Just an FYI, I’ve moved over to @xorcat - see you there!
"... turn on for 8 seconds ..."
This (real) video from GE on how to reset their "C" light bulbs is the most incredible how-to video you'll ever see.
They want to see how far they can push their customers before they snap. https://youtu.be/1BB6wj6RyKo
Finally #gobuster v3.0.0 is up! Thanks to everyone who contributed and for @_FireFart_@twitter.com putting so much into it.
Binaries can be found here: https://github.com/OJ/gobuster/releases/tag/v3.0.0
Be sure to read the README, as a lot has changed, including the CLI: https://github.com/OJ/gobuster
“DroneShield Counterdrone Handbook”
In March 2019, I discovered five vulnerabilities in Fortinet's FCM-MB40 security camera, the most severe leading to remote command execution as root.
90 days are up, and here we are (unfortunately, without a patch).
.@TheColonial@twitter.com got SYSTEM in the wrong neighbourhood https://www.youtube.com/watch?v=8rwITeY5h1Q
This comment describing how Microsoft responded to a security disclosure in 2010 is incredible:
Arbitrary code execution vulnerability in Vim < 8.1.1365 and Neovim < 0.3.6 via modelines. 😬 Also, why you should not use Vim with default config, or cat without -v. https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
Darknet Diaries ep 39 is here. Find out the mystery behind @3AlarmLampscoot@twitter.com.
Some security conference drama you probably didn't hear about.
Listen on @ApplePodcasts@twitter.com.
The Fibonacci Sequence (as reimagined by @firstname.lastname@example.org)
0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 100, 100 ...
curl 7.65.0 is here! 50 contributors, did 3 changes, 119 bug-fixes include two security related ones. In 56 days. https://daniel.haxx.se/blog/2019/05/22/curl-7-65-0-dances-in/
#Google says it stored some G Suite #passwords in unhashed (but encrypted) form between 2005 and 2019.
This was caused by a bug in an old G Suite tool.
My first remote iPhone bug! https://bugs.chromium.org/p/project-zero/issues/detail?id=1801
Mostly finished catching up on @TheColonial@twitter.com’s video series on writing a CLR meterpreter implementation. I have learnt a ton of details about meterp internals (and history) so far. It’s something like 22 hours of content so far but highly recommend.
Soon everyone will find out anyway so you should be aware that SandboxEscaper has dropped another 0day -> https://github.com/SandboxEscaper/polarbearrepo
I'm pretty tired of this => Not earning 💰 on 0day and putting people at unnecessary risk. It's really kind of lame in my book 👎