π° Daily News Digest
π Saturday, June 6, 2026
π΅ #tech
β’ Founders Fund launches game show starring Sam Altman, Palmer Luckey, and other t...
π Link
β’ NSA said to be readying Anthropicβs Mythos for use in cyber operations
π Link
π₯ #hackernews
β’ The intracies of modern camera lens repair (2024)
π Link
β’ Lockdown Mode
π Link
π€ R3ID Bot
π Saturday, June 6, 2026
π΅ #tech
β’ Founders Fund launches game show starring Sam Altman, Palmer Luckey, and other t...
π Link
β’ NSA said to be readying Anthropicβs Mythos for use in cyber operations
π Link
π₯ #hackernews
β’ The intracies of modern camera lens repair (2024)
π Link
β’ Lockdown Mode
π Link
π€ R3ID Bot
TechCrunch
Founders Fund launches game show starring Sam Altman, Palmer Luckey, and other tech elites | TechCrunch
The debut episode, moderated by Founders Fund chief marketing officer Mike Solana, included a star-studded cast of current tech luminaries.
π― Daily Tech Quiz
π§ RDP Security Group Restriction in Active Directory
π‘ Hint: Check domain-level policies that might override local security settings.
π Tap your answer below!
π§ RDP Security Group Restriction in Active Directory
A system administrator configured Remote Desktop access for a group of users in an Active Directory domain. The group is part of the 'Remote Desktop Users' built-in group on a domain-joined Windows Server. Users in this group report intermittent 'The connection was denied because the user account is not authorized for remote login' errors. The server's local security policy is set to 'Allow log on through Remote Desktop Services' for the 'Remote Desktop Users' group. Firewall rules permit RDP traffic, and the users' accounts are not locked or disabled. What is the most likely root cause of this issue?π‘ Hint: Check domain-level policies that might override local security settings.
π Tap your answer below!
RDP Security Group Restriction in Active Directory
Anonymous Quiz
50%
The users' accounts require 'Log on as a service' permissions in the domain.
0%
The 'Remote Desktop Services' service is not running on the server.
50%
The 'Deny log on through Remote Desktop Services' policy is applied to the users' organizational ...
0%
Network Level Authentication (NLA) is disabled on the server.
π r3id
Sniffer Detection in Local Network
π Pastebin: https://pastebin.com/ztXfsuG8
π Visit Store: @r3idstore_bot
#KaliLinux
Sniffer Detection in Local Network
π Pastebin: https://pastebin.com/ztXfsuG8
π Visit Store: @r3idstore_bot
#KaliLinux
Pastebin
r3id Content - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
π¬ Hacker Story
ββββββββββββββββββββββ
2017 β’ Research
Apache Struts2 Remote Code Execution Discovery
In March 2017, security researcher Man Yue Mo of Semmle discovered a critical vulnerability in Apache Struts2, a popular Java web framework. The flaw, tracked as CVE-2017-5638, resided in the framework's Jakarta Multipart parser, which failed to properly handle Content-Type headers in file upload requests. Exploiting this, attackers could send maliciously crafted HTTP requests with a Content-Type value containing Object-Graph Navigation Language (OGNL) expressions. When processed by the server, these expressions could execute arbitrary commands on the underlying system. The vulnerability affected millions of servers globally, including those used by major organizations like Equifax. Within months, proof-of-concept exploits emerged, leading to widespread attacks leveraging the flaw. The breach of Equifax in 2017, later linked to this vulnerability, resulted in the exposure of sensitive data of 147 million people. The incident underscored the dangers of unpatched third-party libraries and the cascading impact of single vulnerabilities on global infrastructure.
π§ Technique: Content-Type header manipulation with OGNL injection in file upload requests
π‘ Lesson: Third-party library vulnerabilities can have catastrophic consequences, emphasizing the need for rigorous patch management and dependency scanning in software development lifecycles.
ββββββββββββββββββββββ
π€ R3ID Bot
ββββββββββββββββββββββ
2017 β’ Research
Apache Struts2 Remote Code Execution Discovery
In March 2017, security researcher Man Yue Mo of Semmle discovered a critical vulnerability in Apache Struts2, a popular Java web framework. The flaw, tracked as CVE-2017-5638, resided in the framework's Jakarta Multipart parser, which failed to properly handle Content-Type headers in file upload requests. Exploiting this, attackers could send maliciously crafted HTTP requests with a Content-Type value containing Object-Graph Navigation Language (OGNL) expressions. When processed by the server, these expressions could execute arbitrary commands on the underlying system. The vulnerability affected millions of servers globally, including those used by major organizations like Equifax. Within months, proof-of-concept exploits emerged, leading to widespread attacks leveraging the flaw. The breach of Equifax in 2017, later linked to this vulnerability, resulted in the exposure of sensitive data of 147 million people. The incident underscored the dangers of unpatched third-party libraries and the cascading impact of single vulnerabilities on global infrastructure.
