Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution. https://www.zerodayinitiative.com/blog/2025/10/6/crafting-a-full-exploit-rce-from-a-crash-in-autodesk-revit-rfa-file-parsing

Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984) https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984

We just posted our AttackerKB @rapid7 Analysis for the recent Cisco ASA 0day chain; CVE-2025-20362 and CVE-2025-20333. The auth bypass appears to be a patch bypass of an older 2018 vuln. The buffer overflow is in a Lua endpoint, but unsafe native code operations allow a buffer to be overflowed and memory corruption to occur. Full technical root cause analysis here: https://attackerkb.com/topics/Szq5u0xgUX/cve-2025-20362/rapid7-analysis

Just learned how relocations within a binary work:

https://0xrick.github.io/win-internals/pe7/

#windows #binary #relocation #reverseengineering #peheader

I wonder if Microsoft secretly wants everyone to switch to Linux. There are certainly fewer reasons to stick to Windows every day: https://www.theverge.com/news/793579/microsoft-windows-11-local-account-bypass-workaround-changes

#ToddlerDnD

I am constantly feeling like parents have to take daily Alignment checks during Autumn Snot Season. Checks are administered by daycare/school staff.

I'm gonna need an alignment chart for this 😄

#parenting

Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/

I love people saying AI helps with the bullshit stuff. Nobody asking why the bullshit exists in first place and how to get rid of it LOL

Remember the old days?

Why aren't today's routers made out of wood?

Do I know anyone at Akamai? Lots of linux users seem to get blocked, including yours truly. If I use my Mac I have no problems. Changing user-agents doesn't help. https://forums.linuxmint.com/viewtopic.php?t=447257

📣 Germany's close to reversing its opposition to mass surveillance & private message scanning, & backing the Chat Control bill. This could end private comms-& Signal-in the EU.

Time's short and they're counting on obscurity: please let German politicians know how horrifying their reversal would be.

Deer

#pixelart #ドット絵 #art #digitalart #animestyle #monstergirl #inktober #inktober2025

Writeup for the 3rd hole exploitation technique :-).
https://github.com/mistymntncop/CVE-2025-6554/blob/main/exploit.js

pagedout.institute ← we've just released Paged Out! zine Issue #7
https://pagedout.institute/download/PagedOut_007.pdf ← direct link
https://lulu.com/search?page=1&pageSize=4&sortBy=PRICE_ASC&q=PAGEDOUT7 ← prints for zine collectors
https://pagedout.institute/download/PagedOut_007_wallpaper.jpg ← issue wallpaper
Enjoy!

Please please please share to spread the news - thank you!