[RSS] Reverse Engineering Garmin Watch Applications with Ghidra

https://www.anvilsecure.com/blog/reverse-engineering-garmin-watch-applications-with-ghidra.html

[RSS] Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain

https://labs.watchtowr.com/buy-a-help-desk-bundle-a-remote-access-solution-solarwinds-web-help-desk-pre-auth-rce-chain-s/

[RSS] Intego X9: Why your macOS antivirus should not trust PIDs

http://blog.quarkslab.com/intego_lpe_macos_2.html

My final blog related to admin protection is up. https://projectzero.google/2026/02/gphfh-deep-dive.html I go into a bit of history of the interesting GetProcessHandleFromHwnd API, how it ended up allow you to bypass protected process restrictions and how it's now "fixed".

Former General Manager [L3Harris Trenchant] Sentenced to 87 Months for Selling Stolen [0day] to Russian Broker

https://www.justice.gov/opa/pr/former-general-manager-us-defense-contractor-sentenced-87-months-selling-stolen-trade

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

[RSS] Filesystem 101

https://u1f383.github.io/linux/2026/02/26/filesystem-101.html

#Linux

Today, let’s remember Charles Thacker, who was born on this day in 1943. Thacker received the #ACMTuringAward in 2009 for the pioneering design and realization of the first modern personal computer -- the Alto at Xerox PARC -- and seminal inventions and contributions to local area networks (including the Ethernet), multiprocessor workstations, snooping cache coherence protocols, and tablet personal computers.

Read more about him, here: https://amturing.acm.org/award_winners/thacker_1336106.cfm #OTD

You know what, I'm kind of OK with the #Firefox AI opt-whatever solution they have

...compared to the fact that they kill all my sessions by a forced fucking restart when I try to act responsibly and update.

That's fucking outrageous!

Wow, Blogspot seems to have a massive spam problem!

Log4j, *the* project that escalated the need for funding open source in the first place, is currently being DOS’d by slop vulnerability reports. Well done everyone. Slow fucking clap.

https://github.com/apache/logging-log4j2/discussions/4052

#curl is secured for the billions - the steps we take. There is no silver bullet. No magic solution. Just plain engineering and doing everything as good as we can and to keep tightening every bolt there is.

(slide for upcoming presentation)

What Windows Server 2025 Quietly Did to Your NTLM Relay https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/

LOGOS/ASTLOGO.GIF

Want to learn more about Chrome exploitation?

In our latest article, we break down two critical Android GPU driver vulnerabilities that enabled Chrome sandbox escape from a compromised renderer and were used in full device exploit chains. Read the full technical analysis here: https://ssd-disclosure.com/chrome-gpu-sandbox-escape-via-qualcomm-adreno-and-arm-mali-gpu-drivers/

I just realized that my cyclomatic complexity calculator breaks with PyGhidra so I pushed some fixes:

https://github.com/v-p-b/rabbithole

#Ghidra #ReverseEngineering

I found this Veratasium documentary on the xz Jia Tan backdoor adventure quite good and surprisingly detailed:

https://www.youtube.com/watch?v=aoag03mSuXQ

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

The package of my toothpaste says "95% Natural Origin".

5% of my toothpaste is supernatural :O

In the Future All Food Will Be Cooked in a Microwave, and if You Can’t Deal With That Then You Need to Get Out of the Kitchen

https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/