Santa brought new a blog post!

Handling Arbitrarily Nested Structures with #BurpSuite

https://blog.silentsignal.eu/2024/12/06/custom-decoder-for-burp/

The competition compromises your C2 infrastructure and operator workstations.

"a longstanding campaign orchestrated by the Russian-based threat actor known as 'Secret Blizzard' (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, 'Storm-0156.'"

https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/

Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes. Our blog post explains what these tags do and how they can be used. https://www.pentagrid.ch/en/blog/hackervertor-ean13-and-totp-tags-for-web-application-penetration-testing-with-burp/ #pentest #OWASP

#VSCode support for writing #Ghidra plugins! And it includes debugging from VSCode!

I am SO EXCITED! Thank you Ghidra team! 💜💜💜

https://github.com/NationalSecurityAgency/ghidra/commit/478d3e6331803ee3c4adda98a9a97e0acab7e242

#ReverseEngineering #GhidraExtensions

The IBM Hyper Text Editing System console from 1969 https://commons.wikimedia.org/wiki/File:HES_IBM_2250_Console_grlloyd_Oct1969.png

Cyberpunk when?
(Now. Right now)

Mastodon isn't perfect.

But the fact a social network exists that is completely free to use,

has no venture capital investors,

has no shareholders to answer to,

has no growth targets,

with a web interface with zero cookies,

and mobile apps with zero trackers at all

with ten thousand server administrators who donate their time for user safety

is - in my opinion - mindbogglingly cool, given the state of the world we live in.

Not everything has to be shit. People make things better.

So, apparently targeted advertsing may be coming to #Bluesky...

https://techcrunch.com/2024/12/05/bluesky-ceo-jay-graber-is-reshaping-social-media-but-advertising-isnt-off-the-table/?guccounter=1

This is not a surprise at all, and has been predicted for a while. Despite the protestations from Bluesky enthusiasts saying that selling domain names was going to do it, the BS business plan never made any sense.

And now they are paying for server costs for 20+ million users and watching their $15M investment from Blockchain Capital et al. dwindle.

Reality bites, and it bites hard.

I had the privilege of hanging out with j00ru at REcon Montreal after my talk about False File Immutability. I just found out that his latest work, CVE-2024-43452, was directly inspired by my talk and our chat. Feels good man! https://project-zero.issues.chromium.org/issues/42451731

I'm really proud to present my fully documented source code for Elite on the Commodore 64.

This is the original 1985 source, recently released by Ian Bell, with every single line of code explained.

It’s a thing of beauty. Enjoy!

https://github.com/markmoxon/elite-source-code-commodore-64

#retrocomputing #retrogaming #8bit #C64 #Commodore64 #Elite

When I first joined Mastodon, it didn't have search, and that was the reason I didn't use it.

It now has search, but can we all admit that it's really bad?

Reverse engineering Mortal Kombat GRA file format by @rwfpl

http://blog.rewolf.pl/blog/?p=1837
http://blog.rewolf.pl/blog/?p=1982#more-1982

If we discover a wireless bug over-the-air, can't we always reproduce it by replaying the attack traffic? Can we create a minimal traffic to reproduce the same attack? All answers in #AirBugCatcher @acsac_conf #Fuzzing #wireless #CyberSecurity

Project: https://github.com/asset-group/air-bug-catcher/

#Fuzz Every(5G)thing Everywhere All at Once : unleashed #5Ghoul (https://5ghoul.com) - a family of 10+ 5G implementation vulnerabilities in @qualcomm
and @mediatek cellular baseband modems. Exploits as well as fuzzer is open source.
#5G #Fuzzing #Wireless #CyberSecurity

UPDATE: #ESETresearch was contacted by one of the possible authors of the Bootkitty bootkit, claiming the bootkit is a part of project created by cybersecurity students participating in Korea's Best of the Best (BoB) training program. 1/2
https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/

Perl interpreter patch to issue runtime warnings against suspicious two-argument open() calls https://www.openwall.com/lists/oss-security/2024/12/04/1