🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I wonder how many factors of authentication annoys the user more than helps security. I am certainly annoyed by Azure's 4FA. Needs GitHub password, GitHub 2FA, Recovery email address, then code sent to it. I still use 2 devices total for this, so not sure where the security is.

Helldivers 2 got review-bombed by players complaining about their anti-cheat, so I reached out to anti-cheat leaders from Riot Games, Roblox, and Fortnite to get their take. Are players over-reacting to kernel-level anti-cheat drivers? Full story: pushtotalk.gg/p/the-gamers-d…

Was about time to import the platform fragmentation from C++. Now we just need a couple more package managers and compiler frontends in Rust

i did a thing github.com/es3n1n/no-defe…

New writeup: "Hacking Millions of Modems (and Investigating Who Hacked My Modem)" samcurry.net/hacking-millio… Thanks for reading! Huge thanks to veritas, Brett Buerhaus, shubs, d0nut 🦀, Ian Carroll, and everyone who reviewed the post beforehand.

Seems like Microsoft managed to add support for changeable ports for SMB after just 30 years: learn.microsoft.com/en-us/windows-… Unfortunately no Linux daemon supports this (SMB over QUIC) yet, but hopefully they'll get there.

>How can I git gud at reverse engineering? Well do I have an answer just for you

I think this CrowdStrike BSOD update was just the next logical step after crashing people’s programs randomly by injecting APCs to invalid memory. I hope everyone involved will have a fun time dictating bitlocker keys over phone!

People: Yeah, this is why should never use windows. Only use Linux. Crowdstrike: We already made the linux guys hold that beer.

Cloud computing is when you pay money for a software then install it on your machine

THIS IS HOW MINIX CAN STILL WIN

Some people asked, so here's a guide for customizing your BSOD

I’m begging for infosec people, please before announcing something is “vulnerable” at least read the documentation, just in case it explicitly details the supposed vulnerability such as here. Developers like me don’t just write them as a joke.

I’m a C programmer so forgive me for the (maybe) dumb question. I see people saying that the CS catastrophe shows that we need to switch to Rust. But the bug was in the parser, handling bad input. In this case wouldn’t Rust panic, and end up in a BSOD as well?

Seems like Hex-Rays is trying to erase their crypto oopsie (seri.tools/blog/ida-72-pa… writeup by seri · @[email protected], still up fortunately) with fake DMCAs, just got one on GitHub. Should’ve just asked me over mail instead tbh.

Just published two new projects, github.com/namazso/dll-pr… and github.com/namazso/dll-un… I always missed how there is no dUP2 but for dll hijacking runtime patch — now there is! I’ll port MagicSigner over to it soon as well.

Fun fact: If your first 20 blocked people got deleted for spam, your blocked accounts menu permanently breaks, and you can only possibly unblock people by getting your twitter data export and hacking up a script. Thanks Elon!

Dropping my newest Windows vulnerability that Microsoft refuses to acknowledge!

Another pointless weekend project - a playable version of the old 3DMaze screensaver from Windows 9x. I reverse-engineered the original screensaver binary and added user-input functionality for the controls (and fixed some other minor issues!) github.com/x86matthew/Pla…