Posts
2460
Following
595
Followers
1325
"I'm interested in all kinds of astronomy."
repeated

Hackers rejoice!

We are releasing the Phrack 71 PDF for you today!

Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!

The CFP is still open, you can find it and the PDF link at https://phrack.org

0
5
0
I'd like to create plots similarly to scatter plots, but instead of points I'd like to show intervals (sections, corresponding to values of one axis). Is there a specific plot type for this or can I parameterize a scatter plot generator to work like this?

#datavisualization
1
0
0
repeated

It’s a shame to see Sci-Hub falling for web3 hype and adding a pumpfun memecoin ticker to their webpage. Blockchain-based DNS does not automatically mean “decentralized”, and 3DNS — the company behind .box — is based in the US and would be subject to US court orders.

Someone unaffiliated with Sci-Hub created the memecoin, claiming to be fundraising, but said only 20% of proceeds would go to Sci-Hub. Founder Alexandra Elbakyan herself condemned this.

2
4
0
Dragodis is a Python framework which allows for the creation of universal disassembler scripts.

https://github.com/dod-cyber-crime-center/Dragodis

#Ghidra #IDA #ReverseEngineering
0
1
2
repeated

What comes after world domination?

This is the abstract for my scheduled talk at foss-north 2025 in April. What do you think is next?

https://foss-north.se/2025/

2
1
0
repeated

New year, new skills, new exploits! 💻🎯

Corelan classes are coming your way! Learn Windows stack & heap exploitation from corelanc0d3r.

🔥 Hands-on labs, real-world scenarios & an elite alumni network. Spots fill up fast—register now! 👉 [https://www.corelan-training.com/index.php/training-schedules

0
2
0
repeated

As the next step in my quest to make it easier to poison AI crawlers, I present you: OCIocaine: a project where #DockerCompose meets #Caddy and #Iocaine, to poison AI crawlers for all your sites, automatically.

The idea here is to provide a docker compose file that starts up Caddy and Iocaine, configured so that Caddy will reverse proxy for any and all services on the same docker network, as long as they have a few labels that tell it to do so. In addition, a Caddyfile snippet will be available for all of these, which takes care of routing bad visitors to Iocaine.

And if that's not enough, the whole thing comes preconfigured with a wordlist (a list of English words), and traning data (the complete works of Shakespeare), and a list of known AI crawlers (courtesy of ai.robots.txt).

All you have to do is copy the sample configuration, create a network, start it up, and deploy labeled containers into the same network, and OCIocaine takes care of the rest.

0
2
0
repeated

WordPress 6.8 is due to switch their password hashing to bcrypt, and their application passwords to BLAKE2b.

Great news:

They disarmed the 72 char footgun with bcrypt in the way I recommended (HMAC, rather than just SHA2, to prevent hash shucking, and base64 to prevent NUL truncation).

https://core.trac.wordpress.org/changeset/59828

5
4
0
[RSS] ACS Password Leaks Are A Security Issue On #IBMi

https://www.itjungle.com/2025/02/17/acs-password-leaks-are-a-security-issue-on-ibm-i/

Our work featured in IT Jungle
0
0
0
repeated

🚨Secure Boot relies on revocation lists (dbx) to block malicious bootloaders, but discrepancies between the @uefiforum & @microsoft lists create security gaps.

👉Call for a single and openly maintained revocation list -- a unified source of truth!

https://www.binarly.io/blog/from-trust-to-trouble-the-supply-chain-implications-of-a-broken-dbx

0
2
0
repeated
repeated
repeated

New updates in LIEF including better support for PE modifications and ARM64EC/ARM64X binaries.

Blog post: https://lief.re/blog/2025-02-16-arm64ec-pe-support/

0
3
0
repeated

Stop saying “artificial intelligence”. (And “neural networks” too.)

Be more specific. Say “reinforcement learning”. Say “generative modelling”. Say “Bayesian filtering”. Say “statistical prediction”.

These are incredibly useful tools that have nothing to do with “intelligence”.

And say “model trained on plagiarised data”.

Say “bullshit generator”.

Say “internet regurgitator”.

These are also nothing to do with intelligence, but they have the added bonus of being useless, too.

9
21
0
repeated
repeated

Microsoft Productivity Pack for Windows (1992)

0
7
0
repeated

FYI: I have made public new AMIs for . These are evbarm and amd64 images for NetBSD/10.1 and now have their boot messages sent to the serial console (although it takes EC2 about 5-8 minutes from instance creation until `aws ec2 get-console-output` shows the messages).

These AMIs should be public and ready for you to launch in us-east-1a:

https://stevens.netmeister.org/615/netbsd-amis.html

1
2
0
Serious question to US folks: Does Mint 400 have a Fear&Loathing track these days?
0
0
0
CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

https://seclists.org/oss-sec/2025/q1/140

"This vulnerability is related to BeyondTrust CVE-2024-12356"

https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/
0
0
0
The little devil (notice the vi reference) on my shoulder took over and made me connect #Emacs TRAMP to OpenSSH running on Windows.

Now Emacs is struggling really hard, spinning up the CPU fan 😆
1
0
1
Show older