I was looking for proof of concept code for some IoT botnet stuff, and came across this.

@da_667 @rootwyrm @Dio9sys @vulncheck they don't appear to store poc, but they do provide links. I'm not sure if they auto-submit links to archive.org or how often they verify that the links are live. interesting questions...

@rootwyrm @Dio9sys @da_667 i checked this specific CVE in @vulncheck and I'm happy to report that they report no PoCs for the vuln.

They are a paid service but I suspect 'you get what you pay for' is the name of the game. Free search results? full of slop, because it makes you keep searching.

I only hope they can keep up with all the slop that is incoming, without getting overwhelmed themselves.

Of course if you happen to find one that works, then they are wrong in the other direction ;-). So far though they have been pretty good for identifying vulns that have actual, functioning poc.

@cR0w old boss is leaving the company.

Having a little going away with an old boss and came up with the phrase:

"Changing jobs is just 'same fire, different dumpster.'"

How do i get a trademark on this.

@i0null "when in doubt (void*) it out"

This day in history is always a bit amusing to my family.

robert redford/jeremiah johnson nod dot gif but it's a warhammer space marine dot meme.

This post did not contain any content.

This post did not contain any content.

@DaveMWilburn I love the mission because it is a neat combination "Humans are pretty badass sometimes" and "Humans are beautifully sentimental and I just want to give Reid a hug" and "OMG commercial software I can't even amirite?"

Apollo 13 distance record broken. Neat.

@cR0w @krypt3ia Must be some big epstein-related thing coming out, is my guess...

And just like that, the Geneva Conventions suddenly apply again even though no war is declared.

i still hand-discover my vulnerabilities and provide single-source, artisinal exploits.

@gsuberland i'm reminded of a weird bug i found in a compiler. in this case the vendor (green hills c compiler for coldfire cpus) converted a sequence like this:

```uint8_t idx;
idx = ;
char newbyte = lookup_table[idx];

The code was converting upper/lowercase letters iirc.

In this case the compiler actually converted idx to a signed value using a coldfire MVS.B instruction for some reason, so you could obtain values outside of the lookup table array if the user input a byte >= 0x80.

Not incredibly useful on its own in the app I was analyzing, but the bug was in the compiler itself so needed to be fixed...I never would have spotted the bug were it not for using Ida back in the day.

@cR0w in this one, the "bond girl" has to be like Kitty Longtail or something who contributes inside knowledge of the furry community.

Discovered a CVSS10 directory traversal in critical infrastructure today. Send memes.

@ukscone Sounds fantastic. i wish my yacht club had something like that.

high tech solutions sounds hard but could be really useful and help people check out boats. good on ye for helping out. now I want to read up on these zebra readers, they look interesting for toy tracking.

@ukscone heh oof.

where my boat is going this summer (Duluth, MN), falling over is a bit of a death sentence due to the water temperatures...funny requested change. I guess this is for a yacht club with borrow-able boats?

@bryanhansel huh, are you in des moines?