Dominic White

Today one of my favourite hackers and biggest inspirations, @leonjza.bsky.social, is speaking at DEF CON 33!

Track 4 @ 16:30 PDT
defcon.org/html/defcon-...

If you're there, please go and support him.
If you're in a close enough timezone, please stream him live (see dctv.defcon.org)

7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built Sat, Aug 9 at 16:30 – 17:15 PDT LVCC - L1 - Exhibit Hall West 3 - Track 4 DEF CON Official Talk Demo 💻 Exploit 🪲 Description Bloatware. We all hate it, and most of us are good at avoiding it. But some vendor tools – especially those managing critical drivers – can be useful when the Windows Update versions aren’t good enough for performance-critical computing. What started as a routine driver update took a sharp turn when I confirmed a reboot modal… from my browser. Wait, my browser shouldn’t be able to do that!? To my disappointment (and maybe some surprise), it turned out to be arbitrary code execution – right from the browser. This kicked off a week-long deep dive, uncovering seven CVEs in seven days across several prominent vendors, all exploiting a common pattern: privileged services managing software on Windows with little regard for security.

Later today, as Las Vegas hovers at its peak temperature on the 33rd iteration of DEFCON, @leonjza.bsky.social will take everyone in Track 4 on a wild ride through vuln ridden bloatware installed on many of the machines in the room and the world. https://info.defcon.org/content/?id=60380

Hi DEFCON!

Good point! Thanks.

BSides Las Vegas 2025 is incredible. Amazing turn-out, fantastic staff, and the sheer variety of content, speakers, and activities sets the bar for what a hacker con should be. You can find the slides from my talk, "Turbo Tactical Exploitation: 22 Tips for Tricky Targets" at hdm.io/decks/BSides...

Any idea what’s the easiest way to get a supported meshtastic board/device in Vegas?

What gets the Attention? Consulting the OWASP top 100,000 from the Appendix to the Addendum to the Supplement to the Apocrypha, Volume 127, we see… #17,245 Spectre #17,246 POODLE #17,247 Meltdown #17,248 Rowhammer #17,249 DROWN #17,250 ROCA … What do all of these have in common? No-one ever uses them * there are 17,244 easier ways to carry out an attack * this is why they've been referred to as "stunt cryptography" Stunt cryptography attack * You have a 0.00001% chance of recovering 2 bits of plaintext from a single message Any of the OWASP top ten * You have a 100% chance of recovering the plaintext of all the messages

Periodic reminder about stunt hacking¹.

You will get done by phishing.

Nothing else matters.
__
¹ www.cs.auckland.ac.nz/~pgut001/pub...

Cyd 1.1.16 released | Cyd Docs We're pleased to announce Cyd 1.1.16 is released. Here's what's new:

Cyd 1.1.16 is out. If you've already deleted your X account, you can still migrate your tweets to Bluesky now! docs.cyd.social/blog/cyd-1.1...

defcon 33 main stage sunday aug 10 noon - flyer with sick ascii by x0 and aNACHRONiST

Are you going to @defcon.bsky.social??

We'll be giving away 9500 print copies of Phrack!

Come by main stage Sunday @ noon to see @vacci.ne @richinseattle.bsky.social and chompie talk hacker history! This will mark the first time Phrack staff appear together on DEF CON’s main stage.

hashcat v7.0.0 performance comparison

I got excited when I saw the line about “major speed improvements” on Apple Metal GPUs. But the benchmarking spreadsheet shows a slowdown in almost every format except a few docs.google.com/spreadsheets...

That’s a real head scratcher.

#hashcat v7.0.0 is out!!! 🤩

hashcat.net/forum/thread...

While the result is useful, a research narrative is always helpful for seeing how the sausage is made and disabusing people of the notion that good work is the result of anything else other than trying.

A screenshot of two windows. The top is a view of the Microsoft SQL management GUI showing that “Extended Protection” is enabled for NTLM authentication. The bottom is a terminal showing an invocation of Impacket’s mssqlclient.py successfully connecting using channel binding.

Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@Defte_ on the bird site), including instructions for reproducing the test environment yourself.

sensepost.com/blog/2025/a-...

Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs — especially in enterprise edge technologies like VPNs and firewalls.

🚨 New Research: GreyNoise identifies an early warning signal, spikes in attacker activity tend to precede new CVE disclosures within six weeks. Which vendors show the strongest signal and more, all in our latest report ⬇️

A primary benefit of “software” is scalability and repeatability. I can write the task in code, then run it as many times as I like to get the same result.

With AI you get neither - costs inhibit scalability and outputs are mostly non-deterministic.

128 unprocessed files still waiting before we can release the final WWWD scores this year, but it looks like a number of folks will bring real points into the RF Hacker Sanctuary WCTF @defcon.bsky.social !

We want to thank EVERYONE for bringing creativity, cleverness, and a spirit of cooperation!

Apologies, but I don’t understand. It’s the same story we discussed before?

Go on ...

My attempt to create a custom feed to group skeets by semantic similarity using embeddings is so far better at finding bots than it is at grouping meaningful content.

Ta! It mentions Israel several times mostly as a victim, some description of the war in Gaza although it seems deliberately neutrally framed. The only criticism of Israel is the report sent to the journalists, but that’s phrased more as political friction. Original article’s claims look false.

Me too. The lack of authoritative reporting made me go look.

Tom Lehrer - National Brotherhood Week

Very sorry to hear about the death of Tom Lehrer at age 97. The cleverest, funniest singer/songwriter of all time, even if he lost interest in the whole business pretty quickly? www.youtube.com/watch?v=aIlJ...

Documents | National Coordinator for Security and Counterterrorism

Can you find this document, I can’t? english.nctv.nl/documents

picture

picture

Along with a group of other researchers, I've been tracking attacks from the DDoSia participatory DDoS botnet operated by NoName0157(16) . Targets of this botnet have been primarily Ukrainian, NATO and other European targets.

Today, we published collected logs from tracking this botnet,
the logs

If anyone wants a software supply chain security jump scare: Clone hashicorp/vault and run "make". 🫥

Look at that, there’s now a site explaining them all unixmagic.net

A wizard pouring things into a cauldron. But the cauldron is a shell. There are pipes over head with a cat in the bottom right. Incredibly detailed with all sorts of in jokes.

The original poster was circa 1987 groups.google.com/g/comp.unix.... and contained way more nuance and in-jokes.

A Linus Torvalds looking wizard holding a wand and coaxing smoke from a cauldron. The cauldron has the word Linux on it and the smoke rising from it has the names of various unix commands like xargs, grep, awk and cat. The text at the bottom says “UNIX is magic”

An AI remix of an old unix magazine cover somewhat updated for the modern age.

Modular PIC C2 Agents All post-exploitation C2 agents that I'm aware of are implemented as a single rDLL or PIC blob. This means that all of their core logic such as check-in's, processing tasks, sending output, etc, are a...

[BLOG]
My thoughts (and code examples) for writing modular PIC C2 agents.
rastamouse.me/modular-pic-...