Posts
2533Following
646Followers
1459
repeated
David Weston (DWIZZZLE)
dwizzzlemsft@bird.makeup
My keynote from @sansoffensive in Hollywood. Attacking Intelligence: Attacking and Defending AI on The Edge
I cover confidential GPUs, Windows Recall architecture, and post-compromise tradecraft with AI and lots more!
0
1
0
repeated
David Weston (DWIZZZLE)
dwizzzlemsft@bird.makeupIgnite session covering all the Windows Security newness just posted
0
1
0
buherator
buheratorhttps://scrapco.de/twitter/buherator/status/1576535053571530752/
This is a thread about technological things I misjudged during my career. Maybe it'll help someone. (Or maybe I misjudge again?)
- I started gera's challenges, but "why bother with client-side?"
https://github.com/gerasdf/InsecureProgramming.git
- During university, seeing Meterpreter's shortcomings I considered to start developing a professional implant. But "no security boundaries, no fun".
Now look at all teh frameworks...
- Gave up on chemistry because of an idiot teacher
2
2
4
buherator
buheratorhttps://www.nozominetworks.com/blog/hunting-the-mongoose-discovering-10-vulnerabilities-in-the-mongoose-web-server-library
0
2
1
buherator
buheratorOMG I just realized at the end of the episode Needful Things was bought by *Google*
https://rickandmorty.fandom.com/wiki/Needful_Things
1
0
3
repeated
stacksmashing
stacksmashing@infosec.exchangeI am looking for padlock or similarly visual device that has bluetooth vulnerabilities (i.e. just uses an "unlock" command or so and no decent cryptography). Any tips welcome!
1
2
0
repeated
lcamtuf 
lcamtuf@infosec.exchange
We misunderstood the concept of afterlife. What the religious texts meant to say is that the essence of your online life will be preserved as the weights of an LLM that handles airline customer support and prescribes Viagra in a telehealth app.
4
8
0
repeated
Jeff Moss
thedarktangent@defcon.socialTIL: https://ladybird.org a truely independent browser built by engineers not motivated by data driven revenue. DNSSEC, DANE, no shady CA list, etc. Theyvare always looking for help. #Browser
3
2
0
repeated
Romain THOMAS
rh0main@infosec.exchangeI'm happy to share that LIEF (extended)
is now providing an API to disassemble code (backed by the LLVM MC layer).
This disassembler is integrated with other functionalities
like dyld shared cache support or DWARF debug info.
You can checkout https://lief.re/doc/latest/extended/disassembler/index.html for the details.
0
4
0
repeated
Transmission64 :c64:
transmission64@c.imAnd Transmission64 is live. Head on over to https://t64.to/watch .
0
2
0
repeated
🏳️🌈🖖🏽
repeated
Frederik Braun �
freddy@security.plumbingI wrote some cool scripts that I want to share with the world but I do not want to start being in the business of maintaining another open source project. I guess I will just describe it in my blog and tell the world that it's cool and they can use it?
Anyway, I now have an #indieweb #POSSE python script for my homepage.
Whenever I build my blog, it also generates an XML Atom feed (many static site generators do that). After adding an article and building, I can loop ... 1/2
3
1
0
buherator
buheratorhttps://github.com/v-p-b/libfuzzer_kfx/blob/main/C2LIBAFL.md
I nice part of making an archive of my Twitter posts is that I realize I wrote stuff like this o.O #fuzzing
0
0
3
buherator
buheratorhttps://github.com/v-p-b/rss2bsky.py
#RSS #Syndication #Bluesky #POSSE
0
0
3
buherator
buheratorShow content
Secure trust data mining linux cache poisoning encapsulation cyclic redundancy check cloud computing PKI signature FTP hijacking. Trust ephemeral port IP forwarding linux stream cipher port exponential backoff internet control message protocol race condition full duplex exposure IP spoofing. Challenge-handshake authentication protocol public key hypertext markup language topology war dialing disaster recovery plan decryption authorized. Account harvesting masquerade NAT stream cipher, cookie intranet certificates patch covert channel penetration test tunnel IP forwarding egress filtering.
https://www.securityipsum.com/
Ephemeral port reverse engineer fingerprint form-based authentication day zero. FTP UDP address resolution protocol boot sector, PPTP ransomware business continuity plan intrusion detection. IP flooding authentication disaster recovery plan corruption decryption MD5 dictionary attack socket egress filtering fragment digital signature exponential backoff worm. Reverse proxy encapsulation shell tunnel bastion host.
0
0
1
repeated
April King
april@macaw.socialHandling Cookies is a Minefield:
inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/
3
10
0
repeated
daniel:// stenberg://
bagder@mastodon.socialDavid Schinazi mentioned @april's cookie blog post and I'm sorry but I had to do a "I told you so".
On the httpbis list.
https://lists.w3.org/Archives/Public/ietf-http-wg/2024OctDec/0231.html
1
1
0
repeated
repeated
Hexacorn 
hexacorn@infosec.exchange
How to debug Windows service processes in the most old-school possible way...
0
1
1