Shameful how some people objectify Palo Alto Networks.

So Cards Against Humanity just sued M*sk for ruining a piece of land they bought in Texas for their customers...

#2024bingocard

https://www.elonowesyou100dollars.com/

How it started, how it's going

A Journey From `sudo iptables` To Local Privilege Escalation - Shielder https://www.shielder.com/blog/2024/09/a-journey-from-sudo-iptables-to-local-privilege-escalation/

📢 We’re now releasing weekly mass testing results 📢

https://mass.rev.ng

Here you can find a weekly report on using revng to decompile tons of binaries.

There’s information about crashes, timeouts and nice graphs.

Our goal is to now bring them all down week-by-week 🦾

Been doing a fun new reverse engineering project: Figuring out the file formats of the 1999 Windows/PS1 game Attack of the Saucerman. It's the first time I'm doing this on a 3D game. I'm now at a point where I can partially display the levels, and extract most of the assets:
https://github.com/lethal-guitar/SaucerMapViewer

I already made an attempt many many years ago, but was only armed with a hex editor at the time and couldn't make any sense of the data. (cont.)

Qubes OS Summit 2024 just started

You can assist live on YouTube

https://vpub.dasharo.com/e/16/qubes-os-summit-2024/

#qubesos

#OpenSSH 9.9 has been released: https://www.openssh.com/txt/release-9.9

The significant new feature is support for post-quantum mlkem768x25519-sha256 KEX as specified in https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03

#pqcrypto #postquantumcryptography

gaining access to anyones browser without them even visiting a website

https://kibty.town/blog/arc/

Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

https://github.com/0xdea/tactical-exploitation

"The Other Way to Pen-Test" -- @hdm & @Valsmith

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.

Apple's New macOS Sequoia Update Breaking Major Security Tools https://it.slashdot.org/story/24/09/19/1851232/apples-new-macos-sequoia-update-breaking-major-security-tools?utm_source=rss1.0mainlinkanon

Couldn't let #talklikeapirateday happen without a little bit of #pc #ansi #art to commemorate.
Here's a little sketch of perhaps my number one fave pirate, Guybrush Threepwood :) arrrr! /piratevoice