I've uploaded the slides of my recent talk "JS Engine Security in 2025": https://saelo.github.io/presentations/poc_25_js_engine_security_in_2025.pdf. I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).

Fantastic conference as usual, big thanks to the PoC Crew!

Call for articles & art is open for Paged Out! magazine issue #8 - https://pagedout.institute/! (check out the zine if you don't know it - it's free)

As usual, we're looking for 1-page technical articles on topics related to programming, cybersecurity, retro-computing, demoscene, reverse-engineering, CTFs (incl. CTF challenge write-ups), file formats, network protocols, artificial intelligence, and so on. We're also happy to publish articles previously published e.g. on blogs, etc (though in 1-page form of course).

Think about writing something - it's just 1 page, so it's pretty fast to create :)

More info:

https://pagedout.institute/?page=cfp.php

https://pagedout.institute/?page=writing.php

Do I know someone who is (remotely) involved in running the `.hm` domain registry?

📢Call for beta testers!📢
The "Architecture 1901: From zero to QEMU - A Gentle introduction to emulators from the ground up!" course by Antonio Nappa @jeppojeps will begin November 28th. Sign up here: https://forms.gle/LUXaThn4YSYSvk5D7

This course explores the fascinating world of emulation, guiding learners from the fundamentals of CPU design to the internals of QEMU and advanced instrumentation techniques.
 You will start by understanding what emulation truly means—how software can imitate hardware—and progressively build your own 8-bit CPU emulator in Python (SimpleProc-8), extend it with interrupts, I/O, and MMIO, and finally instrument real-world emulators like QEMU.
 The course combines hands-on labs, in-browser exercises, and conceptual lectures to bridge theory and practice, preparing students to tackle topics such as system emulation, hardware-assisted execution, and fuzzing of embedded targets.
By the end, you’ll not only understand how emulators work—you’ll be able to build, modify, and analyze them for research, debugging, and vulnerability discovery.

This is AI slop, sorry for posting it earlier (damn thing fooled me)!

https://stack [.] int [.] mov / a-reverse-engineers-anatomy-of-the-macos-boot-chain-security-architecture/

[RSS] How I Debug Driver Verifier Crashes from Kernel Memory Dumps

https://medium.com/@Debugger/how-i-debug-driver-verifier-crashes-from-kernel-memory-dumps-2e03f35b7731?source=rss-3ba65b326b28------2

A year ago, I saw someone open a book lamp in a bar. It was a pretty expensive product. Since I combine electronics and paper crafting, I had to DIY it and develop an easy-to-use circuit template and instructions for it. This educational project is perfect for libraries. Please #retoot :-)
Template and instructions are available on my website: https://www.voltpaperscissors.com/diybooklamp.
Feel free to ask any questions.
#papercircuit #papercraft #diy #MINT #STEM

imagine living in a world where search engines are so reliable that "let me google that for you" is a common reply to someone asking a question

"Last week the @FFmpeg account began taunting security researchers. Foolish thing to do, as it ignores the asymmetry of their attack surface vs ours.

So as an exercise I found a stack-based buffer overflow on software that he wrote." - @ortegaalfredo

https://threadreaderapp.com/thread/1991974275532636263.html

Normally I'm all for these stunts, but this one...

on the back of the envelope, counting with an avg. yearly salary of $75k for a teacher in the US, the projected $4.8 trillion AI market by 2033 would equal ~7M years of teacher salary every year.

#weirdunits

#select goes brrrr....

EBury SSHD backdoor?? on 400,000 hosts?

Let's fuck around and find out. (Why +s on the .so file???)

Dissect, understand & ridicule. Join the group effort at https://thc.org/ops or SSH straight into the server and check ~/ebury:

ssh -o "SetEnv SECRET=lYQkdQHIuQyTJngVtIskqRLx" root@adm.segfault.net (password is 'segfault')

Calling for the help of the fediverse!
Help spread the word of our browser extension Consent-O-Matic that helps automate answering those ever-present cookie consent pop-ups.

It's developed by researchers at Aarhus University in Denmark and free to use for Chrome/Edge, Firefox and Safari including for iOS.

Also, it's open source, so if you have a bit of technical skill, you can help us improve the rule set for greater coverage.

https://consentomatic.au.dk

🚀 radare2-6.0.6 is out! (codename 'siesso’)

That's the first release after #r2con which comes with tons of awemazing bug fixes and all the new features presented during the conference! #reverseengineering

🔗 https://github.com/radareorg/radare2/releases/tag/6.0.6

See details below 👇

BINGO TIME! With CVE-2025-58034, Fortinet secures the crown in my Insecurity Appliance Bingo. This is technically a "high" severity vuln, but since it's being actively exploited and has landed a spot on CISA KEV, I'm admitting it.

https://cku.gt/appbingo25

Reaching a bingo took longer than expected, with FortiNet and Ivanti sitting at 5/6 vulns since about July. But now, there is a well-deserved winner.

I'm now taking new vuln class and vendor suggestions for next year's edition.

[RSS] Reverse Engineering Casio's .CR5 File Format

https://old.reddit.com/r/ReverseEngineering/comments/1p3ldfq/reverse_engineering_casios_cr5_file_format/

[RSS] FreeBSD considering end of ppc64 support

https://www.talospace.com/2025/11/freebsd-considering-end-of-ppc64-support.html

Thanks @pancake for the swag!

Happy Max Headroom Incursion Day to all who celebrate!

11/22/87 never forget