Interesting Git repos of the week:

Strategy:

* https://github.com/TalEliyahu/awesome-CISO-maturity-models - modelling your strategy

Detection:

* https://github.com/yevh/TaaC-AI - threat modelling as code
* https://github.com/thalesgroup-cert/Watcher - build your own threat hunting platform with Thales
* https://github.com/microsoft/msticpy - Microsoft's TI tooling

Exploitation:

* https://github.com/specfy/stack-analyser - what's in the stack?

Hardening:

* https://github.com/nistorj/ISR1000 - guestshell on the ISR1000

#security, #research, #code

I struggled a couple of hours because my sshfs connections kept breaking, that made my browser hang in many different ways (fuse ftw!).

I suspected my router getting bust, but of course I was wrong. The problem - as always - was DNS.

[FD] Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing

https://seclists.org/fulldisclosure/2025/May/0

Just block egress SMB connections already!

Don’t forget to patch your #forgejo tomorrow! (Security related)
https://floss.social/@forgejo/114433179035067022

I'm proud to announce that myself and @atipriyabajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. https://sure-workshop.org/

Please follow our workshop account @sureworkshop and RT it for visibility :).

Here's something counterintuitive to non-practitioners: curve P-521 is often less secure in practice than curve P-256.

The latter is more popular, and so better tested. The risk of implementation bugs dwarfs the risk of partial cryptanalysis of ECC, so picking P-521 optimizes for the wrong thing.

[RSS] CVE-2025-21756: Attack of the Vsock

https://hoefler.dev/articles/vsock.html

#linux

[RSS] Pwning the Ladybird browser

https://jessie.cafe/posts/pwning-ladybirds-libjs/

Intel's 386 processor (1985) moved the x86 architecture to 32 bits, but it needed to be backward compatible with earlier 16 and 8-bit processors. As a result, it needed complicated circuitry for its internal registers: six different circuits for 30 registers. Let's look at the silicon circuits. 1/N

Attacker Control and Bug Prioritization

https://binsec.github.io/nutshells/usenix-sec-25.html

/via @exploitsclub

BinPool: A Dataset of Vulnerabilities for Binary Security Analysis

https://github.com/SimaArasteh/binpool

/via @exploitsclub

Overview of Map Exploitation in v8

https://xia0.sh/blog/visit-the-map/visit-the-map

/via @exploitsclub

Google is quietly testing ads in AI chatbots
Unsurprisingly, an advertising company is finding more places to run ads.
https://arstechnica.com/ai/2025/05/google-is-quietly-testing-ads-in-ai-chatbots/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

🔐 The SLB 9670VQ2.0 FW7.85 SPI TPM module sounds like something your cat would type mid-zoom call — but it's actually a serious piece of security hardware.

This TPM (Trusted Platform Module) chip is used in motherboards and SBCs to store crypto keys, generate true random numbers, and keep your hardware’s trust chain tight, even if the rest of your system isn’t Fort Knox. TPM 2.0 is even a requirement for modern OSes like Windows 11.

TP-Link is CNA now.

A BIG WELCOME to these 7 CVE Numbering Authority (#CNA) partners that joined the #CVE Program in April!!!

* CTOne
* Insyde Software
* Jaspersoft
* Sandisk
* Spotfire
* The Qt Company
* TP-Link

Join: https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner

Weird how Wired is saying that the reason DPRK workers are getting Western tech jobs is because they're using AI to deviously trick recruiters.

With AI, their schemes are now more devious—and effective

But where's the discussion on how it's because said recruiters are also relying on bullshit AI tools? Not to mention the whole "foreigners stole your job" vs "corporations are willingly giving the jobs to foreigners who are not legally authorized to work in $country" bullshit.

https://www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/

How to win my instant support as a customer:

"We have decided not to focus on generative AI features, and instead reinvest heavily in quality assurance for our core products through hiring, training, and process development."

Since @wdormann is quoted in this piece and I can't find Dan Wade's handle, I'm tagging him in.

Is this suggesting that the RDP cred cache never gets updated? Ever ever?

Also what's up with this?

Old credentials continue working for RDP—even from brand-new machines.

That makes no sense at all.

https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that

Tomorrow is Bandcamp Friday. I've got fuck all money for the next 2 weeks, someone bought my discography the other day and I won't starve to death but if you dig obscure indie music of the dark electro rock type pokemon, perhaps consider buying my music tomorrow via Bandcamp! Shares help. Checking my music out and commenting on it helps! #bandcampfriday #music #art #fedimusic #fedimusicians #bandcamp

Https://Limneticvillains.bandcamp.com

Also I'm on Faircamp! https://negativevoid.art/limnetic

Thank you Fediverse.