The z/OS C/C++ runtime library
https://github.com/ibmruntimes/zoslib/tree/zopen2 #s390x #zOS

Well, it's about f@#king time.
https://www.authorsalliance.org/2024/09/17/antitrust-lawsuit-filed-against-large-academic-publishers/
The situation with #academic publishers has been a growing issue for years now, and it's good to see some action taken about it. But this should have come long ago from national regulators, not some UCLA professor. Petition your national #antitrust agency to join or replicate locally.
#AcademicChatter

Shameful how some people objectify Palo Alto Networks.

So Cards Against Humanity just sued M*sk for ruining a piece of land they bought in Texas for their customers...

#2024bingocard

https://www.elonowesyou100dollars.com/

How it started, how it's going

A Journey From `sudo iptables` To Local Privilege Escalation - Shielder https://www.shielder.com/blog/2024/09/a-journey-from-sudo-iptables-to-local-privilege-escalation/

📢 We’re now releasing weekly mass testing results 📢

https://mass.rev.ng

Here you can find a weekly report on using revng to decompile tons of binaries.

There’s information about crashes, timeouts and nice graphs.

Our goal is to now bring them all down week-by-week 🦾

Been doing a fun new reverse engineering project: Figuring out the file formats of the 1999 Windows/PS1 game Attack of the Saucerman. It's the first time I'm doing this on a 3D game. I'm now at a point where I can partially display the levels, and extract most of the assets:
https://github.com/lethal-guitar/SaucerMapViewer

I already made an attempt many many years ago, but was only armed with a hex editor at the time and couldn't make any sense of the data. (cont.)

Qubes OS Summit 2024 just started

You can assist live on YouTube

https://vpub.dasharo.com/e/16/qubes-os-summit-2024/

#qubesos

#OpenSSH 9.9 has been released: https://www.openssh.com/txt/release-9.9

The significant new feature is support for post-quantum mlkem768x25519-sha256 KEX as specified in https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03

#pqcrypto #postquantumcryptography

gaining access to anyones browser without them even visiting a website

https://kibty.town/blog/arc/

Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

https://github.com/0xdea/tactical-exploitation

"The Other Way to Pen-Test" -- @hdm & @Valsmith

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.