I'll just leave this here for the real programmers.
Add OpenBSD to the ../ club: https://nvd.nist.gov/vuln/detail/CVE-2024-10933
Forward thinking was just the thing that made Multics what it is today.
— Erik Quanstrom
Santa brought new a blog post!
Handling Arbitrarily Nested Structures with #BurpSuite
https://blog.silentsignal.eu/2024/12/06/custom-decoder-for-burp/
The competition compromises your C2 infrastructure and operator workstations.
"a longstanding campaign orchestrated by the Russian-based threat actor known as 'Secret Blizzard' (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, 'Storm-0156.'"
https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/
Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes. Our blog post explains what these tags do and how they can be used. https://www.pentagrid.ch/en/blog/hackervertor-ean13-and-totp-tags-for-web-application-penetration-testing-with-burp/ #pentest #OWASP
#VSCode support for writing #Ghidra plugins! And it includes debugging from VSCode!
I am SO EXCITED! Thank you Ghidra team! 💜💜💜
https://github.com/NationalSecurityAgency/ghidra/commit/478d3e6331803ee3c4adda98a9a97e0acab7e242
The IBM Hyper Text Editing System console from 1969 https://commons.wikimedia.org/wiki/File:HES_IBM_2250_Console_grlloyd_Oct1969.png
Mastodon isn't perfect.
But the fact a social network exists that is completely free to use,
has no venture capital investors,
has no shareholders to answer to,
has no growth targets,
with a web interface with zero cookies,
and mobile apps with zero trackers at all
with ten thousand server administrators who donate their time for user safety
is - in my opinion - mindbogglingly cool, given the state of the world we live in.
Not everything has to be shit. People make things better.
So, apparently targeted advertsing may be coming to #Bluesky...
This is not a surprise at all, and has been predicted for a while. Despite the protestations from Bluesky enthusiasts saying that selling domain names was going to do it, the BS business plan never made any sense.
And now they are paying for server costs for 20+ million users and watching their $15M investment from Blockchain Capital et al. dwindle.
Reality bites, and it bites hard.
I had the privilege of hanging out with j00ru at REcon Montreal after my talk about False File Immutability. I just found out that his latest work, CVE-2024-43452, was directly inspired by my talk and our chat. Feels good man! https://project-zero.issues.chromium.org/issues/42451731
I'm really proud to present my fully documented source code for Elite on the Commodore 64.
This is the original 1985 source, recently released by Ian Bell, with every single line of code explained.
It’s a thing of beauty. Enjoy!
When I first joined Mastodon, it didn't have search, and that was the reason I didn't use it.
It now has search, but can we all admit that it's really bad?
Reverse engineering Mortal Kombat GRA file format by @rwfpl
http://blog.rewolf.pl/blog/?p=1837
http://blog.rewolf.pl/blog/?p=1982#more-1982
If we discover a wireless bug over-the-air, can't we always reproduce it by replaying the attack traffic? Can we create a minimal traffic to reproduce the same attack? All answers in #AirBugCatcher @acsac_conf #Fuzzing #wireless #CyberSecurity
#Fuzz Every(5G)thing Everywhere All at Once : unleashed #5Ghoul (https://5ghoul.com) - a family of 10+ 5G implementation vulnerabilities in @qualcomm
and @mediatek cellular baseband modems. Exploits as well as fuzzer is open source.
#5G #Fuzzing #Wireless #CyberSecurity