and People (1982)

Part I.: https://www.youtube.com/watch?v=si9iqF5uTFk

Part II.: https://www.youtube.com/watch?v=AW7ZHpKuqZg

If I'm not mistaken getting these records declassified took several years of fighting NSA bureaucracy, so having this released is a pretty great achievement!

CVE-2024-5274: A Minor Flaw in V8 Parser Leading to Catastrophes

https://www.darknavy.org/blog/cve_2024_5274_a_minor_flaw_in_v8_parser_leading_to_catastrophes/?s=09

I know that one should never, ever go to SciHub to find academic papers but is there a site one should never, ever go to for ISO/IEC standards documents?

Today is the 10 year anniversary of the first time I ever pwned anything!

My first exploit was a simple stack smash, overwrite return ptr, jump to admin function. This was an in internal recruiting CTF by @gaasedelen for the RPISEC

Before that day I had never even considered computer security and was primarily doing robotics.

You never know when a buffer overflow may change the very course of your life!

mskssrv.sys - CVE-2023–29360

https://seg-fault.gitbook.io/researchs/windows-security-research/exploit-development/mskssrv.sys-cve-2023-29360?s=09

"Listing all processes keeping particular file open is not a trivial task but since Vista we have a special syscall parameter for such purpose. Microsoft says "reserved for system use" but I was brave enough to wrap it into PowerShell function. Enjoy!" @0gtweet

https://github.com/gtworek/PSBits/blob/master/Misc2/Get-PidsForOpenFile.ps1

4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways

https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html?s=09

Next-Level Reversing: Binary Ninja+TTD

https://seeinglogic.com/posts/binary-ninja-ttd-intro/?s=09

Years ago, I created a bot that posted Sun Tzu quotes, if Sun Tzu had written about cyber war. When X closed up API access that bot broke, and it never was high on my list of priorities to bring here. Well, I just fixed that. May I introduce you to @SunTzuCyber, which posts every 6 hours. The posts are set up as unlisted/quiet public, so they won't show up in timelines unless you follow it.

There's a large number of #FreeBSD, #OpenBSD, and #illumos users out there.

We don't talk much because it "Just Works™"

I was not able to prove this for a very long time, so I used the most powerful weapon available out there: asking!

https://www.reddit.com/r/selfhosted/comments/1f1hr4m/unix_but_notlinux_club/

Did you ever found firmwares for Tricore or v850 architectures accessing addresses starting with 0xa.. instead of the 0x80.. one? after so much research I end up learning that this is handled by the mmu which applies a cache layer on top of the same memory range. In other words: IDA lies by fake the references by dropping the 3rd bit, ghidra can't handle this, and r2 is again the only tool able to properly define this memory layout.

https://community.infineon.com/t5/AURIX/About-the-issue-with-lsl-files/td-p/676113#.