Got angry, posted about academic fuzzing research status quo again: https://addisoncrump.info/research/what-the-hell-are-we-doing/

please enjoy: my Wasm-hosted, Wasm-targeting build of Clang/Clang++/LLD: a self-contained, 25 MiB (gzipped) pure function
https://www.npmjs.com/package/@yowasp/clang

The MI-12877 was a cartridge containing thin magnetic wire for recording and playback of audio, and was introduced in 1947 for use in the RCA Magnetic Wire Recorder. Wire was already in use as a recording medium but it was fragile and needed to be threaded across the recording head and attached to a take-up spool. The use of a cartridge made this much easier.

I'm grateful to my friend Thomas for donating this.

For more information, visit https://obsoletemedia.org/mi-12877/

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/ssa/rewritegeneric.go:3307 https://github.com/golang/go/blob/6425749695130f2032ac9cfdf5407b6a322534db/src/cmd/compile/internal/ssa/rewritegeneric.go#L3307

func rewriteValuegeneric_OpAnd32(v *Value) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2Frewritegeneric.go%23L3307&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2Frewritegeneric.go%23L3307&colors=light

It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.

Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 https://github.com/1337-42/SimpleYaraBN

Video: Part 1 of 2

When you go to the lavatory, spend a longer time there than is necessary.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a296fa0

sqlite3VdbeMemGrow

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a296fa0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a296fa0.json&colors=light

I know inference is _relatively_ cheap but do we really need to invoke Copilot for each commit message?

As a result of working on r4ghidra I set the ambitious goal to create REshare, an exchange format for #ReverseEngineering tools:

https://github.com/v-p-b/reshare/

The code is still in its early days (literally) but the fact that it works with complex, real life binaries tells me that this goal is worth pursuing.

I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!

You can watch my #r2con2025 talk here:

When worlds collide: r4ghidra

https://www.youtube.com/watch?v=NbSiNBaBgM4

Slides:

https://scrapco.de/dataslate/r2con-r4ghidra.pdf

What are the most well-known private keys?

The most (in)famous ones I’ve heard of are:

• the Debian OpenSSL weak keys
• the TI-83 Plus RSA key - factorized by Benjamin Moody
• the Sony PlayStation 3 ECDSA signing keys - recovered by fail0verflow

Anything else?

Chinese companies provide Europe’s critical energy infrastructure: insecure and foolishly dangerous. There are still European alternatives but we need to act now. Together with colleague @MiriamMLex we are circulating an urgent letter for immediate action:
https://www.politico.eu/article/europe-solar-industry-having-huawei-moment

$1,024,750 - 73 unique bugs - a week of amazing research on display. #Pwn2Own Ireland had it all. Success. Failure. Intrigue. You name it. Congratulations to the Master of Pwn winners @SummoningTeam! Their outstanding work earned them $187,500 and 22 point. See you in Tokyo for Pwn2Own Automotive.

I was reading the diary of someone who was friends with a lot of famous Hungarian literary figures in the 1920s. All names associated with high literature and poetry.
At one point the diarist notes that they all used to devour crime novels like it was a competition, and they exchanged them amongst themselves.

I think my high school Literature class experience would have been different if they told us our great literary minds also read paperback fiction for fun.

#bookstodon #books

Apple SEAR is hiring offensive security researchers!

We’re looking for talented researchers across multiple areas of security.

Check out the job description here:
https://jobs.apple.com/en-us/details/200623813-2911/offensive-security-researcher?team=SFTWR

If you’re interested in low level systems like RTOS, firmware, coprocessors, embedded components, or microkernels, my team would especially like to hear from you.

Feel free to reach out if you have any questions.

#infosec

[RSS] exploits.club Weekly Newsletter 90 - Fuzzing Rust Subsystems, Pwn2Own Near Misses, Linux 1-Days, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-90-fuzzing-rust-subsystems-pwn2own-near-misses-linux-1-days-and-more/

My talk about integrating #ReverseEngineering tools is to be broadcasted in a couple of hours for #r2con2025:

https://rada.re/con/2025/

I'll release a ton of code and will be around on Discord for questions and comments.

So I just fought the weirdest bug in a while: lately #Ghidra provides a #Python scripting interface based on #Jpype (PyGhidra).

I had this script where I thought I fixed a bug by referencing X.y.z instead of X.z. Except nothing changed, the buggy behavior is still there (the file output contains garbage).

I add logging, the logs appear and show everything is fine.

Add more logs, exceptions even (to stop at a specific state). They run and show all is fine.

After I restart Ghidra the bug is gone.

To be clear: there must be some kind of bytecode caching that affects my object reference but does not affect additional logging/exception throwing??

Any ideas?

Programmer Gets Doom Running On a Space Satellite https://games.slashdot.org/story/25/10/23/2128244/programmer-gets-doom-running-on-a-space-satellite?utm_source=rss1.0mainlinkanon

This is maybe the biggest FINALLY in my career as a purveyor of Oddly Specific Objects: The Open Book is in prelaunch at Crowd Supply! But it's not the same old Open Book; we're launching the all-new, completely reimagined Open Book Touch with WiFi and Bluetooth support, a higher-resolution display, capacitive touchscreen, and frontlight with adjustable color temperature. Subscribe for updates here! https://www.crowdsupply.com/oddly-specific-objects/open-book-touch