Warsang

Project Glasswing at home! Just landed a CVSS 10.0 on @yeswehack (SSRF). 🎯My workflow combining OpenClaw🦞and Kimi for vuln research is starting to pay off. Still needs some hand-holding but this is the way!🚀#openclaw #lobster #kimi #llm #bugbounty #YesWeRHackers #CyberSecurity

We’re releasing our analysis of ring-1.io, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code. back.engineering/blog/04/02/202… github.com/backengineerin…

knew win10 had the dsquery.dll laying around but never knew what to do with it "rundll32.exe dsquery.dll OpenQueryWindow" will pop open a console for you and you can do some light LDAP recon you can also open with with win + ctrl + f probably useful for VDI/Citrix type tests

FPS games installing kernel-level antivirus modules? No problem, install cheats as UEFI drivers and run them in SMM github.com/ekknod/smm LMFAO

A small demo/tutorial on unpacking executables with #PEsieve and #TinyTracer: hshrzd.wordpress.com/2025/03/22/unp… - automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims

we've got a 1M context window open-source llm from a shanghai lab out in the wild and you're still stuck with your rag pipeline? @intern_lm

🎉 It's that time of year! Snag a spot in the Zero2Automated course (or bundle) with a 25% discount using code BLACKFRIDAY. Don't miss out – offer ends midnight, November 27th! 👉 courses.zero2auto.com/?coupon=BLACKF…

Un texte fait grand bruit dans le monde anglo-saxon, mais malheureusement pas en 🇫🇷 : Le manifeste techno-optimiste de Marc Andreessen, développeur du 1er navigateur web et membre du mouvement accélérationniste (e/acc). Extraits ⬇️⬇️⬇️

oreilly.com/live-events/wi… I am giving my first Windows Internals training. Basic one, open to everyone who would like to attend :-)

TIL

Kicking off a new series on understanding the PE+ file format from the ground up using IDA. No PE loaders involved. This series will be educational on several fronts and should also help you learn some handy IDA tricks along the way. Let's do it! 🍿 youtu.be/EG5M_j1JUBU

Amazon Aurora PostgreSQL now supports pgvector for vector storage and similarity search Amazon Aurora PostgreSQL-Compatible Edition now supports the pgvector extension to store embeddings from machine learning (ML) models in your database and to pe... aws.amazon.com/about-aws/what…

Even though I do not like Quarkslab... interesting read...

Stored XSS via cache poisoning 🧪 the Akamai WAF really annoyed me, but the craft of this payload defeated it : "><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))"> #bugbountytips #BugBounty #Hacking

If you don't want to listen to my french accent for 1h40, reading the slides can actually be enough: mindsets-of-auditing.netlify.app This is the result of months of scattered notes that I've finally structured. These helped a lot during my numerous plateaus 😅 twitter.com/opensensepw/st…

Lockpicked one of these today. Still can't believe all I needed was a shiv made from a can of beer 🍺 Don't use them for your Airbnb!

Think you are an AWS IAM expert? 🤖 Put on your attacker hat and play our new CTF: The Big IAM Challenge! 🎉 wiz.io/blog/the-big-i…

To be clear, at this time and for the foreseeable future, there does not exist any AI model or technique that could represent an extinction risk for humanity. Not even in nascent form, and not even if you extrapolate capabilities far into the future via scaling laws.

I didn't use Z3 for the latest @HexRaysSA CTF: We know the result is going to be a PNG. This allows us to narrow down the possible options for the first 8 chars of the password and then just implement the checks from the binary in a script that gets us the answer in a few seconds

@GaryMarcus @NPCollapse If people were half as concerned about global warming as they are by these so called doomsday AGI's, we'd probably be in a much better place right now.

I certainly *hope* that @NPCollapse is wrong about what he says here.