The first episode of Where Warlocks Stay Up Late is out!
https://www.youtube.com/watch?v=7IHKRzGQeog
Digital Jesus/o.0, aka Matt Harrigan, turned a telecommunication product release into a 0-day, tipped off drug dealers about government surveillance, and emerged as a cybersecurity founder and CEO.
https://wherewarlocksstayuplate.com/
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
Great update from Stefan Viehböck on VxWorks’ password hashing (and 6.x EoL): https://sec-consult.com/blog/detail/a-missed-opportunity-addressing-weak-password-hashing-in-vxworks/
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel: https://samcurry.net/hacking-subaru (via @samwcyo )
=> More informations about this toot | View the thread
runZero Hour Episode 14 (0xE) is happening now, you can find the YouTube live feed here: https://www.youtube.com/watch?v=nvkGd31s46c
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
The @badkeys project added the leaked and decrypted keys from the Fortinet breach: "Overall, there were around 100,000 private keys in PKCS format and 60,000 in OpenSSH format" https://blog.hboeck.de/archives/908-Private-Keys-in-the-Fortigate-Leak.html
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
Austin Go(phers): it's almost that time again! Tomorrow (Weds/Jan15) is the January ATX Golang Meetup. Swing by for pizza, beer, and general nerdiness around Go -- 6:30pm at the Capital Factory (Antones):
https://www.meetup.com/atxgolang/events/305490307/
[#]golang
=> More informations about this toot | View the thread
Orange Tsai & splitline's "WorstFit" research into Windows unicode "BestFit" encoding is 🔥 🔥 🔥 (and mostly unpatched)!
https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
This work brings back memories of IIS and ASP (classic) unicode exploit-dev. For example, the letter "h" having alternate encodings of %c4%a4, %c4%a5, %c4%a6, %c4%a7, %d1%88, %d1%a8, %d4%a4, %d4%a5, %d4%a6, %d4%a7, %e2%84%8b, %e2%84%8c, %e2%84%8d, and %e2%84%8e
=> View attached media | View attached media
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> This profile without reblog | Go to hdm@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini