I never had any Game Boy (or even Nintendo product) before. But when I bought my first GBA ~4 months ago, I got addicted to it. And not just the games, but the whole “pimping” possibilities. #gameboy #zelda

Some think I'm joking about catching a defcon talk in the bathroom. Not only was there a talk in the shower, but it was the best talk I saw all weekend.

.@zh4ck hilarious IoT hacks presentation at DEFCON

Doorbell sends your home wifi pwd in http to some unknown server ✅ 👍

🐬András will dive deep into #OpenThread technology and showcase the newly developed Flipper Zero Thread radio extension board. Insights into Thread network configurations, security risks, and a hands-on demo—including modifying an NRF USB dongle for Flipper Zero compatibility.

My Discord client, Discord Messenger, now runs on Windows 98! (And also, 95, but you need extra stuff. Win98SE runs it right out of the box.)

It’s my mom. I don’t talk about my personal life on here a lot, ok…ever, but in this case it’s my mom. She’s been battling breast cancer, isn’t able to work, and we’re trying to get her some help. Thanks to anyone who can donate, we really appreciate it. gofundme.com/f/kexk7q-help-s…

“My wife complains that open office will never print on Tuesdays” A bizarre sentence; which kicked off one of the most interesting bug hunts in Ubuntu’s history. It all starts with some goofy pattern matching.

1994: Kevin Mitnick allegedly performed a remote attack against Tsutomu Shimomura’s personal computer, gaining access by using source address spoofing and TCP sequence prediction. But did he actually perform the attack? 👇

Just in time for Christmas: a repository for decrypting many encrypted D-Link firmware images. Also integrated into Binwalk for auto-magic decryption & extraction. github.com/devttys0/delink

Open sourced my Light Color (GBC in a GB Light shell) PCB! (without the cool Tahk0 art sorry). Merry Christmas github.com/nataliethenerd/Lo…

I was recently asked whether I was concerned about China adding hardware implants to commercial devices. My answer was no. But I do wish I spent the time to follow up about what is more of an issue for consumers: stuff like this. Possibly even more so: general IoT slop. It’s not exclusive to China. But China is also where most bottom cost devices come from. Whether it’s the firmware running on the hardware, or the app you install on your phone. It’s often built by copy/pasting existing work & the mfg/seller has no idea what any of it does. This is why those things are so cheap! It’s very similar to someone downloading a 3D model, clicking “print” on their 3D printer, & selling what comes out. Just a few extra steps for certain electronics. If you have a relatively secure device and you are connecting IoT slop to it, or running their apps on your device… you’re basically running random code that someone found for free or very low cost. If code was something physical that you could see & touch, people would care and value it. But it’s invisible magic so few people care.

CEO asked me “what are we doing about Russians exploiting 0days in AI” Meanwhile our servers are on Ubuntu 14, our SRE team quit, IT is pasting bash scripts into the JAMF editor untested, and the CFO has a 2-star chrome extension to make gmail’s font comic sans

E2E encryption is so hot right now! The Feds: Did we really say that E2E encryption would cause the criminals to win? Look right here...

MOTHER OF ... THIS IS AMAZING!!! WE DID IT! 2024 and the world has said in formal documents: DO NOT USE A CONSUMER VPN!! If I had time I would bake a CISA CYBER CAKE! I have a feeling they will not be the only agency.... #VPN #CYBER #SECURITY

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit/ for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈‍

I will pay $1000 to the first person that can demonstrate actual critical impact out of this vuln

31 years ago, DOOM launched and changed gaming forever. We're still proud of what we created and grateful for the community that's kept the fire burning. Here's to more demons, more mayhem, and more memories! 👹 #DOOM31

Want to play a fun prank on an Azure admin you know? 1. Create an account in your own tenant, configure SMS MFA w your target's phone. 2. Log in, which sends an SMS. 3. Sit back and watch them as they try to figure out which account is compromised! 4. Repeat login until they've gone completely mad. Microsoft MFA SMS messages don't say what account they are for. Great design.