π§ Technique: Content-Type header manipulation with OGNL injection in file upload requests
π‘ Lesson: Third-party library vulnerabilities can have catastrophic consequences, emphasizing the need for rigorous patch management and dependency scanning in software development lifecycles.
ββββββββββββββββββββββ
π€ R3ID Bot
π r3id
Docker Multi-Stage Build for Node.js Application
π Pastebin: https://pastebin.com/hW1a1Jz9
π Visit Store: @r3idstore_bot
#CTF
Docker Multi-Stage Build for Node.js Application
π Pastebin: https://pastebin.com/hW1a1Jz9
π Visit Store: @r3idstore_bot
#CTF
Pastebin
r3id Content - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
π r3id
Subdomain Enumeration with Amass and Additional Data Sources
π Pastebin: https://pastebin.com/LgFjVQaA
π Visit Store: @r3idstore_bot
#Pentesting
Subdomain Enumeration with Amass and Additional Data Sources
π Pastebin: https://pastebin.com/LgFjVQaA
π Visit Store: @r3idstore_bot
#Pentesting
Pastebin
r3id Content - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
π‘οΈ Hacker Story
ββββββββββββββββββββββ
2018 β’ Ethical
The Airline Boarding Pass Flaw
In 2018, security researcher Justin Shafer discovered a critical flaw in a major airline's online booking system through their bug bounty program. By manipulating a parameter in the boarding pass URL, he could access the boarding passes of other passengers, exposing personal details like names, flight numbers, and seat assignments. He reported the issue via responsible disclosure, allowing the airline to patch it before public disclosure. Shafer later presented his findings at DEF CON 26, emphasizing the importance of secure URL parameter handling and data isolation. The airline credited his ethical approach, and the flaw was fixed within 48 hours of reporting. This case highlights how bug bounty programs can uncover vulnerabilities before malicious actors exploit them.
π§ Technique: Parameter tampering and session prediction (URL manipulation without authentication)
π‘ Lesson: Even minor implementation flaws in public-facing systems can lead to significant privacy breaches; responsible disclosure and bug bounty programs provide structured pathways to mitigate risks without enabling exploitation.
ββββββββββββββββββββββ
π€ R3ID Bot
ββββββββββββββββββββββ
2018 β’ Ethical
The Airline Boarding Pass Flaw
In 2018, security researcher Justin Shafer discovered a critical flaw in a major airline's online booking system through their bug bounty program. By manipulating a parameter in the boarding pass URL, he could access the boarding passes of other passengers, exposing personal details like names, flight numbers, and seat assignments. He reported the issue via responsible disclosure, allowing the airline to patch it before public disclosure. Shafer later presented his findings at DEF CON 26, emphasizing the importance of secure URL parameter handling and data isolation. The airline credited his ethical approach, and the flaw was fixed within 48 hours of reporting. This case highlights how bug bounty programs can uncover vulnerabilities before malicious actors exploit them.
π§ Technique: Parameter tampering and session prediction (URL manipulation without authentication)
π‘ Lesson: Even minor implementation flaws in public-facing systems can lead to significant privacy breaches; responsible disclosure and bug bounty programs provide structured pathways to mitigate risks without enabling exploitation.
ββββββββββββββββββββββ
π€ R3ID Bot
πΎ Hacker Story
ββββββββββββββββββββββ
1960 β’ Hacker History
The Birth of Phreaking and the MIT AI Lab Ethos
In the early 1960s, MIT's AI Lab became a crucible for hacker culture, fostering an ethos of exploration and shared knowledge. Students and researchers like Richard Stallman and early phreakers, including John Draper, emerged from this environment. Draper's discovery in the late 1960s that a toy whistle from a cereal box could mimic telephone network tones to make free long-distance calls marked the beginning of phreaking. This era was defined by curiosity-driven experimentation, often crossing ethical lines as hackers repurposed technology for personal gain or intellectual challenge. The phone system, then a network of analog switches, was particularly vulnerable, offering a playground for those who understood its inner workings. Unlike later cybercrime, early phreaking was often a social activity, with communities sharing tips in underground magazines like *Youth International Party Line* (YIPL) and *Technological Assistance Program* (TAP). The culture was rooted in the belief that information should be free, though the methods sometimes clashed with legal and ethical norms. These pioneers laid the groundwork for modern hacking, blending idealism with subversion.
