Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections

New: this OnlyFans model publishes her machine learning explainers to both YouTube and Pornhub. Although YouTube may get a million views, that'll generate around $300. The same content posted to Pornhub, with ~30k views, makes $1000. We spoke to her https://www.404media.co/why-this-onlyfans-model-posts-machine-learning-explainers-to-pornhub/

Can any #Rust expert out there explain where is the syntax for this little challenge documented?

https://github.com/mainmatter/100-exercises-to-learn-rust/issues/245

(preferably with explanations about what the different lifetime annotations mean)

"Proof of Concept that exploits CVE-2024-49138 in CLFS.sys"

https://github.com/MrAle98/CVE-2024-49138-POC

Note: I did *not* verify this but it's at least not an obvious fake. Be careful!

/via @obivan

libvirt 11.0.0 released with VLAN support on standard Linux host bridges, support for VLAN tagging and trunking in the network, qemu and lxc drivers

https://gitlab.com/libvirt/libvirt/-/blob/master/NEWS.rst

#libvirt #qemu #kvm #linux

Installing Sysinternals from MS store is actually pretty nice!

People finally caught on (sortof) to what I said 8 years ago ( ) that nobody knows what they're doing with the pointer hashing stuff, with %pK use for printks being the proof: https://lore.kernel.org/linux-hardening/Z4Z2TW_HaANvT4VH@smile.fi.intel.com/T/#t

https://bird.makeup/@grsecurity/929407342655008770

Currently planned schedule for my next livestreams:
Friday 9 PM CET, the WAD (Doom's) archive.
https://www.youtube.com/live/g0VyFDYefqQ?si=Ta2p1zn0jSDCivhV
Saturday 9PM, JavaScript in PDFs.
Sunday, Doom in PDF!

Project: golang/go https://github.com/golang/go
File: src/cmd/cgo/godefs.go:18 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/cgo/godefs.go#L18

func (p *Package) godefs(f *File, args []string) string

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fgodefs.go%23L18&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fgodefs.go%23L18&colors=light

As you might imagine, recovering from rebuilding the Internet Archive systems from a new perspective took time, and the priority was super important systems, and ones merely "working" were left alone. But that's changed - we updated emulation at the Internet Archive so it's more secure, and the systems we're offering just added a few!

Any other gophers that use IDA Pro wanna help out?

https://github.com/blacktop/go-idalib

Ticket shop is live.
https://www.offensivecon.org/register.html

The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build something interesting that will have immediate impact on 1000+ open source projects. https://www.google.com/about/careers/applications/jobs/results/92969243305222854-research-intern-phd-summer-2025

Cool project: "Nepenthes" is a tarpit to catch (AI) web crawlers.

"It works by generating an endless sequences of pages, each of which with dozens of links, that simply go back into a the tarpit. Pages are randomly generated, but in a deterministic way, causing them to appear to be flat files that never change. Intentional delay is added to prevent crawlers from bogging down your server, in addition to wasting their time. Lastly, optional Markov-babble can be added to the pages, to give the crawlers something to scrape up and train their LLMs on, hopefully accelerating model collapse."

https://zadzmo.org/code/nepenthes/

The original artist describes their Fortran code that rendered the Nostromo's vector landing display in "Alien": https://archive.org/details/creativecomputing-1981-06/page/n51/mode/2up?ui=embed&view=theater

this is the chrome logo if they were being honest

Seeing the ex-TAO boss showing off programmable LED effects in a Santa cap sparks joy

https://bsky.app/profile/rgblights.bsky.social/post/3lfsapwhlec2c

We are looking for an Android security expert to join our team and work on securing Chrome on Andoird. Job posting is available at https://google.com/about/careers/applications/jobs/results/104891950447895238, but also feel free to reach out to me directly.

My team in Chrome Platform Security is hiring for a senior Android security expert - if you're into syscalls, binder, processes and other low level stuff you'd be perfect - I do this but for Windows and didn't know Chrome or much C++ when I started.

The ad is generic but feel free to ask questions - https://www.google.com/about/careers/applications/jobs/results/104891950447895238 - you'll be a part of a wider security team that works on lots of cool stuff and protects billions of people - https://www.chromium.org/Home/chromium-security/quarterly-updates/

Nerdy black notebooks
Filled with hex strings
These are a few of my
Favorite things🤗