Btw, you don't need a Flipper Zero to "hack" dumb radio protocols. The piece of wire is enough. Check out how to receive and decode 433MHz radio signal just with a PC sound card.

This new book has finally arrived. Thank's to No Starch Press as well as Bill Pollock -- [email protected] for making it happen as well as Lee Holmes as my tech reviewer.

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n

The most sophisticated exploit we've ever seen. Thank you to Will Dormann is on Mastodon for bringing this to our attention. This is basically Stuxnet. 2.0

Windows Defender doesn't like it when you name your Hyper-V VM "Invoke-Mimikatz"

📢 Calling all Sponsors! Get mhackeroni to the DEF CON 32 CTF finals 🚩🍝 Would you like to be a part of moving the kitchen to Las Vegas this summer & secure a spot for your logo in our highly-demanded t-shirt? Contact us! Your favourite Italian Acheri™️ need your help!

JULIAN ASSANGE IS FREE Julian Assange is free. He left Belmarsh maximum security prison on the morning of 24 June, after having spent 1901 days there. He was granted bail by the High Court in London and was released at Stansted airport during the afternoon, where he boarded a

My latest blog about my discovery for Evernote Client All-platform RCE via PDF.js font-injection to preload.js exposed ipcRenderer-BrokerBridge-boron.actions bypassing Electron's nodeIntegration | context-isolation; Enjoy reading! 0reg.dev/blog/evernote-…

🔥 XSS on any website with missing charset information? 😳 Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: sonarsource.com/blog/encoding-… #appsec #security #vulnerability

CRWD Showing up in the 11th hour to claim the Pwnie for Epic Fail.

I don't do Windows but here are some (initial) details about why the CrowdStrike's CSAgent.sys crashed Faulting inst: mov r9d, [r8] R8: unmapped address ...taken from an array of pointers (held in RAX), index RDX (0x14 * 0x8) holds the invalid memory address John Hammond

Job 1 in repairing CrowdStrike.. get access to computer.

Some of you may already be aware but due to extenuating circumstances we've made an early award! The 2024 Pwnie for Epic Fail goes to CrowdStrike for the CRWD2K bug! 🦃

And that's it for this year DEF CON #CTF: your favorite Italian team got 6th place after 3 intense days of !sleeping. Thanks to the organizers Nautilus Institute and all the amazing teams that competed with us in this backdoor-sharing event! See you next year! ♥️ #defcon #defcon32

It's time to take a closer look at CVE-2024-38063 (Windows TCPIP RCE). I usually don't post partial analysis but since most available info is unreliable I'll do my best to try and shed some light. This time I'll focus on my workflow and thought process as we go. 🧵

Now that we're all back and caught up on sleep it's DEF CON CTF Nautilus Institute wrap-up time! 🐚🚩 we managed a great 6th place in a tough competition with conventional pwnage, GenAI-powered spaceships, and LiveCTF duels

🚨A Threat Actor Has Allegedly Leaked Data to Capgemini

Firmware 1.0 released! 🔥 What’s new: Apps catalog, JavaScript support, New NFC subsystem, 2X faster Bluetooth, External radio module support and more! 🤩 Read the blog post: blog.flipper.net/released-firmw…

Ever heard about cross-queries? 👀 During a recent penetration test, I uncovered the powerful capabilities of cross-queries in PostgreSQL. Discover how this feature can be exploited to dump tables in complex scenarios: reversebrain.github.io/2024/09/19/Cro…

New writeup from ꙅɿɘƚɔɘqꙅ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia