clownpertino - A simple macOS debugger detection trick.

Pretty sure someone using this one since it's so easy but I haven't seen it in the wild. Just some Monday lulz while the stock markets burn :P

https://reverse.put.as/2025/04/04/clownpertino/

New, by me: Someone hacked into the Everest ransomware gang's dark web leak site and defaced it.

"Don't do crime CRIME IS BAD," Everest's site now reads.

https://techcrunch.com/2025/04/07/someone-hacked-everest-ransomware-gang-dark-web-leak-site

It seems Budapest Micro Vol.2. was last weekend and the only info I can find about it is on the venue homepage and a report on scene.hu wtf?!

[RSS] Command and Conquer Ported to the Pi Pico 2

https://hackaday.com/2025/04/06/command-and-conquer-ported-to-the-pi-pico-2/

It may be Monday, but today is also National No Housework Day, National Beer Day and also International Beaver Day. Do with that information what you will.

salt-n-pepa: *nod approvingly*

I wondered how OSS-Fuzz fuzzes Woff2 fonts with Brotli compression.

The answer seems to be… brute force.

https://issues.oss-fuzz.com/issues/42478986 shows a sample WOFF2 fuzzed font, and it contains a valid Brotli stream.

So oss-fuzz must be fuzzing raw WOFF2 fonts without a special mutator.

Yet it works: OSS-Fuzz coverage shows 93% coverage on the WOFF2 decoder:

https://storage.googleapis.com/oss-fuzz-coverage/freetype2/reports/20250404/linux/src/freetype2-testing/external/freetype2/src/sfnt/report.html

It works, but the uncovered lines are the error lines… As if there’s not enough executions to actually hit the error cases…

looking at the execution coverage:

https://storage.googleapis.com/oss-fuzz-coverage/freetype2/reports/20250404/linux/src/freetype2-testing/external/freetype2/src/sfnt/sfwoff2.c.html

71.2k makes it to woff2_open_font 57.3k makes it to woff2_decompress 14.7k makes it to reconstruct_font 8.68k makes it to the end of woff2_open_font

We emulated iOS 14 in QEMU.
This is how we did it: https://eshard.com/posts/emulating-ios-14-with-qemu

#reverseengineering #cybersecurity #iosdev #ios #apple #devops

I look away for 5 minutes and Annie goes and makes herself home in the vacant spot in the rack,

Little baby

I laughed out loud

Were Still More UK Postmasters Also Wrongly Prosecuted Over Accounting Bug? https://news.slashdot.org/story/25/04/06/0221239/were-still-more-uk-postmasters-also-wrongly-prosecuted-over-accounting-bug?utm_source=rss1.0mainlinkanon

Ben Eater vs. Microsoft BASIC

https://hackaday.com/2025/04/05/ben-eater-vs-microsoft-basic/

Project: golang/go https://github.com/golang/go
File: src/cmd/fix/fix.go:54 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/fix/fix.go#L54

func walkBeforeAfter(x any, before, after func(any))

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ffix%2Ffix.go%23L54&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ffix%2Ffix.go%23L54&colors=light

Be like Ronin...

"Hero rat sets Guinness World Record for detecting landmines"

https://taskandpurpose.com/tech-tactics/ronin-landmines-rat-guinness-world-record/

via @TaskandPurpose

Work in progress JNI helper plugin for #radare2 https://github.com/evilpan/jni_helper/tree/master/r2 #android #java #reverseengineering

(CVE-2025-3155) Arbitrary file read by abusing ghelp scheme

https://gitlab.gnome.org/GNOME/yelp/-/issues/221

"Yelp, the GNOME user help application, allows help documents to execute
arbitrary JavaScript. A malicious help document may exfiltrate user files
to a remote server. A malicious website may download a help document
without user intervention, then trick the user into opening a ghelp URL
that references the help document. This notably requires the attacker to
guess the filesystem path of the downloaded help document."

And we just discussed old-school .HLP exploits the other day...

#EnoughEyeballs

I learned about the “500 mile email" bug the other night and it really is a rather amazing story. If you work with tech I think you'll really appreciate this one: https://www.ibiblio.org/harris/500milemail.html

# ./mpclient_x64 ../eicar.com 2>&1 | fgrep EngineScanCallback 

EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified. 

happy dance

Here's me face talking about low-level #IBMi security:

@recon 2024 - Control Flow Intergrity on IBM i

https://www.youtube.com/watch?v=0uBbklP9BSE

The video also has some '90s VHS vibes to it, the writeup is still available here (minus the last temporal safety stuff):

https://silentsignal.github.io/BelowMI/

Rubia, rack technician.

Happy #Caturday!

#CatsWithJobs #StudioCat #RubiaTheCat