Random rant re: claiming your online space as a creator of any stripe.

Create connections with your people, not corporate platforms. As in:

"My online shop" *not* "My Etsy shop"

"My newsletter" *not* "My Substack" (or Ghost, etc)

I get that for some people, Substack is currently their only viable option. They do not need the marketing boost.

And I've seen so many times, for two decades now, "Oh look at the cute thing I found on Etsy!" with zero mention of the person who made it. Zero. Reinforce your name, not theirs.

Repetition = recognition. You bust your ass to build your thing. Make sure people remember you, not a corporate platform that could turn on a dime. You deserve better.

Rant over.

SIGBOIVK 2025 [PDF, p170]: https://sigbovik.org/2025/proceedings.pdf

`ccdoom` is a standards-compliant C23 C compiler that has "program-agnostic compilation model" and "advanced whole-program dead-code elimination" that always outputs doom.exe.

> ccdoom adopts a more user-centric approach to safety: the output contains significantly more monsters than the output of most C compilers, but the user is provided sufficient ammunition to defeat them.

Presenting "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at RECON Montreal 2025!
Sharing research on discovering Rust dependencies in compiled binaries.
See you there! 🚀
#RECON2025 #RustLang #ReverseEngineering

RUMOURS are TRUE 🤷‍♀️

PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈
at https://www.offensivecon.org/
BERLIN ("The 𞅀-Day Edition").

Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️

If you've discovered a potential vulnerability in Firefox, please see our way to get rewarded for your work. We do not require exploits. Just a bug description is enough.

Of course, we reward and encourage sending us more details (PoC, detailed report, regression range, potential fix). But to qualify for a bug bounty, all you need is a bug.

Please check our bounty FAQ at https://www.mozilla.org/en-US/security/bug-bounty/faq/

If you've discovered vulnerabilities in major browsers like Chrome, Safari, or Firefox, our program offers a fast, efficient way to get rewarded for your work. We focus exclusively on browsers with a large market share, ensuring your findings have real impact.

Our process is designed for efficiency—eliminating the usual delays and bureaucratic hurdles. You can submit vulnerabilities in minutes, receive detailed feedback within 72 hours, and be compensated with quick payouts within 15 days after validation.

We handle the full disclosure process, including vendor communications and paperwork, so you can focus on what matters: your research. Plus, you can maintain anonymity while receiving fair compensation for your contributions.

Check out the list of supported browsers and get started here: https://ssd-disclosure.com/product-index/

[RSS] Symbol Database for Reverse Engineers

https://symbol.exchange/grep?q=apr_

#ReverseEngineering

UVB-76 operator talking with a pirate - YouTube
https://www.youtube.com/watch?v=jKrNyPnTucQ

"Your call is so important to us, we have fired all the humans and replaced them with a terrible automated system that cannot understand you.

Please hold while we pay our executives another bonus for some reason.

Did you know you can use the Internet to discover our website can't answer your question?"

That SAP NetWeaver bug is pretty ouchy:

https://x.com/gothburz/status/1915755189019017411

#sap, #threatintel

Sent by Remington from Seattle, Washington, U.S.A. on October 16, 1995. https://postcardware.net/?id=27-70

this seems fun
https://www.fixbrowser.org/blog/fixproxy

"Back in 2018, [hyp3rlinx] reported a '.library-ms' File NTLM information disclosure vulnerability [...] this security flaw was finally deemed important by Microsoft and it received CVE-2025-24054"

https://seclists.org/fulldisclosure/2025/Apr/28

Original post:
https://web.archive.org/web/20190106181024/https://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.LIBRARY-MS-FILETYPE-INFORMATION-DISCLOSURE.txt

It's kinda been raised, but its nuts that (according to Mandiant/M-Trends) in 2025:

- vulnerabilities/exploits are the most frequently observed initial vector;

- the top 4 exploited vulns belong to security vendors.

What are we doing here? 🤯😱

Understanding the classical model for linking series by Raymond Chen

The algorithm:
https://devblogs.microsoft.com/oldnewthing/20130107-00/?p=5633

You can override an LIB with another LIB, and a LIB with an OBJ, but you can’t override an OBJ:
https://devblogs.microsoft.com/oldnewthing/20130109-00/?p=5613

Using the classical model for linking to provide unit test overrides:
https://devblogs.microsoft.com/oldnewthing/20250416-00/?p=111077

“Going to the cloud” can mean renting services/servers that you could get from anywhere. There’s little lock-in. The same four words “going to the cloud” might also mean locking your operations to a specific cloud provider, forever. This difference is vital, yet often ignored: https://berthub.eu/articles/posts/beware-cloud-is-part-of-the-software/

"Intel admits what we all knew: no one is buying AI PCs"

People would rather buy older processors that aren't that much less powerful but way cheaper. The "AI" benefits obviously aren't worth paying for.

https://www.xda-developers.com/intel-admits-what-we-all-knew-no-one-is-buying-ai-pcs/

Today we broke 12k stars on #GitHub remaining #1 on Reverse Engineering there and #1 for, “Reverse Engineering Tutorial” on Google. Thanks again for all of your continued support to help get new folks free training on #ReverseEngineering for everyone! https://github.com/mytechnotalent/Reverse-Engineering

🌪️ Something new is coming to TyphoonPWN 2025!

This year, we’re expanding our scope with LG webOS! If you’ve been researching webOS, this is your moment to earn up to $20,000 for discovering an Unauthenticated Remote Code Execution vulnerability.💰

TyphoonPWN is less than a month away — don’t miss your chance to showcase your skills and get the recognition (and rewards) you deserve. 🏆

Remote participation is fully supported. Register now and secure your spot:
👉 https://typhooncon.com/typhoonpwn-2025/

[RSS] Exploiting Undefined Behavior in C/C++ Programs for Optimization: A Study on the Performance Impact

https://web.ist.utl.pt/nuno.lopes/pubs.php?id=ub-pldi25