Oh is it time for another Fortinet crit again? Unauthenticated admin password change in FortiSwitch.

CVE-2024-48887, CVSSv3 9.3

https://fortiguard.fortinet.com/psirt/FG-IR-24-435

#CVE #ThreatIntel

“Seniors also recognize that understanding problems isn’t just coming up with an algorithm. It’s understanding who wants the problem solved, why they want it solved, who’s paying for the problem to be solved, what parts of the problem have already been solved, what different kinds of solutions are possible, whether those solutions can be scaled or extended—and much more.”

https://www.oreilly.com/radar/seniors-and-juniors/

Weaponizing DCOM for NTLM Authentication Coercions https://github.com/xforcered/RemoteMonologue

Debugging in the terminal isn't difficult anymore 🔥

🛠️ Meet **heretek** — A gdb TUI dashboard

🐛 Supports viewing stack, registers, instructions, hexdump & more!

🚀 Works with remote targets seamlessly (no gdbserver!)

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/wcampbell0x2a/heretek

#rustlang #ratatui #tui #gdb #debugging #terminal #linux #commandline

Wisdom of the Pentium-M Man

#unix_surrealism #comic #penguin #ai #technomage

Shopware Unfixed SQL Injection in Security Plugin 6 https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness!
🆕 Built-in GraphiQL & #GraphQL Voyager visualization regardless of the target
🆕Circular references detector
🆕Improved batch queries screen
🚀 SPEED!
#doyensec #appsec

https://github.com/doyensec/inql/releases/tag/v6.0.0

LLMs: astrology, for men

New release #IBMi 7.6 is announced! This will be updated as I find more information.
#IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/04/version-76-announced.html

Git turned 20 yesterday. I feel old. Again https://github.blog/open-source/git/git-turns-20-a-qa-with-linus-torvalds/

A deep dive into modern Windows Structured Exception Handler (SEH) [Nov. 2024.]

https://blog.elmo.sg/posts/structured-exception-handler-x64/

Fun fact: you can attach to the gdbserver exposed by #rr and do #TimeTravelDebugging from #Ghidra :)

UX is similar to ret-sync.

#OnThisDay, 8 Apr 1959, Mary K Hawes initiates a project to create the first universal programming language for computers used by businesses and government. Grace Hopper led the team that then created COBOL. Some mainframes are still using it.

#WomenInHistory #OTD #History #WomensHistory #WomenInSTEM #Histodons

Spring has sprung. Birds are singing, flower buds are budding and the #DEFCON33 website is open for business. Bookmark https://defcon.org/html/defcon-33/dc-33-index.html for all the latest info on everything #DC33. August will be here before you know it and you’ll want to be in the loop as things develop.

Stay in touch, and we’ll see you at #defcon.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a1a737c

match

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1a737c.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1a737c.json&colors=light

Apparently Bugcrowd was not pwned, they just try to roll out mandatory MFA:

https://www.bugcrowd.com/blog/bugcrowd-security-update-password-reset-and-mfa-requirement/

Scientists still struggle to come up with a way how this information could be included in the password reset mails they sent out, we’ll keep you updated about any breakthroughs!

h/t @raptor

Interesting talk on designing low-bit floating point number systems. Imagine you have 6-bits, using IEEE754 would you want to waste 6 of your codes for different NaNs? Do you really need two zeros? How about adding ±∞ or does saturating to ±FLT_MAX work for you use case? You can upconvert to Binary32 or Binary64 to do math operations, but which one gives you the better conversion when re-packing back down to 6-bits?

IEEE working group P3109 has the goods.

https://www.ac.uma.es/arith2024/slides/keynote1.pdf

So Bugcrowd got pwned or what?