Forwarded from -
ما با موفقیت به اپراتور همراه اول و نظام صنفی رایانه ای کشور نفوذ کردیم و جزئیات این اقدام که در اعتراض به اینترنت پرو انجام شده بزودی منتشر خواهد شد
🔥5👏3❤2🤔2🤯2💔2
-
ما با موفقیت به اپراتور همراه اول و نظام صنفی رایانه ای کشور نفوذ کردیم و جزئیات این اقدام که در اعتراض به اینترنت پرو انجام شده بزودی منتشر خواهد شد
[ + ] They appear from no where
[ + ] say we are fighting GOV
[ + ] leak some MCI internal chats
[ + ] start sharing VPNs
plz don't fight 😆
[ + ] say we are fighting GOV
[ + ] leak some MCI internal chats
[ + ] start sharing VPNs
plz don't fight 😆
❤8👎1👏1🗿1
LLM Internals
Learn LLM internals step by step - from tokenization to attention to inference optimization.
https://github.com/amitshekhariitbhu/llm-internals
Learn LLM internals step by step - from tokenization to attention to inference optimization.
https://github.com/amitshekhariitbhu/llm-internals
❤4👍3👾3🔥1
Ghost Operators: How Israeli Telecoms Were Exploited to Track Citizens Worldwide
Report shows how an SMS exploit turns smartphones into tracking devices – and how 4G and 5G networks are abused
https://www.haaretz.com/israel-news/security-aviation/2026-05-03/ty-article-magazine/ghost-operators-how-israeli-telecoms-were-exploited-to-track-citizens-worldwide/0000019d-e9c0-dd9a-a79d-ede90a450000
Report shows how an SMS exploit turns smartphones into tracking devices – and how 4G and 5G networks are abused
https://www.haaretz.com/israel-news/security-aviation/2026-05-03/ty-article-magazine/ghost-operators-how-israeli-telecoms-were-exploited-to-track-citizens-worldwide/0000019d-e9c0-dd9a-a79d-ede90a450000
❤7👍1
Copy Fail (CVE-2026-31431): Technical summary of this Linux flaw
https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/
https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/
❤4🔥1
Forwarded from Stuff for Geeks (Нossein)
USB Made Simple
An introduction to USB
https://web.archive.org/web/20141226231324/http://www.usbmadesimple.co.uk/ums_1.htm
An introduction to USB
https://web.archive.org/web/20141226231324/http://www.usbmadesimple.co.uk/ums_1.htm
web.archive.org
USB Made Simple - Part 1
Introduction to USB.
❤2
gdrv3.sys – Reverse Engineering a Signed Kernel Driver with 13 Hardware Access Primitives
https://core-jmp.org/2026/05/gdrv3-sys-reverse-engineering-a-signed-kernel-driver-with-13-hardware-access-primitives/
https://core-jmp.org/2026/05/gdrv3-sys-reverse-engineering-a-signed-kernel-driver-with-13-hardware-access-primitives/
🔥2❤1
A critical no-interaction proximal/adjacent remote code execution vulnerability in adbd's ADB-over-TCP authentication path.
https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/
#CVE-2026-0073
https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/
#CVE-2026-0073
❤2
How an Omitted Write Barrier in V8 Turns Into RCE in Chrome: #CVE-2026-5865
https://nebusec.ai/research/v8-maglev-incorrect-phis-untagging/
https://nebusec.ai/research/v8-maglev-incorrect-phis-untagging/
🔥3
Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
از اینترنت باز تا حاکمیت اینترنتی: ایران در آستانه عصر تازهای از سرکوب دیجیتال
https://filter.watch/2026/04/20/nvestigative-report-april-2026-from-the-open-internet-to-internet-sovereignty/
https://filter.watch/2026/04/20/nvestigative-report-april-2026-from-the-open-internet-to-internet-sovereignty/
❤2
Any app on recent Android versions can leak certain traffic
A recently discovered bug in Android 16 allows any app to leak traffic outside the VPN tunnel.
As reported in the post The Tiny UDP Cannon: An Android VPN Bypass, Android 16 introduced a bug that allows a malicious app to send traffic outside the VPN tunnel, including with “Always-On VPN” + “Block connections without VPN” turned on. This affects all VPN apps, not just Mullvad VPN. This blog post aims to spread knowledge about this issue to help keep our users safe.
https://mullvad.net/en/blog/any-app-on-recent-android-versions-can-leak-certain-traffic
A recently discovered bug in Android 16 allows any app to leak traffic outside the VPN tunnel.
As reported in the post The Tiny UDP Cannon: An Android VPN Bypass, Android 16 introduced a bug that allows a malicious app to send traffic outside the VPN tunnel, including with “Always-On VPN” + “Block connections without VPN” turned on. This affects all VPN apps, not just Mullvad VPN. This blog post aims to spread knowledge about this issue to help keep our users safe.
https://mullvad.net/en/blog/any-app-on-recent-android-versions-can-leak-certain-traffic
🔥4
Mullvad exit IPs as a fingerprinting vector
Mullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs.With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.Surprisingly, the exit IP you are given is not randomized each time you connect to the server, but deterministically picked based on your WireGuard key, which rotates every 1 to 30 days (unless you use a third-party client, in which case it never rotates).But wait.. if each server assigns you an independently picked static exit IP, wouldn’t just a few of those be enough to uniquely identify you among every other Mullvad user?
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
Mullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs.With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.Surprisingly, the exit IP you are given is not randomized each time you connect to the server, but deterministically picked based on your WireGuard key, which rotates every 1 to 30 days (unless you use a third-party client, in which case it never rotates).But wait.. if each server assigns you an independently picked static exit IP, wouldn’t just a few of those be enough to uniquely identify you among every other Mullvad user?
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
❤3
Static Devirtualization of Themida
This article demonstrates devirtualization of CodeVirtualizer/Themida protected code, however the techniques described here apply to pretty much every virtual machine based obfuscator. Only requiring some minor modifications to support each of them. The following is a non-exhaustive list of obfuscators that can be reduced using the technique described in this article.
https://back.engineering/blog/09/05/2026/
This article demonstrates devirtualization of CodeVirtualizer/Themida protected code, however the techniques described here apply to pretty much every virtual machine based obfuscator. Only requiring some minor modifications to support each of them. The following is a non-exhaustive list of obfuscators that can be reduced using the technique described in this article.
https://back.engineering/blog/09/05/2026/
👍5❤2
Comprehensive technical analysis of the MitM attack in the "Telega" app
On the 18th of March creators of a third-party Telegram client called “Telega” activated a hidden feature that enables interception of all traffic between users of their applications and Telegram servers by putting it through servers controlled by them.
Unfortunately, there’s not much info about that, so we’ve made this article with a comprehensive and reproducible analysis of malicious behaviour.
https://dontusetelega.lol/analysis-en
On the 18th of March creators of a third-party Telegram client called “Telega” activated a hidden feature that enables interception of all traffic between users of their applications and Telegram servers by putting it through servers controlled by them.
Unfortunately, there’s not much info about that, so we’ve made this article with a comprehensive and reproducible analysis of malicious behaviour.
https://dontusetelega.lol/analysis-en
🥰4👍1
Media is too big
VIEW IN TELEGRAM
Iranian monarchists say girl's school bombing was "worth it," call for American ground invasion of Iran
💔44🤯4👎2🔥2❤1🥰1