I've been wrestling with #Ghidra's decompiler API and a slight hangover for a couple of hours now (even invoking LLM's!). Turns out I wrote up the gist of the solution 5 years ago:

Ghidra Decompiler Notes (from 2020)
https://gist.github.com/v-p-b/5be986dfe494249374cecf058d4dd41c

I definitely have to find a better place to host this...

#TIL that last month some dimwits at Ventegus Anti-Piracy GmbH (likely on behalf of Hex-Rays?) submitted a #DMCA (Copyright) Complaint to #Google to remove these two pages from search results:

https://0xdeadbeef.info/augur/augur/
https://0xdeadbeef.info/augur/src/haruspex/lib.rs.html

See for yourself:
https://lumendatabase.org/notices/54378675

Not that I care, but WTAF...

I am in this picture.. and I like it :-) #why2025

CVE-2025-48708: #ghostscript can embed plaintext #password in encrypted #PDFs 😶

https://www.openwall.com/lists/oss-security/2025/05/23/2

Debian 13 "trixie" has been released, thanks to everyone involved! "trixie" images are available for download at https://www.debian.org/distrib/ or you can run apt full-upgrade as always ;-) #debian #debian13 #trixie #ReleasingDebianTrixie

[RSS] Should you trust your zero trust? Bypassing Zscaler posture checks

https://www.synacktiv.com/en/publications/should-you-trust-your-zero-trust-bypassing-zscaler-posture-checks

[RSS] Hyper-V Research [by r0keb]

https://r0keb.github.io/posts/Hyper-V-Research/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 004f2a10

tls_post_process_client_hello

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=light

Thanks to the most awesome @c3voc people the most excellent registration of my #why2025 talk yesterday is up already! DNA & Molecular Biology: A 2025 digital view has been released on media.ccc.de and YouTube #why2025 #Thesquarehole #Andromeda #why2025eng https://media.ccc.de/v/why2025-33-dna-molecular-biology-a-2025-digital-view https://www.youtube.com/watch?v=22lcbiXf9gc https://program.why2025.org/why2025/talk/GGDRKY/

#iocaine has been up for 11d 12h 45min, and spent 1d 16h 7min dealing with - gestures hands wildly - everything.

In the past 24 hours, it served 12.10M requests, 98.82% of which were garbage, 1.18% passed through unscathed, and 0.01% were fed to the Cookie Monster. This required about 104.97MiB of memory on average, and 34.57GiB of absolute trash was served to the nastiest visitors.

Top three garbage consumers were:

1. Bots trying to hide (and failing) - 8.31M
2. ClaudeBot - 1.74M
3. GPTBot - 814.69k

In these trying times, 0.11% of all requests were likely of human origin: I hope you enjoyed your stay, and will visit again! Of all requests iocaine let into the garden, 69.25% were from Fediverse software. Thank you! #FediHug

#AIStatsPorn

Boycott all movies, entertainments, concerts, newspapers which are in any way connected with the quisling authorities.

PHONY AWARD ceremony at the PHRACK PARTY at @why2025camp hosted by @Emerson @thc and tmp.out

VOTE (by shouting) for the “Biggest Security Facepalm” and more. Legends like Hegseth and Crowdstrike have been nominated and informed.

Winning prize is the privilege to be trolled by us and pay for phrack's next print release :>

Interesting links of the week:

Strategy:

* https://www.ncsc.gov.uk/blog-post/caf-v4-0-released-in-response-to-growing-threat - NCSC CAF 4.0 drops
* https://cfp.bsides.london/bsides-london-2025/cfp - BSides London CFP is open
* https://data-media.s3.us-east-1.amazonaws.com/assets/CISOs+guide+to+SAP+Security.pdf - a CISO view on SAP

Threats:

* https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/ - PA give their thoughts on telco intrusions

Detection:

* https://medium.com/anton-on-security/soc-visibility-triad-is-now-a-quad-soc-visibility-quad-2025-72811401073a - @anton_chuvakin's take on what comes next in SOCs... is it AI or is it fuck?
* https://www.greynoise.io/resources/early-warning-signals-attacker-behavior-precedes-new-vulnerabilities - what to look for as new bugs rain down...
* https://bakerstreetforensics.com/2025/08/02/enhance-threat-hunting-with-mitre-lookup-in-malchela-3-0-2/ - neat @mitreattack integration
* https://www.totes-legit-notmalware.site/home/detection-exercise-d-link-dir-513-cves-2025-8184-8169-and-8168 - @da_667 talks IDS detections

Exploitation:

* https://specterops.io/blog/2025/07/29/bloodhound-v8-usability-extensibility-and-opengraph/ - new dog, who dis?
* https://www.incendium.rocks/posts/Exploit-Development-For-MSRPC/ - developing exploits for Microsoft RPC
* https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/ - @trailofbits exploit some 0lddays
* https://secret.club/2022/08/29/bootkitting-windows-sandbox.html - breaking the Windows sandbox
* https://blogs.cisco.com/security/extracting-training-data-from-chatbots - another way to fuck with LLMs

Hardening:

* https://lwn.net/Articles/1030669/ - how security patches land in Debian

Development:

* https://metacpan.org/dist/MCP - MCP in Perl
* https://20455591.fs1.hubspotusercontent-na1.net/hubfs/20455591/Website%20Assets/Secure%20Coding%20Guideline%20en%20BASE24%20.pdf - writing secure Base24 code

Nerd:

* https://www.e-resident.gov.ee/uk-hub-digital-residency-setup/ - become a virtual Estonian

#security, #research

I pushed my Rust utils to crates.io so you can install them easily with cargo:

https://crates.io/users/v-p-b

Radare2 continues to broaden its architecture support, Version 6.0.0 adds support for several lesser-known or specialized targets, including:

- RCA COSMAC 1806 microprocessors
- TMS320 C6x DSPs from Texas Instruments
- Classic Macintosh and BeOS PEF binaries
- Plan 9 RISC-V binaries
- Updates to EVM support for recent Solidity versions

This is an interesting pro-AI take, exploring beyond the hype. I do like some of its points. Maybe accuracy (not that we all have been doing a great job) etc are irrelevant in the future and speed is what matters. A broken/insecure system that has ability to update and fix in real time might be better than the current crap patch cycle we have (although it seems patching gaps are crashing hard). Fits well the potential displayed at AIxCC contest.

https://fluxus.io/article/a-hitchhikers-guide-to-the-ai-bubble

In 40 minutes at 11 AM Dutch time you can watch a presentation on the Cyber Resilience Act here: https://streaming.media.ccc.de/why2025/andromeda https://program.why2025.org/why2025/talk/RT9XQ9/ @vaurora

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: https://http1mustdie.com/

Good morning @why2025camp - we are up and running and the first talks just started off. Live streams are here https://streaming.media.ccc.de/why2025/ #why2025camp #why2025 - we are still having a lot of camera, video mixing and audio mixing shifts open. If you'd like to volunteer and maybe know something about video - feel free to come to the Productiehuis HelpDesk https://map.why2025.org/?building=35&building_table=buildings#maphash=19/52.691395/4.744388/-20 ^th

Another fresh #Python #tarfile #vulnerability

Python TarFile.extractall(..., filter='tar') arbitrary file chmod

https://github.com/python/cpython/issues/127987