Real pain is reading "HackerOne triage closed the report and changed the status to Duplicate" on ALL of your reported CRITICAL RCE vulnerabilities.

we just dropped a few new posts on the blog: sigreturn.com/blog browser exploitation methodology, SROP, PAC pointers, and breaking ransomware encryption. let us know what you think, and whether you'd like more like these.

Petite update sur ce compte X, mes activités etc. pour clarifier quelques points. Ceci est mon compte personnel, je poste tout et n'importe quoi, en anglais, en français... sur la crypto, cybersécu ou même juste du bullshit. J'avais un blog personnel (qui est toujours up d'ailleurs, c'est ech0.re) mais il ne sera plus maintenu à jour. J'ai récemment ouvert une entreprise nommée Sigreturn Labs, grosso modo pour du service cybersécu (forensics, RE, audit...) et pour certains produits pour expérimenter un peu. J'en ai profité pour faire un nouveau site web sigreturn.com, et la page sigreturn.com/blog qui pour l'instant contient quelques articles transférés depuis ech0.re. En bref, les nouveaux articles techniques, mes activités etc. seront postés sur ce nouveau site. Les trucs "importants" techniques seront également postés sur le compte X de la société @sigreturn_labs. Le but est d'unifier un peu tous mes projets sérieux & blog posts & activités pro en un seul endroit et bâtir une "marque" autour de ça, à la fois pour mon activité indépendante dont je vis (les services cyber notamment), mais aussi mes activités perso R&D (le blog, vuln research indépendant, bug bounty etc.). Au passage, pour ceux que ça intéresse, les services proposés par sigreturn.com (donc moi-même car je suis l'unique associé et employé de la structure) sont de vrais services, que je maîtrise, et dont je vis déjà actuellement, donc n'hésitez pas à me contacter pour discuter de vos projets/missions courtes (car je suis déjà engagé sur une mission longue et je ne peux pas cumuler plusieurs missions longues pour le moment). Le training malware, c'est pareil, je l'ai déjà donné plusieurs fois, ça fonctionne, ça plaît, bref ce n'est pas du bullshit. Concernant mon blog ech0.re, je le laisse open en mode legacy, mais il sera sunset plus tard lorsque le contenu sur sigreturn.com sera plus dense. J'ai prévu d'autres projets autour de cette société, notamment un outil gratuit d'apprentissage de la cybersécurité que je dévoilerai plus tard. Enfin bref, tout ça pour dire que j'ai commencé depuis peu une vie d'indépendant (versus fonctionnaire / salarié que j'ai été toute ma vie), donc j'ai plus de temps pour sortir de nouveaux projets, alimenter le blog, proposer plus de services, etc. Et pourquoi pas recruter des gens plus tard... J'expérimente encore ce nouveau statut et je ne sais pas ce qui marchera ou non sur le long terme, c'est assez nouveau. Et un dernier mot concernant quelques projets "tiers" sur lesquels je communique parfois sur X, typiquement dotid.app (pour la blockchain Polkadot), mes noeuds validateurs, et autres outils basés sur le LLM (chatbot...) sont des projets fun, à but non lucratif, purement en passe-temps / bénévolat. Ce n'est pas mon activité pro, et je n'en touche pas un centime, ça concerne uniquement ma vie perso et mes hobbies du soir / week-end. Preneur de vos suggestions, remarques, ou tout commentaire :)

Petit challenge pour mes collègues reverse engineers: Vous analysez un malware qui n'a visiblement aucune fonction et vous tombez sur ce bout d'instructions près de l'EP. Quelle est votre hypothèse ? Comment faites-vous pour la prouver ? Et comment procédez-vous par la suite pour analyser ce sample ?

Thanks a lot! I'm glad you liked it, and this is not even the Premium version which contains much more customisations and results in a video generated specifically for your product. ;) Check out the examples here: shipcut.app/examples

Generated this launch video for Papertunnel using @ShipCut_app by @ech0re. Honestly impressed by how premium it turned out, definitely not the AI slop I expected . It's free.

Used @ShipCut_app by @ech0re to create a video for @CostariumSpace What do you guys think? Is the core value conveyed ? I personally liked it for a new product, that too on free use.

Signs you're talking with an AI: - Using em dashes (—) - Bold text - Curly quotes (’) instead of straight quotes (') even though on iOS the curly quote is the default on X - Often says something like "it's not <something>, but <something else>" - Unusually long paragraphs - Lots of emojis, arrows and other symbols - Using dots (•) instead of dashes (-) for lists

I launched a new product recently, and one thing that really amazes me is how insane AI workflows have become. Not even the product itself, but the operational layer behind it. I set up a "review and repair" step after each video generation on ShipCut to automatically detect and fix issues when something goes wrong. Today, a user submitted a link and tried to generate a video, but the render failed. Within about 10 minutes, the AI workflow had: - Reviewed the failure and identified a weird edge case. - Prepared the fix, pushed the commit, and redeployed through my existing deployment pipeline. - Put the app in maintenance mode before deploying. - Re-generated the user’s video with the same prompt, URL, and parameters. - Assigned the new successful video to the user’s account without charging extra credits. - Sent a properly formatted apology email explaining what happened. - Included a 50% discount code as a goodwill gesture. - Included a temporary (30 minutes) magic login link to make the “click to video” flow easier. - Noticed the user had not opened the link after 30 minutes and extended its validity. - Sent me a full report afterwards, confirming that the user opened the link and downloaded the corrected video. I’m honestly amazed. One AI-assisted workflow, with the right guardrails, handled QA, debugging, deployment, customer support, post-sale recovery, and reporting. Before I even noticed something had gone wrong, the issue was fixed, the user had received a corrected video, and I had a report in my inbox. I didn’t even spend that much time building this pipeline, which is the crazy part. A workflow like this would normally have taken me hours and a lot of effort to handle manually. If you still haven’t started integrating AI seriously into your workflows, you’re missing the train. I included a screenshot of the email generated and sent to the customer. Pretty amazing to see this kind of automated support loop working end-to-end.

Hey @cursor_ai, is everything alright? Everyone is getting hacked currently, so I'm extra cautious about this.

Something only reverse engineers will understand: the unique ability of recognising a specific malware sample only by looking at the first 4 digits of its SHA256 hash… even years later. 🥲 Cool and sad at the same time

That’s why I avoid npm, it’s the source of all compromises.

I reported the account to X, the domain name to the registrar and the payment profile to the payment service supplier. I also reported the server to the host. None of them responded or took any action. At this point I’m not surprised to see so many scammers everywhere especially in the crypto world.

This is a SCAM. Do NOT use it. A crypto-related account on X (Seed_VaultIO) is advertising a fake “offline” encryption tool that silently exfiltrates sensitive data to their server (/notify.php). For every “encryption” request, the following data is sent out: - Your seed phrase in plaintext - Your location (city, country, country code) - Your user agent (device information) - Your IP address Yes, EVEN THE “offline” HTML MODE contains the SAME exfiltration code embedded, but it fails currently because they poorly developed it. Meanwhile, they publicly claim: “Your data NEVER leaves your device. This tool runs 100% in your browser — no server, no tracking, no data collection.” That is FALSE. If you ever used it, consider your account compromised. Please report the account, the domain, and the associated GitHub profile.

how do you stop buying stuff at @Hak5 i'm addicted

Pas mal X Ads quand même, ça donne envie de payer

Quick challenge for reverse engineers: what's the purpose of this x86 instruction with those operands? nop word ptr [eax eax 00000000h]