shitpost driven development

It's been a while since I did a vulnerability research article. How about a little DoS zero-day as a treat?

https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html?1

電気屋ミクさんに触発されて電子部品屋で働くミクさんを描いた #shapoart

RE: https://social.security.plumbing/@freddy/116685551584070386

The presentation will also finally answer the question whether I am a one trick pony. 🫣🤫

Parsing modern ASP.NET Core Identity password hashes for password cracking with hashcat. https://www.pentagrid.ch/en/blog/parsing-modern-aspnet-core-identity-password-hashes-to-hashcat/ #itsecurity #infosec #hashcat #asp #dotnet

If MS really wanted to improve Notepad they'd just replace it with vim

Bug tracker use and etiquette should be part of university curriculum.

"The mental model and the explanation aren’t two things – they’re the same object. I think people assume good explanations are simplifications of the expert’s real model. Sometimes they’re just the expert’s real model."

https://xania.org/202605/walking-the-dog

Interesting interview format too!

[RSS] Pwning Minecraft: 4-Byte Heap Overflow to RCE

https://osec.io/blog/2026-06-02-minecraft-heap-overflow-to-rce

Today I begin posting a series of twice-weekly blog posts describing security software I've developed for personal use over the last 25 years that may be useful for others who manage home or small business infrastructure using OpenBSD, Linux, and/or macOS. https://lippard.blogspot.com/2026/06/25-years-of-openbsd-security-tools.html

Just like last year, we replaced a whole wall of movie posters with our own punny movie posters at the cinema where RustWeek 2026 took place. I designed seven new posters for this year's event. See the thread below 👇

I don't mean to brag but I already did this

Researchers teach brain cells to play 'Doom'

https://phys.org/news/2026-05-brain-cells-play-doom.html

[RSS] Docker Internal (2)

https://u1f383.github.io/linux/2026/06/02/Docker-Internal-2.html

Follow-up on research of Dockers security internals

The Pirate Bay Remains Resilient, 20 Years After The Raid https://yro.slashdot.org/story/26/06/01/2145208/the-pirate-bay-remains-resilient-20-years-after-the-raid?utm_source=rss1.0mainlinkanon

Tonights pillow-talk with kiddo was about high capacity hard drives (the classics you know):

"Well, a 10TB hard drive would be useful if your grandma wants to save all the holiday pictures, and she doesn't know how to delete... and you have 100 grandmas!"

CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE

https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/

So CVE-2026-41089 (CVSS 9.8) in Windows Netlogon can be triggered by sending a username that is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or longer.
How original.

Github Copilot’s new pricing model went live today and r/GithubCopilot is having a meltdown. It’s glorious

[RSS] Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution/

"This issue was patched on April 2026 and likely assigned CVE-2026-34621, CVE-2026-34626 or CVE-2026-34622"