#secuity — Public Fediverse posts

#secuity #code #research

Tim (Wadhwa-)Brown :donor: @[email protected] · 2025-11-14 · 20:32 UTC

Interesting Git repos of the week:

Detection:

* https://github.com/EvilBytecode/NoMoreStealers - blocks information stealing malware
* https://github.com/FoxIO-LLC/ja4 - fingerprint the TLS
* https://github.com/facebookexperimental/reverie - intercept all the syscalls from userland
* https://github.com/cilium/tetragon - Tetragon uses eBPF so you don't have to

Bugs:

* https://github.com/xairy/kernel-exploits - bunch of Linux kernel PoCs

Exploitation:

* https://github.com/magisterquis/srsocwamof - cloak of invisibility for .so files
* https://github.com/braindead-sec/ssh-grabber - steal creds, move laterally
* https://github.com/bohops/COM-to-the-Darkside - attacking COM
* https://github.com/magisterquis/wtrtdtmlb - Linux CTF
* https://github.com/mempodippy/vlany - mmm, root kit
* https://github.com/invariantlabs-ai/mcp-injection-experiments - experiments in making non-deterministic models behave

Data:

* https://github.com/sarwarbeing-ai/Agentic_Design_Patterns - design patterns for agentic systems

Nerd:

* https://github.com/LaurieWired/Quine - how about a nice quine?

#secuity #code #research

Tim (Wadhwa-)Brown :donor: @[email protected] · 2025-11-14 · 20:32 UTC

Interesting Git repos of the week:

Detection:

* https://github.com/EvilBytecode/NoMoreStealers - blocks information stealing malware
* https://github.com/FoxIO-LLC/ja4 - fingerprint the TLS
* https://github.com/facebookexperimental/reverie - intercept all the syscalls from userland
* https://github.com/cilium/tetragon - Tetragon uses eBPF so you don't have to

Bugs:

* https://github.com/xairy/kernel-exploits - bunch of Linux kernel PoCs

Exploitation:

* https://github.com/magisterquis/srsocwamof - cloak of invisibility for .so files
* https://github.com/braindead-sec/ssh-grabber - steal creds, move laterally
* https://github.com/bohops/COM-to-the-Darkside - attacking COM
* https://github.com/magisterquis/wtrtdtmlb - Linux CTF
* https://github.com/mempodippy/vlany - mmm, root kit
* https://github.com/invariantlabs-ai/mcp-injection-experiments - experiments in making non-deterministic models behave

Data:

* https://github.com/sarwarbeing-ai/Agentic_Design_Patterns - design patterns for agentic systems

Nerd:

* https://github.com/LaurieWired/Quine - how about a nice quine?

#secuity #code #research

Tim (Wadhwa-)Brown :donor: @[email protected] · 2025-11-14 · 20:32 UTC

Interesting Git repos of the week:

Detection:

* https://github.com/EvilBytecode/NoMoreStealers - blocks information stealing malware
* https://github.com/FoxIO-LLC/ja4 - fingerprint the TLS
* https://github.com/facebookexperimental/reverie - intercept all the syscalls from userland
* https://github.com/cilium/tetragon - Tetragon uses eBPF so you don't have to

Bugs:

* https://github.com/xairy/kernel-exploits - bunch of Linux kernel PoCs

Exploitation:

* https://github.com/magisterquis/srsocwamof - cloak of invisibility for .so files
* https://github.com/braindead-sec/ssh-grabber - steal creds, move laterally
* https://github.com/bohops/COM-to-the-Darkside - attacking COM
* https://github.com/magisterquis/wtrtdtmlb - Linux CTF
* https://github.com/mempodippy/vlany - mmm, root kit
* https://github.com/invariantlabs-ai/mcp-injection-experiments - experiments in making non-deterministic models behave

Data:

* https://github.com/sarwarbeing-ai/Agentic_Design_Patterns - design patterns for agentic systems

Nerd:

* https://github.com/LaurieWired/Quine - how about a nice quine?

#research #code #secuity

Tim (Wadhwa-)Brown :donor: @[email protected] · 2025-11-14 · 20:32 UTC

Interesting Git repos of the week:

Detection:

* https://github.com/EvilBytecode/NoMoreStealers - blocks information stealing malware
* https://github.com/FoxIO-LLC/ja4 - fingerprint the TLS
* https://github.com/facebookexperimental/reverie - intercept all the syscalls from userland
* https://github.com/cilium/tetragon - Tetragon uses eBPF so you don't have to

Bugs:

* https://github.com/xairy/kernel-exploits - bunch of Linux kernel PoCs

Exploitation:

* https://github.com/magisterquis/srsocwamof - cloak of invisibility for .so files
* https://github.com/braindead-sec/ssh-grabber - steal creds, move laterally
* https://github.com/bohops/COM-to-the-Darkside - attacking COM
* https://github.com/magisterquis/wtrtdtmlb - Linux CTF
* https://github.com/mempodippy/vlany - mmm, root kit
* https://github.com/invariantlabs-ai/mcp-injection-experiments - experiments in making non-deterministic models behave

Data:

* https://github.com/sarwarbeing-ai/Agentic_Design_Patterns - design patterns for agentic systems

Nerd:

* https://github.com/LaurieWired/Quine - how about a nice quine?

