Technical tasks where LLMs proved to be incredibly useful for me:
- Fixing bugs in Gradle scripts
- Resolving systemd and Network Manager fights
I see a pattern emerging!
Original->
04.11.2025 18:33 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
endpoint handles a POST request that includes a user-input value that is passed to the unsafe open() function provided by the open NPM package, which will cause OS command execution."
2/2
Original->
04.11.2025 18:18 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
jfrog.com ->
"The Metro development server [..] binds to external interfaces by default [...] The server%27s /open-url
1/2
04.11.2025 18:18 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0
[RSS] Four Bytes, One Lie: A SMAP-Free Confidence Trick on Kernel Pointers :: Out of Bounds
www.oobs.io ->
CVE-2025-50168
Original->
04.11.2025 06:16 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] BGGP6 Announcement
n0.lol ->
Original->
03.11.2025 17:49 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure
research.checkpoint.com ->
Original->
03.11.2025 13:53 โ ๐ 1 ๐ 1 ๐ฌ 0 ๐ 0
[RSS] deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses
github.com ->
Original->
03.11.2025 13:53 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] exploits.club Weekly Newsletter 91 - Patch-gapping Browsers, Ubuntu LPEs, Bluetooth Int Underflows, And More
blog.exploits.club ->
My clearest (and slightly frightening) measure of the passage of time is the weekly exploits.club newsletter.
Original->
01.11.2025 10:24 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] Dubious security vulnerability: Denial of service by loading a very large file
devblogs.microsoft.com ->
Original->
01.11.2025 10:24 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
I completely forgot how horrible IDAPython is...
Original->
31.10.2025 18:25 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
One thing I really appreciate at @kagihq is that they accept feedback - I just found and extended an issue about this:
kagifeedback.org ->
Original->
31.10.2025 18:10 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Why do online maps hide street names?! They literally had one job...
Original->
31.10.2025 16:40 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Alt text TBD, sorry!
Original->
31.10.2025 11:39 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
It's been over a decade since I first heard a guitarist playing Black Dahlia Murder on a beat up classical guitar, it was about time to check out his band too...
Really cool stuff!
unhumanofficial.bandcamp.com ->
(TBDM classival cover is here:
1/2
31.10.2025 10:58 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173)
blog.0patch.com ->
Original->
30.10.2025 13:39 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] [Blog] A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS
code-white.com ->
Original->
30.10.2025 13:39 โ ๐ 1 ๐ 1 ๐ฌ 0 ๐ 0
[RSS] Python - Zip64 Locator Offset Vulnerability
github.com ->
#NoCVE
Original->
29.10.2025 11:40 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Legendary DJ's reunite, I just don't get why anyone thought this MC would bring any value to the show...
www.youtube.com ->
I mean I can shout "Let's go" every few minutes for a ticket and drinks?
Original->
28.10.2025 15:21 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] Paint it blue: Attacking the bluetooth stack
www.synacktiv.com ->
Original->
27.10.2025 16:02 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] Windows ARM64 Internals: Exception & Privilege Model, Virtual Memory Management, and Windows under Virtualization Host Extensions (VHE)
connormcgarr.github.io ->
Original->
27.10.2025 15:32 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
COM to the Darkside - Slides and resources from MCTTP 2025 Talk by Dylan Tran (d_tranman) and Jimmy Bayne (@bohops)
github.com ->
Original->
27.10.2025 07:06 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
I know inference is _relatively_ cheap but do we really need to invoke Copilot for each commit message?
Original->
25.10.2025 08:37 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
me that this goal is worth pursuing.
I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!
2/2
Original->
24.10.2025 18:46 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Alt text TBD, sorry!
As a result of working on r4ghidra I set the ambitious goal to create REshare, an exchange format for #ReverseEngineering tools:
github.com ->
The code is still in its early days (literally) but the fact that it works with complex, real life binaries tells
1/2
24.10.2025 18:46 โ ๐ 3 ๐ 0 ๐ฌ 1 ๐ 0
You can watch my #r2con2025 talk here:
When worlds collide: r4ghidra
www.youtube.com ->
Slides:
scrapco.de ->
Original->
24.10.2025 18:11 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
[RSS] exploits.club Weekly Newsletter 90 - Fuzzing Rust Subsystems, Pwn2Own Near Misses, Linux 1-Days, And More
blog.exploits.club ->
Original->
24.10.2025 09:10 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Alt text TBD, sorry!
My talk about integrating #ReverseEngineering tools is to be broadcasted in a couple of hours for #r2con2025:
rada.re ->
I'll release a ton of code and will be around on Discord for questions and comments.
Original->
24.10.2025 08:50 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Theory: the output file got cached and I was looking at old output (which is weird because I only use `with open(...)` blocks)
Original->
24.10.2025 08:09 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
caching that affects my object reference but does not affect additional logging/exception throwing??
Any ideas?
3/3
Original->
24.10.2025 07:59 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
file output contains garbage).
I add logging, the logs appear and show everything is fine.
Add more logs, exceptions even (to stop at a specific state). They run and show all is fine.
After I restart Ghidra the bug is gone.
To be clear: there must be some kind of bytecode
2/3
24.10.2025 07:59 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0
Providing free online resources for #IBMi professionals for more than 30 years.
Paged Out! is a free magazine about programming, hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other similar topics. Always accepting submissions of one-page articles.
Warhammer and Warhammer 40,000 news, conversations, and updates!
๐ฎCurโating all things Fantasy๐ฎ
Lover of Fantasy Art, Film & Gaming
Artists Credited โข I do not share GenA/I images
Check my starter packs for artists to follow!
๐ dungeonlust.com
๐ก๏ธ https://ko-fi.com/dungeonlust
โจCurโated by @dungeonbitch.bsky.social
Also here: https://infosec.exchange/@_dm
Infosec, Trust & Safety, but mostly screaming into the void
[ttl=14d]
WinDbgโer @ Elastic Security.
Thoughts are my own.
Some of my writing: http://tiny.cc/jqeavz
More writing: http://tiny.cc/9cj0vz
Also: https://twitter.com/GabrielLandau
solving security at scale. reserved for future use.
A circus artist with a visual studio license
Maker. Science Communicator. Connector.
Hardware / software necromancer
collector of Weird Stuff
maker of Death Generators.
she/they
I teach cryptography at Johns Hopkins. https://blog.cryptographyengineering.com
Trend Zero Day Initiativeโข (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Privilege Escalation Engineer
Principal Consultant @ Reversec (formerly WithSecure Consulting)
President of Signal, Chief Advisor to AI Now Institute
Aโฏโฏrepositoryโฏof archival documents related to the history and afterlives of the Cold War, grave international human rights violations, and marginalized communities. | Visit us in Budapest, Hungary, or online at archivum.org!