π§ Technique: Analog signal manipulation (e.g., blue boxing to exploit phone network tones)
π‘ Lesson: The hacker ethos of free information exchange can lead to both innovation and unintended consequences when ethical boundaries are unclear.
ββββββββββββββββββββββ
π€ R3ID Bot
ββββββββββββββββββββββ
1960 β’ Hacker History
The Birth of Phreaking and the MIT AI Lab Ethos
In the early 1960s, MIT's AI Lab became a crucible for hacker culture, fostering an ethos of exploration and shared knowledge. Students and researchers like Richard Stallman and early phreakers, including John Draper, emerged from this environment. Draper's discovery in the late 1960s that a toy whistle from a cereal box could mimic telephone network tones to make free long-distance calls marked the beginning of phreaking. This era was defined by curiosity-driven experimentation, often crossing ethical lines as hackers repurposed technology for personal gain or intellectual challenge. The phone system, then a network of analog switches, was particularly vulnerable, offering a playground for those who understood its inner workings. Unlike later cybercrime, early phreaking was often a social activity, with communities sharing tips in underground magazines like *Youth International Party Line* (YIPL) and *Technological Assistance Program* (TAP). The culture was rooted in the belief that information should be free, though the methods sometimes clashed with legal and ethical norms. These pioneers laid the groundwork for modern hacking, blending idealism with subversion.
π§ Technique: Analog signal manipulation (e.g., blue boxing to exploit phone network tones)
π‘ Lesson: The hacker ethos of free information exchange can lead to both innovation and unintended consequences when ethical boundaries are unclear.
ββββββββββββββββββββββ
π€ R3ID Bot
π° Daily News Digest
π Sunday, June 7, 2026
π΅ #tech
β’ The US Has a Plan to Combat Screwworm. It Involves a Lot More Flies
π Link
β’ NSA said to be readying Anthropicβs Mythos for use in cyber operations
π Link
π₯ #hackernews
β’ I design with Claude more than Figma now
π Link
π€ R3ID Bot
π Sunday, June 7, 2026
π΅ #tech
β’ The US Has a Plan to Combat Screwworm. It Involves a Lot More Flies
π Link
β’ NSA said to be readying Anthropicβs Mythos for use in cyber operations
π Link
π₯ #hackernews
β’ I design with Claude more than Figma now
π Link
π€ R3ID Bot
WIRED
The US Has a Plan to Combat Screwworm. It Involves a Lot More Flies
Releasing sterilized flies can crash a local population of flesh-eating screwworms. But the US currently has limited capacity to produce them.
π― Daily Tech Quiz
π§ Log File Analyzer with Rotation
π‘ Hint: Look for a script that both processes log content and handles archive rotation within dated subdirectories while also cleaning up old archives.
π Tap your answer below!
π§ Log File Analyzer with Rotation
You are tasked with creating a shell script to analyze logs in /var/log/app and generate a daily summary report. The script should process all .log files, count occurrences of specific error keywords, and rotate old log files by moving them to a dated archive directory inside /var/log/app/archives. The script must handle cases where the archive directory doesn't exist, ensure the summary file is timestamped, and only keep the last 7 days of archives. Which of the following script snippets correctly implements the core functionality for processing log files and rotating archives?π‘ Hint: Look for a script that both processes log content and handles archive rotation within dated subdirectories while also cleaning up old archives.
π Tap your answer below!
Log File Analyzer with Rotation
Anonymous Quiz
0%
#!/bin/bash log_dir="/var/log/app" archive_dir="$log_dir/archives/$(date +%Y-%m-%d...
0%
#!/bin/bash log_dir="/var/log/app" archive_dir="$log_dir/archives" mkdir -p &...
0%
#!/bin/bash log_dir="/var/log/app" archive_dir="$log_dir/archives/$(date +%Y-%m-%d...
0%
#!/bin/bash log_dir="/var/log/app" archive_dir="$log_dir/archives" mkdir -p &...
π r3id
SSTI Bypass via Custom Payload
π Pastebin: https://pastebin.com/gTXExdXv
π Visit Store: @r3idstore_bot
#CTF
SSTI Bypass via Custom Payload
π Pastebin: https://pastebin.com/gTXExdXv
π Visit Store: @r3idstore_bot
#CTF
Pastebin
Possible Spam Detected - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.