Posts
2609
Following
669
Followers
1496
"I'm interested in all kinds of astronomy."
buherator
repeated
radareorg@infosec.exchange

radare2 radare verified

⏲️ One week left for r2con2025! Are you ready?

0
5
0
buherator

buherator

[RSS] Lucid Dreams II: Harness Development

https://h0mbre.github.io/Lucid_Dreams_2/

#fuzzing
0
0
1
buherator

buherator

I'm really curious how libtiff is embedded in Windows so that CVE-2016-9535 could apparently lead to RCE in 2025

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-9535
0
0
2
buherator
repeated
cR0w@infosec.exchange

sp00ky cR0w 🏴

Hold up, F5 is offering a free year of Blue Falcon EDR to customers? Apparently getting your remote access gear popped isn't enough so customers can also have a little unpredictable system crash, as a treat.

1
2
0
buherator
repeated
FritzAdalis@infosec.exchange

Fritz Adalis

RE: https://mastodon.social/@ratemy8k/115378205898848550

F5 popped.

0
7
0
buherator
repeated
defcon@defcon.social

DEF CON

Creators alert!

The Call For Creators is open! Got an idea for a Contest, Village or Community you'd like to see at DEF CON Singapore? Get your submission in and let's work together to bring your ideas to life. The info you need is here:

https://forms.cloud.microsoft/r/eQgGJPVffy

Let's make something amazing!

0
2
0
buherator

buherator

I think it was @david_chisnall who pointed out earlier that coding LLM's will become much less useful when we stop doing (expensive) training to keep up with breaking changes in API's.

Well, I just spent two hours trying to fix some code that was buggy because the API changed less than a year ago and came to the decision of reading the F manual and write that 200 LoC myself.

(to be fair, I think this would work if the LLM had access to a complier and runtime)
1
0
1
buherator

buherator

[RSS] The October 2025 Security Update Review [by ZDI]

https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review
0
0
1
buherator
repeated
sysinternals@bird.makeup

Sysinternals

🚀 New Sysinternals updates just dropped!
ZoomIt now supports image smoothing for crisper visuals
ProcDump for Linux adds restracking - no triggers needed

Grab the latest tools at http://sysinternals.com.

See what's new on the Sysinternals Blog: https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-10-procdump-3-5-for-linux-and-jcd-1-0-1/4461244

0
2
0
buherator

buherator

#music #edm
Show content
Give this guy a Nobel Prize (any field would do)

https://www.youtube.com/watch?v=z-8JELUcjMM
0
0
1
buherator
repeated
campuscodi@mastodon.social

Catalin Cimpanu

Synacktiv looks at LinkPro, a new Linux eBPF-based rootkit it found deployed on a customer's hacked AWS infrastructure

https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis

0
4
0
buherator

buherator

[RSS] Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers

http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
0
5
5
buherator
repeated
brian_greenberg@infosec.exchange

Brian Greenberg verified

Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/

0
6
0
buherator
repeated
b0rk@jvns.ca

Julia Evans

TERM

https://wizardzines.com/comics/term/

(from The Secret Rules of the Terminal, out now! https://wizardzines.com/zines/terminal)

0
3
0
buherator
repeated
cryptax@mastodon.social

cryptax

Wow

https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/

a case where you use LIEF to patch an Android .so :)

to read when you're fully awake.

1
5
0
buherator
repeated
cR0w@infosec.exchange

sp00ky cR0w 🏴

Patch your Mozilla things.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-82/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-84/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/

1
2
0
buherator
repeated
campuscodi@mastodon.social

Catalin Cimpanu

Infosec drama, part 283,293: FuzzingLabs accuses Gecko Security of stealing two CVEs and backdating blogs

https://x.com/FuzzingLabs/status/1977720899114606745

0
3
0
buherator
repeated
stf@chaos.social

stf

\m/ dnet just released v0.6 of androsphinx, a v2.0 compatible client for the ! \o/

you ask, wtf sphinx? check out: https://sphinx.pm

get the android client here: https://github.com/dnet/androsphinx/releases/tag/v0.6

1
1
0
buherator

buherator

ChkTag: x86 Memory Safety

https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/ChkTag-x86-Memory-Safety/post/1721490
0
1
1
buherator

buherator

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves

https://arxiv.org/pdf/2510.09272

#fromTwitter
0
0
2
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.