😂 credit https://ashermaxperlman.com/#cartoons

Interesting Git repos of the week:

Threats:

* https://github.com/haxrob/BPFDoor-controller-source - yay, BPFDoor source

Detection:

* https://github.com/davidjurgens/hallucinated-reference-finder - how many of those references are horseshit?
* https://github.com/Cybereason-Public/owLSM - kernel based Sigma rules powered by eBPF

Exploitation:

* https://github.com/zh54321/SharePointDumper - dump SharePoint
* https://github.com/Byxs20/Krb5RoastParser - have PCAPs, can cookie
* https://github.com/shellkraft/Anvil - analyse thick clients
* https://github.com/bethgelab/foolbox - mislead that neural network
* https://github.com/Oros42/IMSI-catcher - build your own IMSI catcher
* https://github.com/pullmoll/trusttrust - sample code for Reflections on trusting trust
* https://github.com/ZephrFish/BugBountyTemplates - bug bounty templates
* https://github.com/JoasASantos/Offensivesecurity-Checklists - helpful checklists for pen testing

Hard hacks:

* https://github.com/PentHertz/urh-ng - analyse RF protocols and abuse SDR
* https://github.com/wh1te4ever/super-tart-vphone-writeup - bulld your own virtual iPhone
* https://github.com/34306/vphone-aio - virtual iPhone images

Hardening:

* https://github.com/cisco-ai-defense/defenseclaw - watch where you're sticking that claw

#security, #research, #code

Is your KitKat Stolen?
https://nestlecorporate.qualifioapp.com/quiz/1776864_2455/CDCG-KITKAT-STOLEN-FORM.html

This quote from Apollo 14 astronaut Edgar Mitchell has been in my head the last few days

docs.rs builds are about to change. If you have crates published on crates.io/docs.rs, I recommend you read this blog post in case you might be impacted by this change: https://blog.rust-lang.org/2026/04/04/docsrs-only-default-targets/

#rust #rustlang

you ever write code so inefficient they have to update the whole power grid

My Dad sends me horrible Dad jokes all the time, but sometimes he tells one that hits hard. This is one of those times.

"My favourite time of the year is campaign time. It's the only time I see politicans hang from trees."

Tired of reversing the same libc for the 100th time? 👀

Meet SightHouse, our open-source tool that automatically detects third-party library functions in binaries.
High-confidence function mapping. Works with any disassembler. By @madsquirrel & Sami.

🔗 https://blog.quarkslab.com/sighthouse-automated-function-identification.html

🆕 New blog post!

"BitLocker's Little Secrets: The Undocumented FVE API"

A small Windows RE adventure to figure out how to get the status and configuration of a BitLocker protected drive programmatically and without admin privileges.

Now also implemented in PrivescCheck! 🔥

👉 https://itm4n.github.io/bitlocker-little-secrets-the-undocumented-fve-api/

New Project Zero issue:

vpu driver allocation and free of dmabuf and iova can race causing UAF read

https://project-zero.issues.chromium.org/issues/465824679

CVE-2026-0121

[RSS] Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices

https://www.evilsocket.net/2026/04/02/Mongoose-Preauth-Remote-Code-Execution-and-mTLS-Bypass/

[RSS] Review of AzireVPN and Malwarebytes Privacy VPN

https://x41-dsec.de/security/research/news/2026/04/02/malwarebytes/

Here's a fun post for pro- and anti-AI infosec people alike - guess who is going to have to "fix" AI? If you're thinking "not me" well, think again.

https://www.markloveless.net/blog/2026/4/2/the-uncomfortable-effects-of-ai

#security #ai #infosec

Spread the word! @phrack CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of PiotrBania with some hopefully inspiring text from phrack staff :)

phrack.org

🎥 New video about QEMU!

This time, Anton walks through the basics of QEMU system mode using a simple bare metal program! ⚙️

The focus is on understanding how QEMU’s high-level control flow works, from guest code to BIOS, and down to device implementation.

🫡 We’re back.

Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile.

Enjoy the journey with us, while you sob into your hands 🫠

https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/

'people will finally understand that security bugs are bugs, and that the only sane way to stay safe is to periodically update, without focusing on "CVE-xxx"'

Anyone care to explain the logical flow of this sentence? o.O

https://lwn.net/Articles/1065620/

#Linux #LLM

Is it just me or this photo is also a great capture of a toddlers view on their first introduction to the potty? :D

https://www.space.com/space-exploration/artemis/theres-a-bit-of-toilet-trouble-on-nasas-artemis-2-mission-to-the-moon

RE: https://mastodon.social/@invadersil/116324993175863094

TWO THINGS:

1. it’s shocking how well written this terms of service document is. #Microslop uses plain language and proper emphatic formatting to identify what’s important.

2. this was updated on October 24, 2025. since then NOT ONE TECH JOURNALIST has read it; because, not one tech "journalist" has reported that #Copilot IS MEANT AS #ENTERTAINMENT.

Fourth Estate my ass.

Satya Nadella gifted Sam Altman a billion of Windoze money for a lap dance?

c’mon #tech #journalism. DO YOUR JOBS!

"static detection often fails" - the problem with the AV industry is that this is still a headline in 2026...

RE: https://infosec.exchange/@VirusBulletin/116334126813393639