#secuity #code #research

girl who fucks @[email protected] · 2024-08-04 · 14:30 UTC

I'm #switching to #gnu to get away from all the #corporate #spyware on my #ibm #compatible

Fuck #microsoft and #msdos

https://scottarc.blog/2024/06/04/attacking-nist-sp-800-108/

#switching #gnu #corporate #spyware #ibm #compatible

Scott Arciszewski @[email protected] · 2024-06-04 · 07:57 UTC

#NIST #crypto #cryptography #kdf #prf #secuity #infosec

#nist #crypto #cryptography #kdf #prf #secuity

theHastyOne @[email protected] · 2025-05-29 · 02:54 UTC

While I dont like the Idea of big corporate social media and tech. If you have it make it as secure as you can.

An easy but often overlooked privacy check: review the third-party apps connected to your accounts.

Old or unused apps can still access your data. It's a good habit to audit and remove anything you no longer use or trust.

Start here:

Google: https://myaccount.google.com/permissions
Facebook: https://www.facebook.com/settings?tab=applications
Microsoft: https://account.live.com/consent/Manage
Apple: https://appleid.apple.com/

Stay sharp. Small steps make a big difference.

https://github.com/anchore/syft/releases/tag/v1.13.0
#sbom #secuity

#privacy #secuity

bucketchallenge @[email protected] · 2024-10-05 · 13:36 UTC

Lazy saturday means: more responsible disclosures. The process is now streamlined on my side: a table with bucketnames, status (usually open...), date of first report, date fixed, content and examples is emailed to #aws #secuity

Status at the moment: 26 Buckets reported, out of them are 25 are open. Those buckets contain jucy data as names, birthdays, passports, passwords, resumes, medical data, github token.

It will be very interesting to see the average time to close a bucket for #aws. With n=1 it is 893 days. I hope the n will increase and the number will decrease.

#aws #secuity

Syft @syft · 2024-09-24 · 14:09 UTC

Syft v1.13.0 released 🎉

Some "enriching" features and fixes in this one! 🥳

#sbom #secuity

Colin Jackson @[email protected] · 2024-08-12 · 21:06 UTC

@_L1vY_ @falcennial Thanks for the #secuity heads-up about AI becoming turned on by default in #Zoom.

There’s a lot of switches to turn Off to disable AI Companion. If Zoom keeps reminding me that it thinks it’s more than a video-calling tool I’ll not renew my subscription and use something free instead.

#secuity #zoom

Adam John @[email protected] · 2024-07-06 · 17:07 UTC

Wow... #RockYou2024 is definitely gonna rock some houses in a pretty bad way. Still digging into it, but folks - please keep your head on a swivel and start to change passwords, NOW. Don't wait for results. Frequently changing passwords is good practice anyhow, so change everything as you're able as a practice and you'll be safer from the starting line. Make it a habit. #cybersec #technology #secuity

#rockyou2024 #cybersec #technology #secuity

Vitex @[email protected] · 2024-04-22 · 10:14 UTC

#secuity #malware
#GitHub comments abused to push malware via Microsoft repo URLs
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/

#secuity #malware #github

qbi @[email protected] · 2024-03-29 · 17:11 UTC

Ross J. Anderson, britischer Professor für IT-Sicherheit, ist verstorben.
RIP

#secuity #sicherheit #Privacy

#secuity #sicherheit #privacy

coldclimate @[email protected] · 2023-09-22 · 16:42 UTC

Today i found that having #NordVPN installed on an OSX laptop caused perfectly valid SSL certs for HTTPS to not be trusted, when the app was not open. Open the app and it worked.
Immediate uninstall, but WTF was going on there #secuity

#nordvpn #secuity

Avoid the Hack! :donor: @[email protected] · 2023-09-02 · 12:59 UTC

Your #VPN provider won't go to jail for you for 5 dollars

@ivpn explains how competent service providers can avoid sharing sensitive information about users...

Hint: It involves not collecting/storing that information in the first place. Unfortunately, most VPN providers are not worthy of trust.

(IVPN is pretty great and highly recommended in the privacy community, though.)

