Having spent the last couple of nights reversing data types I'm all in for UNION busting!

#ReverseEngineering #capitalism

I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: https://youtu.be/z92GobdN40Y

TIL when you recursively search for source files, .ccls-cache can ruin your day because it contains very similar file names to the originals :P

free as in use-after

Friendly reminder from @buherator about your thoughts on reshare and r4ghidra projects: #poll

r4ghidra-r2web - https://mbbkepfl.formester.com/f/GfJNIHusN
r4ghidra-REPL - https://mbbkepfl.formester.com/f/invMupinF
REshare - https://mbbkepfl.formester.com/f/rLvls916S

https://apnews.com/article/japan-softbank-son-nvidia-ai-chips-d8a10172850628c317a214280a4d94c9

You install PSP on your operator workstation and the vendor starts spying on you.

https://www.huntress.com/blog/rare-look-inside-attacker-operation

#opsec

This article highlights how much control endpoint security vendors have over customer machines, and transitively over companies and maybe even nations:

https://www.huntress.com/blog/rare-look-inside-attacker-operation

You only install this stuff, because you trust the vendor (and their government, etc.). Or not, see Kaspersky vs. US.

#AntiVirus #EDR #HackBack

That's … special. Scientists in the field of artifical intelligence telling von der Leyen to stop AGI buzzwording.

https://www.iccl.ie/wp-content/uploads/2025/11/20251110_Scientists-letter-to-the-President-AI-Hype.pdf

[RSS] How I got Domain Admin via Citrix FAS through ESC3

https://scribe.rip/@Debugger/how-i-got-domain-admin-via-citrix-fas-through-esc3-40c6b86d7ae1

From vendor to ESC1

https://scribe.rip/@Debugger/from-vendor-to-esc1-ed32281b7ea7

Awesome blog post explaining why ~all enterprise domains could be pwned via ADCS lately: vendors prescribe insecure configuration to integrate their stuff!

(AFAICT I couldn't post this from my RSS reader, but if you see this for the fifth time, I'm sorry!)

HTTP Request Smuggling in Kestrel via chunk extensions (CVE-2025-55315) https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/

Few exploits with their CVEs for the Unitree G1 humanoid robot https://github.com/Bin4ry/UniPwn

HyperDbg v0.17 is out! ✨🥂

This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.

Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.17

For more information, you can check:

Compound assignments:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#compound-assignment

Arrays:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#arrays

Multidimensional arrays:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#multidimensional-array

I've never published anything so close to my heart. Hope ya love it.

https://www.hcn.org/issues/57-11/heavy-metal-is-healing-teens-on-the-blackfeet-nation/

#Indigenous #metal

/me after a chill Sunday with #IDAPython

I'm now basically doing this out of spite.

We wrote up a blog post detailing our development and quality assurance workflow. We describe how new contributions are merged into the code base, and we address the change to our policy regarding AI-assisted code submissions and the concerns raised about it. https://keepassxc.org/blog/2025-11-09-about-keepassxcs-code-quality-control/

I'm old enough to remember years ago comrades predicting the inevitable fall of software and services which work just fine today.