blasty

4.5K posts

blasty banner
blasty

blasty

@bl4sty

irresponsible disclosure aficionado

The Netherlands Katılım Nisan 2009
1.2K Takip Edilen17.4K Takipçiler
Mario Zechner
Mario Zechner@badlogicgames·
maybe 2026 is the year we'll learn that all exponentials eventually become S-curves.
English
17
7
228
19.6K
blasty
blasty@bl4sty·
@vaxryy dunno about the sentiment of that post but > Jarred was already writing slop well before he had access to LLMs is a pretty slick burn ngl
English
2
0
80
2.3K
vaxry
vaxry@vaxryy·
all I can say about the zig guy blog post is that hyprland is not getting slop-rewritten you're welcome
English
26
10
747
25.5K
blasty
blasty@bl4sty·
@gergely_kalman take your time! looking forward to it. always enjoy reading people their take on the psychology/incentives side of things
English
2
0
1
113
Gergely Kalman
Gergely Kalman@gergely_kalman·
@bl4sty I'm still working on that. It came up, because I found it funny what a bug bounty program really is: a corporation trying to convince a bunch of random (defiant, uncooperative, borderline criminal) hackers on the internet to do what they want
English
1
0
0
387
Gergely Kalman
Gergely Kalman@gergely_kalman·
If you want to know what ADHD is like, it's this: 3 days ago I sat down to write a blogpost. Halfway through I realised that I wanted to talk about Apple's changes to TCC bounties so I started doing that. I am 20(!) pages and two days deep, almost done, yet I somehow managed to spend the last 3 hours of the day writing about what hackers are like and why. I also forgot to eat. How's Your week so far?
English
6
0
40
3.7K
blasty
blasty@bl4sty·
things are happening in the sl0pminez! @qkaiser is doing his first testrun livestream: "ram-resident GDB on an ecos cable modem" right now: sl0p.foo/s/qkaiser I'm live too sl0p'ing away at a basic TUI for headless IDA: sl0p.foo/s/blasty
English
0
2
16
2.2K
blasty
blasty@bl4sty·
fresh from the sl0pminez. bind9 DoS nday. wanna leave the office early and/or drive the smelly old neckbearded sysadmin mad? crash your local bind9 using our public service at bind9 dot sl0p dot foo: warez.sl0p.foo/bind9-rrsig-cr… ! [ quality subject to scrutiny, works in our vibed docker lab ]
English
1
10
32
3.2K
blasty
blasty@bl4sty·
another semi-useful dirty write target I found is vm.unprivileged_userfaultfd ; there's few sysctl's that actually *weaken* kernel security when writing a (unpredictable) non-NULL value to them AFAICT. happy to learn more tricks!
English
1
0
8
1K
blasty
blasty@bl4sty·
really really nice! especially after having wasted quite some time with the bug myself. :) this DirtyMode angle I had never considered, clever! (my doctered version had something which you could call.. DirtyCap, or CAP_ROULETTE as I refer to it. but task/cred structs harder to hunt :))
Nebula Security@nebusecurity

GhostLock (CVE-2026-43499) is a 15yr old kernel 0-day we used in IonStack full chain exploit. Everything around you, as long as it runs Linux, from IoT to mobile to desktop, is affected. Read how we won $92,337 bug bounty with GhostLock and see our exploit on Github. Link below

English
2
4
78
8.6K
blasty
blasty@bl4sty·
aaaaaand we just finished a dumb request smuggling PoC for (Open)LiteSpeed httpd live on stream: warez.sl0p.foo/ols-h2-smuggle/ their commit hygiene is designed to hide security fixes, didn't manage to find a CVE/report anywhere. all results will be published on warez.sl0p.foo -- beware, minimal curation! ;^)
blasty@bl4sty

good morning! I'm currently broadcasting some random/light clanky VR work @ sl0p.foo/s/blasty also feel free to have a peep and join us in the sl0p.foo discord/IRC server! all infrastructure/architecture was vibed over the last week. expect crickets && chaos! 🤖

English
0
9
42
6.5K
blasty
blasty@bl4sty·
@taluhunusa desktop or mobile? mobile needs serious work. not sure if it can ever be usable unless you like eye-strain or lo-res terminals. desktop should be workable? (disable/move chat)
English
2
0
0
225
blasty
blasty@bl4sty·
good morning! I'm currently broadcasting some random/light clanky VR work @ sl0p.foo/s/blasty also feel free to have a peep and join us in the sl0p.foo discord/IRC server! all infrastructure/architecture was vibed over the last week. expect crickets && chaos! 🤖
English
1
2
34
10.4K
blasty
blasty@bl4sty·
@vxunderground shoulda flexxed on efnet hiding behind a catchy handle and a vanity vhost smh kids these days
English
1
0
5
617
vx-underground
vx-underground@vxunderground·
Dawg, the Peter Stokes affadavit (nerd from Scattered Spider who was arrested) is fucked This dude was on Snapchat sending people pictures of him with stacks of money, expensive hotels, jewelry, etc. My Brother in Christ, they've got you dead to rights because of your flexing. You're going to do 40 years in prison now, 20 years if you beg for forgiveness. Why did you flex on Snapchat? When he's released from prison he's going to be 40 years old (if he's lucky) and all of his Telegram homies are going to be gone. Telegram, Discord, Snapchat, etc may not even exist anymore. Think of how much changes in 20 to 40 years. Now imagine that time being passed while sitting in a box with all white walls and steel bars.
English
45
41
656
47.3K