This is me, arguing with rustc about setting one bit in memory:
https://www.youtube.com/watch?v=Hz1JWzyvv8A
https://www.youtube.com/watch?v=Hz1JWzyvv8A
B
buherator@infosec.place
@buherator@infosec.place
Posts
-
This is me, arguing with rustc about setting one bit in memory:https://www.youtube.com/watch?v=Hz1JWzyvv8A -
[RSS] Building a Secure Electron Auto-Updaterhttps://blog.doyensec.com/2026/02/16/electron-safe-updater.html[RSS] Building a Secure Electron Auto-Updater
https://blog.doyensec.com/2026/02/16/electron-safe-updater.html -
OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet...@kstrlworks It looks like a transient error, most likely a corrupt download. Shit happens ofc, but he only acceptable reason for bricking the system would be hardware error which is very unlikely because other VMs on the same host run just fine. -
OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet...@kstrlworks Clean install from ISO (latest minor) -> firmware update from webUI to latest patch. The updater removed basic files, then failed to extract the updated ones so everything just stopped working. -
#wh40k #windows -
OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet...OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet... -
Naming things is freaking hard...@cR0w Good enough, where do I send the money? -
Naming things is freaking hard...@cR0w Do you have experience in pulling information out of thin air? Because I know of no other sources but need the bits... -
Naming things is freaking hard...Naming things is freaking hard... -
Here's a thought experiment.@sjn Assuming by AI we mean LLMs, this stamp would essentially say "no one cared to think this through". -
wrote a short blog post about some toying around I did with using kprobes to get around a mitigation in order to disable SMEP/SMAP:https://blog.zolutal.io/two-shot-kernel-shellcode/@zolutal Thanks, that's a quite common problem (template designers rarely know about RSS these days), I'll add /feed to the list of paths I have to try manually... -
wrote a short blog post about some toying around I did with using kprobes to get around a mitigation in order to disable SMEP/SMAP:https://blog.zolutal.io/two-shot-kernel-shellcode/@zolutal Could you please add RSS/Atom to your blog? -
Check Point Harmony Local Privilege Escalation (CVE-2025-9142)https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142//via @badsectorlabsCheck Point Harmony Local Privilege Escalation (CVE-2025-9142)
https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/
/via @badsectorlabs -
being sent a sketchy file and then asked to click on a link in it isn't "remote" code execution actually@gsuberland @invoxiplaygames.uk Calling this RCE is at least consistent with MS's own taxonomy (see previous Office vulns). CVSS UI:R is also a meaningful datapoint for those parsing their feed. -
[RSS] Shellcode as 'XML'https://tmpest.dev/shellcode_as_xml.html -
[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5
https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15 -
[RSS] Intego X9: When your macOS antivirus becomes your enemyhttp://blog.quarkslab.com/intego_lpe_macos_1.html[RSS] Intego X9: When your macOS antivirus becomes your enemy
http://blog.quarkslab.com/intego_lpe_macos_1.html -
#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."https://access.redhat.com/security/cve/cve-2026-1529#JWT#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."
https://access.redhat.com/security/cve/cve-2026-1529
#JWT