Forwarded from 🐱 Ch. | 挪瓦咖啡配苕皮套餐 TV (webRTCCat | Present Day, Present Time)
GitHub
AMD: Microcode Signature Verification Vulnerability
### Summary
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...
蓝队的一万道纵深防御都比不上开发的一次真情流露,我觉得安全开发在防护设备走得太远,却连开发跟你说“前端没有调这个接口,没有安全问题”的情况都解决不了。虽然业务逻辑漏洞是不可计算问题,但你们J2EE领域就不能出一点secure by default的框架和方案吗
悲报:这两年经济不好,业务缩水挤走了很多弱智开发,新上的应用少了,洞也就跟着少了
喜报:vibe coding这块给大伙送来了vibe exploiting
悲报:这两年经济不好,业务缩水挤走了很多弱智开发,新上的应用少了,洞也就跟着少了
喜报:vibe coding这块给大伙送来了vibe exploiting
💊15🎉1
为全面落实疫情防控工作,进一步阻断新冠肺炎病毒传播风险,今天电报街道疫情防控指挥部启动全员核酸检测,请广大居民做好个人防护,就近进行核酸检测,采样时间隔1米有序排队、遵守公共秩序,采样后迅速离开。检测时间为今天下午14时至16时30分,晚上18时30分至21时。
💊13🎉2
不知道是不是错觉,主观感受上,明明电子数据取证和(toC/toB的)数据恢复是同一类技术,但居然是完全两个赛道两拨儿不同的人在干活,后者难度高反而更牛马。或者说,DF的程序正义和证据识别的部分,学习成本其实远比拆盘、扫扇区、重建、仿真乃至在生dump里捡文件系统/文件尸块拼起来要低得多;但是前者toG领域的商业价值远比后者在C/B收的费用要贵,竞赛氛围也更浓厚——然而当代很多取证比赛甚至连“手动利用Android Nday/错误配置越权读/data”之类的都不敢考,还是停留在E01怼到一键仿真,或是Volatility嗯扫内存dump上。
💊7
Forwarded from &'a ::rynco::UntitledChannel (didi)
哪个字体里的
tl;dr:Courier New
https://www.youtube.com/watch?v=azDaPm13CT8
论文: http://dx.doi.org/10.13140/RG.2.2.35453.88802
I 最适合做工字钢?tl;dr:
https://www.youtube.com/watch?v=azDaPm13CT8
论文: http://dx.doi.org/10.13140/RG.2.2.35453.88802
YouTube
Which Font Makes the Best ⌶-Beam?
I spent three years trying to find out which typeface's capital "I" makes the best I-beam. Along the way I learned how fonts came to be and why I beams look the way they do.
Huge thanks to Coby, Hayami, Kerri, and the teams at the MIT Hobby Shop and MakerWorkshop.…
Huge thanks to Coby, Hayami, Kerri, and the teams at the MIT Hobby Shop and MakerWorkshop.…
💊2
Forwarded from vx-underground
Hi,
We've archived the MITRE CVE database. The CVE DB is free and open source on GitHub. However, we're providing a backup location for the data. We doubt it'll magically disintegrate in ash, but if it does we have a copy.
https://vx-underground.org/Archive/CVE
We've archived the MITRE CVE database. The CVE DB is free and open source on GitHub. However, we're providing a backup location for the data. We doubt it'll magically disintegrate in ash, but if it does we have a copy.
https://vx-underground.org/Archive/CVE
🎉1
https://www.kandji.io/blog/pasivrobber
TLDR:恁美国OSINT又对着China哈气了,路边拾了个美亚的取证工具一通分析然后怪他主机信息收集太多
Meiya:什么叫我竟然收集信息了,我不收集信息我干嘛
TLDR:恁美国OSINT又对着China哈气了,路边拾了个美亚的取证工具一通分析然后怪他主机信息收集太多
Meiya:什么叫我竟然收集信息了,我不收集信息我干嘛
:你们美国OSINT就不能至少要求一下,做中国威胁情报一定要懂汉语
:错了 做中国情报一定要不懂汉语(
不然就不好意思喊了
The-Sequence
PasivRobber: Chinese Spyware or Security Tool?
In March 2025, our team found a suspicious mach-O file named wsus. Read the full analysis on its likely origins, target users, and observed functionality.
Forwarded from vx-underground
Drama++
The United States government is using a fork of Signal called "TM SGNL". TM SGNL is (likely) produced by an Israeli firm (Smarsh) which is (or related to in some capacity) the Israel Defense Forces' Intelligence unit. Although these claims are based on self-described biographies of the creators of TM SGNL and publicly available information. Various journalists and media outlets have reported differently.
TM SGNL is a part of the Smarsh communication suite called TeleMessage hence TeleMessage Signal.
TM SGNL is not publicly available for download.
TM SGNL source code was leaked online May 3rd when an anonymous source tipped journalist Micah Flee about TM SGNL being available for download ... by accident. Smarsh left the source code to their application exposed because they used WordPress and misconfigured directory permissions which looked like so:
/wp-content/uploads/2024/12/Signal-iOS-main.zip
/wp-content/uploads/2024/12/Signal.zip
Journalist Micah Flee has made the source code available on GitHub. The source code also includes hardcoded credentials (and got knows what else)
You can read more about the leak, the contents of the leak, and you can find the link to the source code in the attached article below.
The United States government is using a fork of Signal called "TM SGNL". TM SGNL is (likely) produced by an Israeli firm (Smarsh) which is (or related to in some capacity) the Israel Defense Forces' Intelligence unit. Although these claims are based on self-described biographies of the creators of TM SGNL and publicly available information. Various journalists and media outlets have reported differently.
TM SGNL is a part of the Smarsh communication suite called TeleMessage hence TeleMessage Signal.
TM SGNL is not publicly available for download.
TM SGNL source code was leaked online May 3rd when an anonymous source tipped journalist Micah Flee about TM SGNL being available for download ... by accident. Smarsh left the source code to their application exposed because they used WordPress and misconfigured directory permissions which looked like so:
/wp-content/uploads/2024/12/Signal-iOS-main.zip
/wp-content/uploads/2024/12/Signal.zip
Journalist Micah Flee has made the source code available on GitHub. The source code also includes hardcoded credentials (and got knows what else)
You can read more about the leak, the contents of the leak, and you can find the link to the source code in the attached article below.
Forwarded from vx-underground
vx-underground
Drama++ The United States government is using a fork of Signal called "TM SGNL". TM SGNL is (likely) produced by an Israeli firm (Smarsh) which is (or related to in some capacity) the Israel Defense Forces' Intelligence unit. Although these claims are based…
micahflee
Here's the source code for the unofficial Signal app used by Trump officials
💡Update May 4, 2025: I have published quite the follow-up story, if I may say so myself: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I've written a new detailed analysis. The findings are based on the TM SGNL source code and are…
Update May 6, 2025: I've written a new detailed analysis. The findings are based on the TM SGNL source code and are…