Posts
2517
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
buherator
repeated
griotspeak@soc.mod-12.com

tj usiyan

Them: “This is not a paywall.”
Me: “whew”

Them: Provide your Email address”

Me: “that’s a payment, though. Personal information is a payment”

2
13
0
buherator
repeated
lcamtuf@infosec.exchange

lcamtuf verified verified verified

Edited 2 months ago

Analog filters, part II: let it ring

https://lcamtuf.substack.com/p/analog-filters-part-2-let-it-ring/?1

0
2
0
buherator

buherator

[RSS] Reverse-engineering a three-axis attitude indicator from the F-4 fighter plane

http://www.righto.com/2024/09/f4-attitude-indicator.html?m=1
0
0
0
buherator

buherator

#music #punk
Show content
=:)

https://www.youtube.com/watch?v=m-kGHU8kUPk
0
1
1
buherator

buherator

I just realized that the "DoD Cyber Crime Center" on GitHub is not just a parody reference to NSA o.O
0
0
1
buherator

buherator

1 file changed, 99 insertions
but it ain't fucking work
0
0
1
buherator

buherator

Anyone has an idea what I should do with this exception:

ghidra.framework.store.LockException: domain object(s) are busy/locked

I solved like a dozen #Ghidra API mysteries today, but I'm running out of ideas with this one...
1
2
2
buherator
repeated
tom@social.tomstu.art

Tom Stuart

I’m happy to see that the GOV.UK Service Manual’s “Building a robust frontend using progressive enhancement” page was updated this week and made it to the top of Hacker News today. The technology industry would collectively save unimaginable quantities of time, money, energy and stress if this single page were required reading for everyone involved in building a web site. https://www.gov.uk/service-manual/technology/using-progressive-enhancement

1
6
0
buherator
repeated
raptor@infosec.exchange

Marco Ivaldi

on

https://patchfriday.com/158/

0
2
0
buherator
repeated
raptor@infosec.exchange

Marco Ivaldi

"Sometimes, hacking is just someone spending more time on something than anyone else might reasonably expect.”

— Jerry Gamblin

0
7
0
buherator

buherator

#wfh #rto #commute
Show content
"Quite a lot of people enjoy their commute time. And there’s good behavioral evidence for this because economists have noticed that people live a bit further from work than they optimally should in order to create a chronological buffer between where they work and where they live. We like that decompression time."[1]

While I don't agree with the conclusion of the article (optimizing commute), this pretty much confirms my experience.

I like to stare at my nothing box.[2]

[1] https://behavioralscientist.org/are-we-too-impatient-to-be-intelligent/
[2] https://www.youtube.com/watch?v=SZ6mVumHY9I
0
0
0
buherator
repeated
exploitsclub@bird.makeup

exploits.club

40th Weekly Vuln Research newsletter is OUT NOW 📰

iOS kernel exploitation from @alfiecg_dev

Elgato hacking from @dt_db

@_tsuro bypasses CET

RCU Internals from @u1f383

Google Teams check off their OKRs

➕ Jobs and more 👇

https://blog.exploits.club/exploits-club-weekly-newsletter-40-ios-kernel-exploitation-cet-bypasses-elgato-hardware-repair-and-more/

0
3
0
buherator
repeated
attackerkb

AttackerKB

New assessment for topic: CVE-2023-25950

Topic description: "HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request ..."

"HAProxy's HTTP/3 implementation fails to block a **malformed HTTP header field name**, and **when deployed in front of a server that incorrectly process this malformed header**, it may be used to conduct an HTTP request/response smuggling attack ..."

Link: https://attackerkb.com/assessments/410b285d-5724-4300-bcc4-603cc4c726ac
0
1
0
buherator

buherator

There seems to be a pretty big refactor in #Ghidra 11.2 renaming "Python" to "Jython" - this will break a bunch of integrations, but I can't see it mentioned in the Change History :/
0
1
2
buherator
repeated
xnyhps@bird.makeup

Thijs Alkemade

We had a short look at the buffer overflow found by fuzzing `process_browse_data` to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak.

https://bird.makeup/@evilsocket/1839394447286751430

0
4
0
buherator
repeated
rdjgr@bird.makeup

Rick de Jager

Here's my quick and dirty PoC for the CUPS vulns. I wrote it after spotting the patches in the public CUPS repo. As always, expect CTF-quality code :D

https://github.com/RickdeJager/cupshax

https://bird.makeup/@rdjgr/1838750230218436891

0
2
0
buherator

buherator

Edited 2 months ago

Finally I got myself to write a script to generate documentation for #Ghidra - now I host the latest info about 11.2, including but not limited to:

I took this opportunity to redo the directory structure that broke most search engine links, sorry about that (this will improve with time ofc)!

0
6
9
buherator

buherator

gradle prepdev
0
0
1
buherator
repeated
mwl@io.mwl.io

Michael Lucas flan_set_fire

Edited 2 months ago

Normal authors: release book to the public early in the week, with much fanfare.

Me, late Friday afternoon, from a dark alley: "psst! Hey, you! Yeah, you! ! Buddy! You ever wanted to Run Your Own Mail Server?"

https://www.tiltedwindmillpress.com/product/ryoms-ebook/

(boosts appreciated! flan_beg )

5
19
0
buherator
repeated
fight@mastodon.fightforthefuture.org

Fight for the Future

“It’s the time of Orwell but with corporations." https://www.wired.com/story/internet-archive-memory-wayback-machine-lawsuits/

This is a must-read on the existential battle of @internetarchive

If you wanna take action after, we've got a list of things to do at https://www.battleforlibraries.com/

1
7
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.