Update: the AUR compromise appears to be ongoing After the initial incident affecting 1,500 packages, another wave of malicious AUR packages has been discovered. This time the attackers reportedly used code obfuscation to better conceal the malicious behavior. Affected packages included Node.js packages, Firefox-related packages, LibreWolf extensions, NeoVim plugins and others. If you’re using #Arch Linux and install software from AUR, I’d review recently updated packages and keep an eye on this story. phoronix.com/news/Arch-Linux…

"All I'm saying is It's a new era now, and things are about to get really weird. So you should keep your code close to your vest. And pick your friends wisely." - Harold Finch

I've had this side project on the backburner for a long time... The XGecu line of universal programmers are awesome, but they come with some of the sketchiest proprietary Windows software ever. (XGPro) MiniPro is an software program made to interact with the XGecu hardware. An open source XGPro alternative.

At @BsidesHbg yesterday I did a talk about how I built a modular asset discovery framework by using open source tooling to help automate my work when handling large engagements. That tool is called cygor: github.com/tjnull/cygor

Running a bleeding edge 🩸🔪 Linux kernel on iPod nano (7th generation) #linux #ipod #ipodnano

Oblique Relay- Cloudflare Workers edge redirector for red team ops. Validates implant traffic against your C2 profile. KV-backed profile import, Durable Object session tracking. No more hand-translating C2 URIs into rewrite rules. errantpacket.com/blog/obliqu…

It appears that Microsoft removed the discovery of all domains in a tenant through ACS, a technique that I shared at my BH/DC talks last summer (though probably not many people spotted the reference). I found it out during a live demo of course 🙃

New way to use skills to get RCE: Just include tests. npx skills add will include test files. Most js/ts test runners (Vitest/Jest) execute **/*.test.* anywhere in the repo by default, including inside .agents/skills. When the dev runs tests locally, your code executes.

I swear the best advice i got was to learn your own path. If you follow too closely to tutorials you'll be stuck hunting the same bugs as everyone else Learn the fundamentals then just start hunting until you are comfortable in your environment Once your comfortable only THEN do you start referencing other people's more specific methodologies

During your pentest mission, please don’t make the same mistake I did. Add printer IPs to your exclusion list when running Nuclei. Otherwise, the printer will interpret every packet sent to port 9100 as a print job.

Found this TINY flash chip on the DistrictCon conference badge and just had to remove it and dump the firmware 🤣 First time using my USON8 2x3 adapter

Hello, The year is coming to a conclusion. Thank you everyone for another wonderful year. Once the next round of giveaways finish I'll probably be AFK-ish. I am extremely fatigued from work and life. I'm not sure if it's possible, but I would like to be able to nap somewhere between 240 to 480 hours. Thank you everyone for the fun times and sticking with me while I deal with a vx-underground and a newborn baby. I wholeheartedly appreciate all the kind words and support all of you have shown me. Many of you are great, caring, and compassionate people. I have some good news and some neutral news. The good news is that I have completed (within reason) collecting every easily discoverable malware analysis paper on the internet. Yes, of course one or two may be missing here or there, but I feel like 14,000 papers over the time span of 2 decades is pretty good. The neutral news is that moving forward vx-underground will primarily be keeping up to date on things. This isn't necessarily good or bad, but this means updates to vx-underground will be significantly smaller and fewer. Truthfully, I'm not sure what to do anymore. I started the website with the goal of collecting malware source code, samples, and papers. I've collected 34TB (if decompressed) over 6.5 years. I feel like it would be a betrayal to my audience to continually make silly posts all day, everyday. I sort of worked myself out of a job, I don't know.

Yesterday I shared my proof-of-concept on disabling Bitlocker using undocumented COM objects. @thebookisclosed decided to implement my code in C#.NET C: pastebin.com/raw/knQNbG4U C#: pastebin.com/raw/JhtcWPSM Behold the pain of C/C WINAPI vs. C#.NET.

Calling all students! We’re giving away free tickets to our upcoming conference. To apply, email info@bsidesct.org us with: Why you’re interested in infosec & Something that shows your effort (project, blog, etc.) We’ll pick winners based on passion & initiative. Don’t miss out!

Remove the v word, and keep the second part of that sentence, what changes? I don’t get the hysteria, it’s the exact same principles and methodology that you apply. You think code blindly pasted from stackoverflow or random forums was adequate?

I tried using Claude Code to write platform-specific SIMD implementations for several functions I never got around to optimizing. I gave it full control to modify the code, run tests, benchmark, and make any tweaks it deem necessary. And here's the most amazing part: it actually DID IT P.S. even though nothing works, all the tests are failing, and, hilariously enough, there's not a single SIMD intrinsic used lol.🫡 Claude

CVE-2025-49596: Critical RCE in Anthropic MCP Inspector I stumbled across a nasty 0day in Anthropic’s official MCP Inspector. Turns out: any public website could have exploited it to run arbitrary bash commands.

@snackspacecon @HackRedCon @HackSpaceCon thank you all so much for making me and my friends feel like family. Everyone involved pours their heart into this community and it shows. I hope to pay it back and pay it forward for years to come.

PHRACK is coming to @defcon! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72