vibecoding devicetrees

fuck. you will be missed @steaIth

okay very funny @eastdakota now plug it back in pls

TIL the Task Manager Guy™ once dabbled in scareware?

question to people who have dealt with receiving bug bounty payments (or any kind of payout for an accomplishment; think everything in the 1k-50k USD range): are regular wire transfers your preferred payment method? would you be opposed to taking stable coin (USDT/USDC/..)

Celebrate gaming’s biggest night with epic deals on award‑winning titles!

Jia Tan right now: "hold my beer, I'm pretty sure I can hide my shellcode in MOOV atoms and ADTS frame headers"

500+ dusty codecs, 400+ dusty formats, one innocent looking bug report and one curious core dev. EVERYONE GET ON THE FLOOR RIGHT NOW. NOBODY MOVE THIS IS A ROB^H^H^H SUPPLY CHAIN ATTACK.

I feel as an infosec shitposter, I should clarify tavis' lingo a bit. "popped" in this context means popping calc.exe, or possibly a more nefarious payload 🙃. it doesn't mean people get so angry over security bugs in 1990s game codecs (or at least I hope so) they strap up and

KASLR on Pixel 😭

These cozy knitted stockings are perfect for keeping your feet warm on chilly winter nights. Whether you’re lounging around the house, watching TV, or wearing slippers or shoes, they add comfort and style to your everyday moments.

i guess you can still contact a CNA directly etc. but it adds to the hassle that is a disclosure process

kind of funny that bugs that are communicated to vendors in a way they don't appreciate can result in no CVE being allocated for the vuln(s). while i guess it is bureaucratically legit (or is it?) it makes the CVE system an unreliable source of truth (more news at 11)

looking at the history for the hashtag it appears @thegrugq milked his own meme for six years straight wth

the most important question I have about this HackingTeam revival that was exposed by @oct0xor and co is if #YourBoySerge is still saving the day when the live demos fail during a sales pitch. or did they find a new Serge? (anyone remember #YourBoySerge? or am I just really

More interposer fun, this time with DDR5 memory. Breaking TDX, SGX, SEV and even Nvidia TEEs. Checkout our work at https://t.co/Jl1dpGnM6J, and get a personally-signed Intel attestation report at @TEEdotFail.

Every #TheSAS2025 participant already knows who the best speakers were this year. However, the world deserves to know too. 🥇 The best cocktail of deep research and lively presentation this year was delivered by none other than Peter Geissler (@bl4sty) himself. His talk on

The HackingTeam is back! New name, new malware, new exploits

TrueType is the gift that keeps on giving (do you remember Triangulation?) and Peter @bl4sty keeps on winning pwn2own thanks to it #TheSAS2025

slides can be found here:

thanks to everyone who attended my #TheSAS2025 talk "Typographic hit job: when fonts pull the trigger". 🙏 I've written an accompanying blogpost that goes over all the details: