📢Call for beta testers!📢
Microsoft mandated the presence of Trusted Platform Modules for new Windows 11 machines. Now's a good time for security experts & hackers to familiarize themselves with what TPMs are, and what they can (and can't) add to the security of a system. You can do that by joining the beta test of the OST2 class "Trusted Computing 2202: TPM 2.0 Programming using Python and the tpm2-pytss libraries" by William Roberts (maker of the tpm2-pytss library) which will start July 14th and run for 1 month. It will take ~8 hours to complete.
https://forms.gle/cbBazgq7m24QSxTD6

💣 CLIXML #deserialization in #PowerShell isn't harmless… At #PSConfEU 2025, Alexander Andersson showed how it enables: ✔ Lateral movement ✔ Privilege escalation ✔ Guest-to-host VM breakouts 🎟️ Early bird 2026 tickets → psconf.eu #Security #CLIXML

- YouTube

PSA: the CfP of eth0 is open, please submit a talk and/or workshop!

And yes, your thing is interesting! Especially if you've never done a talk before, eth0 is a great place to start :)

You can add it to the wiki or mail your proposal to info@eth0.nl

https://wiki.eth0.nl/index.php/Eth0:2025_Autumn_Talks_%26_Activities

General Devices for Lowering Morale and Creating Confusion

I released version 0.2.4 of Typage, the TypeScript implementation of age for Node/Deno/Bun and browsers.

encrypt and decrypt now accept and return ReadableStreams to encrypt/decrypt large files on the fly. The returned object also has an additional method to compute the expected output size from the input size.

https://github.com/FiloSottile/typage/releases/tag/v0.2.4

Okay, let's say for shits and giggles that you're major manufacturer Phillips.

You want everyone to use your smart home stuff via the Phillips Hue bridge.

Why would you use NTP from China?

First it was people sharing slide decks instead of writing an article or a blog post. Then it was people writing long threads on twitter etc. instead of writing an article or a blogpost. Then it was people posting overproduced video clips instead of writing an article or a blog post. Then we had reaction videos of people discussing an overproduced video by someone else instead of writing an article or a blogpost. Now we have AI trying to summarise that.

Just write an article or blogpost, folx!

Things aren't looking well with the world, but treat yourself to this AWESOME list of accepted talks over at @why2025camp - just SO much goodness! (and two talks from me, which I will be doing my utmost to also make awesome). This will also be streamed live for the world: https://vote.why2025.org/why2025

My Unix Archive mirror was slaughtered by LLMs overnight, it is on a 10G link, they were taking over 1Gbps in requests to the same files over and over again.

I have Geo-blocked the whole of the US to stop them (with PF).

This is ridiculous.

watt-hours per memory corruption bug

Building Linux kernel on macOS natively

https://seiya.me/blog/building-linux-on-macos-natively

Spotted a reverse engineering boutique at Zurich main station

In programming the hard part isn't solving problems, but deciding what problems to solve.

— Paul Graham

The attempts by law enforcement & governments to subvert end-to-end encryption are ongoing. The European Commission is going to spend a year thinking about their new "Roadmap for law enforcement access to data", and they are (genuinely) asking for people to join their expert group to help. Here I urge you to join that group (also because I can't): https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/

#campplusplus this year is, again, fabulous. Highly recommended to attend.

Are we bleeding out? Enjoy our analysis of CitrixBleed 2, aka CVE-2025-5777 - the "new" Citrix NetScaler Memory Leak vulnerability.

We've been using this mechanism to identify vulnerable systems, and hope it helps the teams that need it.. enjoy!

https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777