If you've ever pulled an old webpage out the Wayback Machine, or made use of their copious collections of old audio, music and film, drop by archive.org/ and give them a few $$ during their fundraising drive. Keep the history of the web alive!

So, there's a Chinese botnet package known as "Destroyer" (破坏者).

It, ironically, can itself be destroyed, thanks to a stack buffer overflow.

I wasn't able to get full RCE, but a jump to "call ExitProcess" should be enough, no? It can be triggered directly after "start DDoS", for even more lulz.

Here's the exploit: gist.github.com/Wack0/d0aa7f56

And here's a bot sample hash: b17535de8061dce3d6630e92d601ebe1ebac44ed52b3a04a8bb72f6661f23d44

Let's :)

spent my day testing for RCEs in my work stuff, and had a couple of colleagues get completely confused over how i was using reverse shells to figure out when a command actually fired, so i wrote an introductory guide incognitjoe.github.io/reverse-

It is a truth universally acknowledged, that a newly booted web server must be in want of a bot constantly attacking /wp-login.php

Man am I glad that Snowden isn't here, shitting this place up too.

@HalvarFlake @charlyblack There's WikiDevi, that I heavily perused for Broadcom stuff: wikidevi.com/wiki/Broadcom. Not complete, but a good start.

another day volunteering at the richard dawkins museum. everyone keeps asking me what they can take through security. honey,

Ah, the lovely part where I finish (part of) a thing and get to close 20 tabs.

YOU: Hangs mirrors around your bedroom to foster a larger sense of space.
ME: Paints the walls, ceiling, and floor with Vantablack® to manifest a cold and infinite void.

Brilliant <thing on other network we don't talk about> by @Mudge:


"This is a brilliant tactic. There are so many others like this because the AV community keeps thinking this is a one-move game... Kudos!"

That definition of the strategy of the AV community is absolutely perfect. Depth: zero.

Twitter sued Customs and Border Protection for trying to unmask one of their pseudonymous alt agency accounts. Within 24 hours of Twitter filing the lawsuit, the government withdrew its subpoena. What happened here?

I explain it all: motherboard.vice.com/en_us/art

I worked for a company in the past―a distributed company. We had a policy that all developers should be able to recreate their development environment within an hour of putting a bullet through their current one. Good policy. Kept everything distributed, and lightweight :)

mastodon.social/media/xH9DRSbd this is the collection so far. Each of them is a memento. Each of them holds a memory.

and while I'm talking about books and technology training materials, I wrote a thing. blindseeker.com/AVATAR

Have you ever wanted to build your own VM lab? or know someone who wants to break into IT? Blue team? Red team? and needs to know how to stand up their own? Check out the book I wrote.

Mastodon: Where infosec people went to talk existentially about social media platforms rather than, you know, be social.

Show older

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!