#privacy #secuity #opsec

https://www.ivpn.net/blog/your-vpn-provider-wont-go-to-jail-for-you/

#vpn #privacy #secuity #opsec

EU Council @[email protected] · 2023-06-29 · 20:02 UTC

The Strategic Compass provides direction in the areas of security and defence.
EU leaders:
🧭 take stock of what has been achieved so far
🧭 give guidance for further work
More info ⬇️
#EUCO #StrategicCompass #secuity #defence

🐦🔗: https://n.respublicae.eu/EUCouncil/status/1674480493641736192

#euco #strategiccompass #secuity #defence

Bytes Europe @[email protected] · 2025-11-04 · 10:11 UTC

Top spy chief says ‘realistic possibility’ three foreign governments could attempt assassinations on Australian soil, warns ‘threat is real’ https://www.byteseu.com/1510642/ #$50bDefenceBoost #ASIO #auspol #Australia #AustralianPolitics #defence #FederalPolitics #FOREIGNAFFAIRS #NationalSecurity #secuity #SpyAgency #SpyBoss

#spyboss #spyagency #secuity #nationalsecurity #foreignaffairs #federalpolitics

Kristian Purrucker @[email protected] · 2025-10-08 · 20:35 UTC

Und mal wieder ein Patchday außer der Reihe, da Radis mit dem CVE-2025-49844 den Highscore 10 von 10 geknackt hat.

https://redis.io/blog/security-advisory-cve-2025-49844/

#redis #cve #patchday #secuity #updates #cve202549844

theHastyOne @[email protected] · 2025-05-29 · 02:54 UTC

While I dont like the Idea of big corporate social media and tech. If you have it make it as secure as you can.

An easy but often overlooked privacy check: review the third-party apps connected to your accounts.

Old or unused apps can still access your data. It's a good habit to audit and remove anything you no longer use or trust.

Start here:

Google: https://myaccount.google.com/permissions
Facebook: https://www.facebook.com/settings?tab=applications
Microsoft: https://account.live.com/consent/Manage
Apple: https://appleid.apple.com/

Stay sharp. Small steps make a big difference.

#privacy #secuity

theHastyOne @[email protected] · 2025-05-29 · 02:54 UTC

While I dont like the Idea of big corporate social media and tech. If you have it make it as secure as you can.

An easy but often overlooked privacy check: review the third-party apps connected to your accounts.

Old or unused apps can still access your data. It's a good habit to audit and remove anything you no longer use or trust.

Start here:

Google: https://myaccount.google.com/permissions
Facebook: https://www.facebook.com/settings?tab=applications
Microsoft: https://account.live.com/consent/Manage
Apple: https://appleid.apple.com/

Stay sharp. Small steps make a big difference.

#privacy #secuity

theHastyOne @[email protected] · 2025-05-29 · 02:54 UTC

While I dont like the Idea of big corporate social media and tech. If you have it make it as secure as you can.

An easy but often overlooked privacy check: review the third-party apps connected to your accounts.

Old or unused apps can still access your data. It's a good habit to audit and remove anything you no longer use or trust.

Start here:

Google: https://myaccount.google.com/permissions
Facebook: https://www.facebook.com/settings?tab=applications
Microsoft: https://account.live.com/consent/Manage
Apple: https://appleid.apple.com/

Stay sharp. Small steps make a big difference.

#secuity #privacy

theHastyOne @ahasty · 2025-05-29 · 02:54 UTC

While I dont like the Idea of big corporate social media and tech. If you have it make it as secure as you can.

An easy but often overlooked privacy check: review the third-party apps connected to your accounts.

Old or unused apps can still access your data. It's a good habit to audit and remove anything you no longer use or trust.

Start here:

Google: https://myaccount.google.com/permissions
Facebook: https://www.facebook.com/settings?tab=applications
Microsoft: https://account.live.com/consent/Manage
Apple: https://appleid.apple.com/

Stay sharp. Small steps make a big difference.

https://github.com/anchore/syft/releases/tag/v1.13.0
#sbom #secuity

#privacy #secuity

bucketchallenge @[email protected] · 2024-10-05 · 13:36 UTC

Lazy saturday means: more responsible disclosures. The process is now streamlined on my side: a table with bucketnames, status (usually open...), date of first report, date fixed, content and examples is emailed to #aws #secuity

Status at the moment: 26 Buckets reported, out of them are 25 are open. Those buckets contain jucy data as names, birthdays, passports, passwords, resumes, medical data, github token.

It will be very interesting to see the average time to close a bucket for #aws. With n=1 it is 893 days. I hope the n will increase and the number will decrease.

#aws #secuity

bucketchallenge @[email protected] · 2024-10-05 · 13:36 UTC

Lazy saturday means: more responsible disclosures. The process is now streamlined on my side: a table with bucketnames, status (usually open...), date of first report, date fixed, content and examples is emailed to #aws #secuity

Status at the moment: 26 Buckets reported, out of them are 25 are open. Those buckets contain jucy data as names, birthdays, passports, passwords, resumes, medical data, github token.

