At #NullconBerlin2025, @solardiz unpacked how Linux Kernel Runtime Guard (LKRG) 1.0 brings real-time integrity checking & exploit detection to the Linux kernel, even across different versions & edge-case environments. Watch Now: https://t.co/VPX5t7FbcF #LKRG #LinuxSecurity

What should @Openwall's simpler vulnerability scoring system (CVSS alternative) be called? Note that we already have OVE https://t.co/ZcLav61N41 as a CVE alternative, but unfortunately the OVSS acronym already has a bit of use in CS/AI for "open-vocabulary semantic segmentation".

Hash Suite 4.0 (Windows) adds support for custom Python scripts as key-provider, updated wordlists to download, better high-resolution support, and should have fewer antivirus false positives.

We've just published the slides of @solardiz's @Nullcon Berlin 2025 talk "Linux Kernel Runtime Guard (LKRG) 1.0" https://t.co/gIj8vDjs1A #LKRG #nullconBerlin2025 #nullcon

The latest Microsoft Research Forum episode is now available on-demand. Explore purposeful research and its real-world impact.

Strengthening Linux Security With Kernel Runtime Guard 🎯 #Linux security remains a pressing concern as vulnerabilities continue to expose critical systems. @solardiz, founder of @Openwall, and senior principal security engineer at CIQ, said Linux Kernel Runtime Guard's, or

Linux Kernel Runtime Guard @lkrg_org 1.0.0 by @Adam_pi3 @solardiz @kerneltoast et al. is out, adds support for Linux 6.13+ (tested to 6.17-rc4), forward-edge CFI (Intel CET IBT, KCFI), ..., reduces performance overhead, shrinks the codebase by ~2500 lines.

At #NullconBerlin2025, @solardiz will walk us through the journey from LKRG’s edgy debut to its 1.0 release – complete with real-world attacks, trade-offs, nasty bugs, & some honest truths about kernel hardening. Know More: https://t.co/zApTl1QVhx #LKRG #LinuxSecurity

End of an era: our CVSweb service turned 21 today, and was promptly retired. Our anoncvs was similarly shut down at the age of 21 two years ago, quietly.

🔒 Enhancing LKRG: A Step Toward Stronger Security. CIQ's own Sultan Alsawaf recently contributed impactful updates to the LKRG project, fixing longstanding bugs & making it stronger & more stable than ever. Learn more here 🔗 https://t.co/M7XYMUqLEh #HPC #IT #LKRG #OpenSource

#MITRE #CVE is great (dead?), but @Openwall 's #OVE has been a system for vuln. tracking-ID since 2016 ! Ex: #Exim CVE-2019-13917 also has OVE ID: OVE-20190718-0006 I used both for tracking vulnerabilities since 2k16. Time to give #OVE more visibility: https://t.co/XehI9GWhhF

I'm happy to build upon and extend the ideas and approaches we had tested and proven, and expertise gained building @Openwall's security enhanced Linux distribution, now for @CtrlIQ's wider audience and in a modern context.

Interview with @Adam_pi3 and me about LKRG, in English https://t.co/TN7B3OKJHj and Polish

Netflix + Warner Bros. means more value for investors. Two entertainment companies that complement each other. @netflix + @wbd: defining the next century in storytelling together.

Linux Kernel Runtime Guard @lkrg_org 0.9.9 by @Adam_pi3 et al. is out, adds support for Linux 6.11+, 6.10.10+, 5.10.220+, CentOS Stream 9 (upcoming RHEL 9.5). https://t.co/EoLLUSgHYO Updated packages for Rocky Linux 9.4 and 8.10 being released https://t.co/65yCiBdt1S @rocky_linux

We sponsored the porting of the yescrypt Linux password hash algorithm to Go as an open source project. Read more below. This is now part of our agentless password auditor feature on Linux as well.

Announcing yescrypt-go, our pure Go reimplementation of yescrypt key derivation function (KDF) and password hashing scheme. Builds upon @dchest's Go scrypt, with yescrypt support added by @solardiz. Sponsored by @SandflySecurity. https://t.co/ATOv8KMSKl https://t.co/glYvhP3se6

Updated my @offensive_con keynote talk slides page to include links to our other related presentations https://t.co/PPRzSPS0YT

Just published slides of @solardiz's @offensive_con keynote talk "Password cracking: past, present, future"

Just Announced! Gundam Premiere Night featuring both Iron-Blooded Orphans Urdr-Hunt + Wedge of Interposition, followed by the 4K remaster of Gundam Wing Endless Waltz Special Edition! Each film will feature brand-new intro create just for this release. Coming January 2026!

Is Open Source focused threat intelligence - Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IOCs), exploits/rootkits/backdoors in the wild - a desirable topic for oss-security or for a separate mailing list? If separate, where to draw the line (reply)?

CVE-2024-31497: PuTTY: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces https://t.co/uVOkwMX3Aw Affected Products - PuTTY 0.68 - 0.80 - FileZilla 3.24.1 - 3.66.5 - WinSCP 5.9.5 - 6.3.2 - TortoiseGit 2.4.0.2 - 2.15.0 - TortoiseSVN 1.10.0 - 1.14.6

@solardiz @Adam_pi3 @lkrg_org https://t.co/uQpq1nmB8q (with the kernel_path fixed) gives me a root shell on a fully patched Debian 12. But with LKRG loaded I see