you had ONE job

"Just fucking use HTML"- https://justfuckingusehtml.com/

Just a tiny bit offensive. 🤏

🔥 So, at DEF CON there was a talk about deobfuscation: VMDragonSlayer by @van1sh_bsidesit.

The author released the code and there's clearly huge amounts of AI slop.🤖

Now, WE WENT TO THE TALK and spoke with the speaker after the talk. 🧵
https://bird.makeup/users/dodo_sec/statuses/1960547263605772738

[RSS] Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309)

https://blog.amberwolf.com/blog/2025/august/advisory---netskope-client-for-windows---local-privilege-escalation-via-rogue-server/

newtons per kernel module

Entertaining and inspiring #pwn2own #xdev writeup 👏 (also from a few months back)

#Lorex 2K Indoor Wi-Fi Security Camera: RCE #Exploit Chain

https://github.com/sfewer-r7/LorexExploit

https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf

[RSS] This Week in Security: DEF CON Nonsense, Vibepwned, and 0-days

https://hackaday.com/2025/08/29/this-week-in-security-def-con-nonsense-vibepwned-and-0-days/

by Hackaday

Don't forget: this Friday, September 5th, is a #BandcampFriday and a #FairTradeMusicFriday!

https://IsItBandcampFriday.com
https://IsItFairTradeMusicFri.day

#FediMusic #Bandcamp #FairTradeMusic #Music #Musodon

KernelSnitch - Side-Channel Attacks on Kernel Data Structures

https://lukasmaar.github.io/slides/ndss25-kernelsnitch.pdf

Unrelated to the particular context this came up, is there a name for this? I've seen this behavior a bunch of times, esp. in IT!

RE: https://mstdn.io/@wolf480pl/115113655884602210

I think people often forget (or maybe never knew) that the CVSS scores provided by the NIST NVD are base scores and can be modified by organizations to better reflect their own situation.

For example, take a vulnerability that with a network attack vector and high impact to availability. Base score could be 9.3 (critical). But in your environment, let's say that system is not open to the Internet and would require access from an adjacent system. That could drop it to an 8.5 (high).

It's not a perfect system, but I think a lot of people start and end at the base scores.

https://nvd.nist.gov/vuln-metrics/cvss/v4-calculator

Do the “unfashionable” thing: use pen and paper. https://medium.com/@rehmanmomin/the-unfashionable-art-of-actually-learning-things-0cc7359dbb88

🆕 PrivescCheck important change!

I killed PrivescCheck.ps1, well..., sort of...

Starting from now, the file is no longer available in the repository. Instead, it is now provided as a release file (more information in the README).

As you may already know, the file "PrivescCheck.ps1" is generated using a custom build script. This allows me to separate the code into multiple files and then gather and compress everything into a single one.

For a while now, I've been manually executing this script every time I wanted to push new features. This was nonsensical. So, I finally took the time to implement an automated workflow on GitHub so that release files are created automatically. Hopefully, this will save me some time in the long run. Also, it will serve as the base for an important feature I plan to implement. 😉

https://github.com/itm4n/PrivescCheck/releases

Happy #Skynet Day!

Pentagon ends Microsoft's use of China-based support staff for DoD cloud

'It blows my mind,' says SecDef The Pentagon has formally kiboshed Microsoft's use of China-based employees to support Azure cloud services deployed by US government agencies, and it's demanding Microsoft do more of its own digging to determine whether any sensitive data was compromised. …
#theregister #IT
https://go.theregister.com/feed/www.theregister.com/2025/08/29/pentagon_ends_microsofts_use_of/

I really wish Elastic released the submission they got to clear up what's going on with this alleged 0day...

https://www.reddit.com/r/netsec/comments/1n394gs/elastic_edr_0day_part_2_technical_details_and_the/

r2frida-6.0.2 is out! Shipping small fixes for breakpoints and remote filesystem access and removing the build dependency with NodeJS https://github.com/nowsecure/r2frida/releases/tag/6.0.2

New blog post:
In which I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814.
https://vladdba.com/2025/08/29/poc-sql-injection-sql-server-2022-cu20-gdr-kb5063814/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #security #sqli #sqlinjection

fursuits per digital signature

What kind of tool do I use if I want to automatically generate code in multiple languages for parsing text conforming a (e.g. JSON) schema to objects/structs, based on a given schema?

I already found a bunch of JSON schema validators, but I also want my text->typed object code to be fully generated.

#programming