It will be very interesting to see the average time to close a bucket for #aws. With n=1 it is 893 days. I hope the n will increase and the number will decrease.

#aws #secuity

bucketchallenge @[email protected] · 2024-10-05 · 13:36 UTC

Lazy saturday means: more responsible disclosures. The process is now streamlined on my side: a table with bucketnames, status (usually open...), date of first report, date fixed, content and examples is emailed to #aws #secuity

Status at the moment: 26 Buckets reported, out of them are 25 are open. Those buckets contain jucy data as names, birthdays, passports, passwords, resumes, medical data, github token.

It will be very interesting to see the average time to close a bucket for #aws. With n=1 it is 893 days. I hope the n will increase and the number will decrease.

#secuity #aws

bucketchallenge @[email protected] · 2024-10-05 · 13:36 UTC

Lazy saturday means: more responsible disclosures. The process is now streamlined on my side: a table with bucketnames, status (usually open...), date of first report, date fixed, content and examples is emailed to #aws #secuity

Status at the moment: 26 Buckets reported, out of them are 25 are open. Those buckets contain jucy data as names, birthdays, passports, passwords, resumes, medical data, github token.

It will be very interesting to see the average time to close a bucket for #aws. With n=1 it is 893 days. I hope the n will increase and the number will decrease.

#aws #secuity

Syft @[email protected] · 2024-09-24 · 14:09 UTC

Syft v1.13.0 released 🎉

Some "enriching" features and fixes in this one! 🥳

#sbom #secuity

Syft @[email protected] · 2024-09-24 · 14:09 UTC

Syft v1.13.0 released 🎉

Some "enriching" features and fixes in this one! 🥳

https://github.com/anchore/syft/releases/tag/v1.13.0
#sbom #secuity

#sbom #secuity

Syft @[email protected] · 2024-09-24 · 14:09 UTC

Syft v1.13.0 released 🎉

Some "enriching" features and fixes in this one! 🥳

https://github.com/anchore/syft/releases/tag/v1.13.0
#sbom #secuity

#secuity #sbom

Colin Jackson @[email protected] · 2024-08-12 · 21:06 UTC

@_L1vY_ @falcennial Thanks for the #secuity heads-up about AI becoming turned on by default in #Zoom.

There’s a lot of switches to turn Off to disable AI Companion. If Zoom keeps reminding me that it thinks it’s more than a video-calling tool I’ll not renew my subscription and use something free instead.

#secuity #zoom

Colin Jackson @[email protected] · 2024-08-12 · 21:06 UTC

@_L1vY_ @falcennial Thanks for the #secuity heads-up about AI becoming turned on by default in #Zoom.

There’s a lot of switches to turn Off to disable AI Companion. If Zoom keeps reminding me that it thinks it’s more than a video-calling tool I’ll not renew my subscription and use something free instead.

#secuity #zoom

Colin Jackson @[email protected] · 2024-08-12 · 21:06 UTC

@_L1vY_ @falcennial Thanks for the #secuity heads-up about AI becoming turned on by default in #Zoom.

There’s a lot of switches to turn Off to disable AI Companion. If Zoom keeps reminding me that it thinks it’s more than a video-calling tool I’ll not renew my subscription and use something free instead.

#zoom #secuity

Colin Jackson @[email protected] · 2024-08-12 · 21:06 UTC

@_L1vY_ @falcennial Thanks for the #secuity heads-up about AI becoming turned on by default in #Zoom.

There’s a lot of switches to turn Off to disable AI Companion. If Zoom keeps reminding me that it thinks it’s more than a video-calling tool I’ll not renew my subscription and use something free instead.

#secuity #zoom

girl who fucks @[email protected] · 2024-08-04 · 14:30 UTC

I'm #switching to #gnu to get away from all the #corporate #spyware on my #ibm #compatible

Fuck #microsoft and #msdos

#switching #gnu #corporate #spyware #ibm #compatible

girl who fucks @[email protected] · 2024-08-04 · 14:30 UTC

I'm #switching to #gnu to get away from all the #corporate #spyware on my #ibm #compatible

Fuck #microsoft and #msdos

#switching #gnu #corporate #spyware #ibm #compatible

girl who fucks @[email protected] · 2024-08-04 · 14:30 UTC

I'm #switching to #gnu to get away from all the #corporate #spyware on my #ibm #compatible

Fuck #microsoft and #msdos

#hurd #protectedmode #secuity #foss #floss #msdos

girl who fucks @[email protected] · 2024-08-04 · 14:30 UTC

I'm #switching to #gnu to get away from all the #corporate #spyware on my #ibm #compatible

Fuck #microsoft and #msdos