Luca Bertozzi's Avatar

Luca Bertozzi

@lucabtz.com.bsky.social

Blog https://lucabtz.com

55 Followers  |  213 Following  |  30 Posts  |  Joined: 22.11.2024  |  1.9465

Latest posts by lucabtz.com on Bluesky


Okay this looks cool for a rollercoaster building game

26.11.2025 19:19 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

There's no functor like Hom

02.09.2025 10:14 β€” πŸ‘ 44    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

Update for the blue sky world. In the time passed since my last Skeets I have:
- Found a job as a #C++ developer. The codebase is dogshit but me and another colleague are trying to improve it bit by bit
- Haven't done much cyber security related
- Started learning #Haskell and having a lot of fun

02.09.2025 17:56 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

can you explain this better or link something explaining it?

22.02.2025 21:22 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I still have my two bugs, but I've been told I need one more so

10.01.2025 16:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

well its been since around mid-December I havent looked into this and I literally forgot most stuff I did.

I still have notes, but I definitely forgot a lot of stuff

10.01.2025 16:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?

Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php

Soft deadline is Feb 1st.

07.01.2025 07:41 β€” πŸ‘ 30    πŸ” 33    πŸ’¬ 0    πŸ“Œ 0

gotcha

27.12.2024 06:01 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

what about the mannequin?

27.12.2024 05:51 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

You go all the way to infect a popular npm package and then deploy xmrig

20.12.2024 13:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack Compromised Rspack npm packages exposed 445,000 users weekly to IP tracking and XMRig malware.

#Rspack: a popular alternative to webpack - a JavaScript bundler written in Rust - #npm package with 300,000+ downloads/week version 1.1.7 compromised with attackers injecting cryptocurrency mining malware:
#SoftwareSupplyChainSecurity
πŸ‘‡
thehackernews.com/2024/12/rspa...

20.12.2024 11:00 β€” πŸ‘ 1    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1

my blog now has a dark mode so at night you dont hurt your eyes anymore

05.12.2024 13:17 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

oh there was another one that is pretty obvious. yeah i periodically go back to the challenge, will solve it sooner or later (hopefully sooner)

04.12.2024 06:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

You post so often about so much cool stuff. Great job

02.12.2024 15:28 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

found that 44 percent of the top 100 most-followed accounts on Bluesky had at least one β€œdoppelganger,”

That isn't how statistics works, you don't take 100 accounts and see that 44 of them follow some property and then say 44 percent

30.11.2024 14:41 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

My latest blog post is live! nastystereo.com/security/cro...

Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon

27.11.2024 09:10 β€” πŸ‘ 79    πŸ” 29    πŸ’¬ 3    πŸ“Œ 4
Pwning the Chip8 Emulator with Blind Format Strings Continuation of the previous post. I use the built arbitrary call primitive using some blind format string exploitation techniques to achieve RCE.

i added a skeet button to my blog to allow people to easily share content on Bluesky. See it for example here lucabtz.com/blog/pwning-...

28.11.2024 09:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

cool research!

unrelated question: is the link in the replies because of the X algorithm

28.11.2024 07:50 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Someone needs to make an app to make it easy to follow people you follow on X also on bluesky. Or if it exists already I would like to know the name

27.11.2024 12:56 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Should be better specified though

25.11.2024 11:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Whether that is a vulnerability depends on how the script is used, what the source for the handle parameter is etc

25.11.2024 11:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image 25.11.2024 05:38 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

pinksky.app it is

25.11.2024 05:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Actually I think I found one of the bugs right now!

25.11.2024 04:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Exploits Club

BlueSky seems less political then both the other options, I hope I can find some cool people on here, on X I got some cool mutuals after my latest blog post ended up on exploits.club, I hope I can find you here too

24.11.2024 06:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Mastodon is cool, but it is filled with politics too. While my personal political views are closer to those there and I don't mind it as much as on X, I'd like a place to talk computers, not politics

24.11.2024 06:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

turns out BlueSky is pretty good: it is similar to what Twitter used to be before becoming X.

X sadly became a MAGA place, my For You page is unusable, filled with posts of Musk and other MAGA accounts which I don't care to read.

24.11.2024 06:00 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

I wish my mutuals and the accounts I follow there would move here

24.11.2024 05:55 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

finally a reasonable take

23.11.2024 18:50 β€” πŸ‘ 17936    πŸ” 4733    πŸ’¬ 346    πŸ“Œ 329

Optimist: the cup is half full
Pessimist: The cup is half empty
Topologist: the cup is a donut

23.11.2024 20:49 β€” πŸ‘ 125    πŸ” 15    πŸ’¬ 10    πŸ“Œ 16

@lucabtz.com is following 20 prominent accounts