Three questions about Apple, Encryption, and the U.K. https://blog.cryptographyengineering.com/2025/02/23/three-questions-about-apple-encryption-and-the-u-k/

台湾旅行🚥🙏
#tokyocameraclub
#東京カメラ部

I spent last night writing about the things on my site that I am the most proud of https://shellsharks.com/devlog/build-then-smile

The #IndieWeb allows us to express ourselves in many ways, through our writing, through our site aesthetics, etc... over the last 5 years+ I've built a place on the web that I really enjoy hanging out at. So for everyone out there similarly building a digital "home" on the web, remember to look back and smile at what you've accomplished!

23 February 1914 | Bernard Świerczyna was born, a Polish soldier, #Auschwitz prisoner no. 1393, one of the leaders of the resistance in the camp.

3 days before he was hanged (30 December 1944) he wrote those words inside cell 28 in the basement of Block 11 at Auschwitz I.

I just read this (now deleted) question on Reddit:

"Wich One İs better Hack the box Or Try Hack me?" (sic!)

This may be unpopular, but IMO
1) Nothing beats building your own environments, as you'll learn *how* the stuff works and *why* misconfigs happen.
2) Real targets rarely have as limited attack surfaces as these lab machines. A crucial skill is to filter the data you get from initial scans (IIRC OSCP labs were more realisting in this aspect).

#TryHackMe #HackTheBox #pentest #training

[RSS] Spice86: Reverse engineer and rewrite real mode DOS programs

https://github.com/OpenRakis/Spice86

[RSS] From Zero to Emo - My Journey of Many Failures in kernelCTF

https://u1f383.github.io/linux/2025/02/21/from-zero-to-emo-my-journey-of-many-failures-in-kernelCTF.html

🆕 blog! “Why are QR Codes with capital letters smaller than QR codes with lower-case letters?”

Take a look at these two QR codes. Scan them if you like, I promise there's nothing dodgy in them.

   

Left is upper-case HTTPS://EDENT.TEL/ and right is lower-case https://edent.tel/

You can clearly see that the one on the left is a "s…

👀 Read more: https://shkspr.mobi/blog/2025/02/why-are-qr-codes-with-capital-letters-smaller-than-qr-codes-with-lower-case-letters/
⸻
#qr #QRCodes

it took me so much time to finish this exploit but I finally did it! my first guest-to-host virtualbox escape is finally ready, using a combination of 2 bugs I can target the latest version :)
Eternal thank you to my dear friend Corentin @onlytheduck for constantly encouraging me and guiding me how to approach, research and exploit hypervisors ✊⭐️

[RSS] Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].

https://www.ibm.com/support/pages/node/7183835?myns=swgother&mynp=OCSWG60&mynp=OCSSB23CE&mynp=OCSSTS2D&mynp=OCSSC5L9&mynp=OCSS9QQS&mync=A&cm_sp=swgother-_-OCSWG60-OCSSB23CE-OCSSTS2D-OCSSC5L9-OCSS9QQS-_-A

#teachers #teaching #history #political

Released Pwndbg 2025.02.19 with new commands for dumping Linux kernel nftables, initial LoongArch64 support and more!

See changelog on https://github.com/pwndbg/pwndbg/releases/tag/2025.02.19 !

#pwndbg #gdb #pwning #reverseengineering #binaryexploitation #kernel #debugging

[RSS] Pluralistic: Ad-tech targeting is an existential threat

https://pluralistic.net/2025/02/20/privacy-first-second-third/

Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.

— Andy Rooney

I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.

Slides are here:
https://docs.google.com/presentation/d/1-CgBbVuFE1pJnB84wfeq_RadXQs13dCvHTFFVLPYTeg/edit?usp=drivesdk

Writing a #Ghidra processor module

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/?ref=blog.exploits.club

"In this article we will create a Ghidra processor module for the iRISC processors, these processors are embedded in the ConnectX series of NICs from NVIDIA/Mellanox."

Not a beginners tutorial, as it skims over many important steps and details, but still good to have more of these as there's always a trick or two to learn.

Optimizing the regexes, or not

https://www.hexacorn.com/blog/2025/02/22/optimizing-the-regexes-or-not/

It's EXPLOIT CLUB DAY 📰

Linux kernel goodies from @h0mbre_

@patch1t spends another week showing you no patch is safe

@vv474172261 makes Microsoft re-think their bounty program

USB Restricted Mode Bypass RCA from @quarkslab

+ Jobs and MORE 👇

https://blog.exploits.club/exploits-club-weekly-newsletter-60-kctf-patch-gaps-usb-restricted-mode-bypasses-llm-harnesses-and-more/

Released Pwndbg 2025.02.19 with new commands for dumping Linux kernel nftables, initial LoongArch64 support and more!

See changelog on https://github.com/pwndbg/pwndbg/releases/tag/2025.02.19 !