Pointers Are Complicated, or: What's in a Byte?
https://www.ralfj.de/blog/2018/07/24/pointers-and-bytes.html

Pointers Are Complicated II, or: We need better language specs
https://www.ralfj.de/blog/2020/12/14/provenance.html

Pointers Are Complicated III, or: Pointer-integer casts exposed
https://www.ralfj.de/blog/2022/04/11/provenance-exposed.html

Why are some people obsessed about reading the right way?

“You’re wasting your time if you’re not reading the classics” or “reading should be about sucking the marrow of the vast body literature” or “reading is about retaining information”

None of it is true. People read because they like reading. Maybe they like stories. Maybe they like words. Maybe they are learning something obscure. There are millions of different reasons or ways to read. Don’t let pedants steal your joy or soul.

Just read #read #books

[RSS] Everyday Ghidra: Symbols -- Prescription Lenses for Reverse Engineers -- Part 1

https://clearbluejar.github.io/posts/everyday-ghidra-symbols-prescription-lenses-for-reverse-engineers-part-1/

Remote Code Execution with Spring Boot 3.4.0 Properties

https://snyk.io/articles/remote-code-execution-with-spring-boot-3-4-0-properties/

[RSS] Reverse engineering the Sega Channel game image file format

https://www.infochunk.com/schannel/index.html

Malimite is an iOS decompiler designed to help researchers analyze and decode IPA files https://github.com/LaurieWired/Malimite

Intel launched the Pentium processor in 1993. Unfortunately, dividing sometimes gave a slightly wrong answer, the famous FDIV bug. Replacing the faulty chips cost Intel $475 million. I reverse-engineered the circuitry and can explain the bug. 1/9

Writing down (and searching through) every UUID · eieio.games
https://eieio.games/blog/writing-down-every-uuid/

/via @filippo

#frombsky

Breaking the most popular #Web Application Firewalls (#waf) in the market

https://nzt-48.org/breaking-the-most-popular-wafs

[RSS] Trying to Exploit My Old Android Device, take 2 (CVE-2020-0401, PackageManagerService)

https://pwner.gg/blog/Android%27s-CVE-2020-0401

"Good Red Team comes on slow. The first month is all waiting, then halfway through the second month you start cursing the service provider who burned you, because nothing is happening. And then... ZANG!" - Hunter CISO Thompson

I'll just leave this here for the real programmers.

Forward thinking was just the thing that made Multics what it is today.

— Erik Quanstrom

Santa brought new a blog post!

Handling Arbitrarily Nested Structures with #BurpSuite

https://blog.silentsignal.eu/2024/12/06/custom-decoder-for-burp/

The competition compromises your C2 infrastructure and operator workstations.

"a longstanding campaign orchestrated by the Russian-based threat actor known as 'Secret Blizzard' (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, 'Storm-0156.'"

https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/

[RSS] URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it

https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html

Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes. Our blog post explains what these tags do and how they can be used. https://www.pentagrid.ch/en/blog/hackervertor-ean13-and-totp-tags-for-web-application-penetration-testing-with-burp/ #pentest #OWASP

#VSCode support for writing #Ghidra plugins! And it includes debugging from VSCode!

I am SO EXCITED! Thank you Ghidra team! 💜💜💜

https://github.com/NationalSecurityAgency/ghidra/commit/478d3e6331803ee3c4adda98a9a97e0acab7e242

#ReverseEngineering #GhidraExtensions

The IBM Hyper Text Editing System console from 1969 https://commons.wikimedia.org/wiki/File:HES_IBM_2250_Console_grlloyd_Oct1969.png

Cyberpunk when?
(Now. Right now)