Jean-Christophe N 🛡️

340 posts

Jean-Christophe N 🛡️ banner
Jean-Christophe N 🛡️

Jean-Christophe N 🛡️

@heckel92

geeking, cyber, tout suivre, tout comprendre

paris Katılım Ekim 2010
906 Takip Edilen56 Takipçiler
Caz
Caz@Egrimm92·
@_SaxX_ Mais euh les pixels dans les emails ça remonte à plus de 10 ans au moins non ? Pourquoi ça pop maintenant ?
Français
6
0
16
3.6K
SaxX ¯\_(ツ)_/¯
Ils vous pistent partout... jusque dans les emails... avec les pixels traceurs ! Mais foutez la paix aux gens !
Français
32
161
1.1K
55.1K
Amir_Intel
Amir_Intel@Amir_Intel·
Quand j'étais à Shenzhen j'ai acheté une console de retrogaming pour ma fille. 18€, c'est un des meilleurs cadeaux que j'ai pu lui faire : il y a plus de 15 000 jeux et la console est de qualité. En terme de jouabilité ça vaut une Switch ! Modèle exact: le post d'après 🔽🔽🔽
Amir_Intel tweet mediaAmir_Intel tweet mediaAmir_Intel tweet mediaAmir_Intel tweet media
Français
36
10
203
97.2K
Jean-Christophe N 🛡️ retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine. To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement. That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product. Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release. On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly. Defenders should: - Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers - Restrict DNS traffic to trusted resolvers where possible - Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity - Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
34
308
1.5K
134.3K
KIYAS
KIYAS@kiyashaber583·
ChatGPT, bir süredir benimlesin ve nasıl göründüğünü görmek istiyorum. Lütfen kendinin, sıradan bir iPhone çekimi gibi görünen bir fotoğrafını üret: belirgin bir konu yok, bilinçli bir kompozisyon yok; tamamen sıradan, hatta biraz başarısız bir anlık çekim gibi olsun. Fotoğrafta hafif hareket bulanıklığı, dengesiz ışık, hafif aşırı pozlama, garip bir açı ve dağınık bir kadraj olsun. Genel olarak, sanki telefonu cebinden çıkarırken yanlışlıkla çekilmiş, fazla gerçek ve gelişigüzel bir selfie hissi versin.
Türkçe
690
43
2.3K
1.2M
KIYAS
KIYAS@kiyashaber583·
ChatGPT’ye kendi selfie'sini çektiren prompt sosyal medyada gündem oldu.
KIYAS tweet mediaKIYAS tweet media
Türkçe
1.9K
184
21.6K
9.1M
AlphaFox
AlphaFox@alphafox·
Are you this old?
AlphaFox tweet media
English
1.1K
108
3K
115.3K
Jean-Christophe N 🛡️ retweetledi
Даниил Чебыкин
Даниил Чебыкин@chebykin_d·
— Вот мой новый VPN сетап. Как вам? — Ух ты, красивый, вы только посмотрите. — Только вчера дописал конфиг. sing-box + GeoIP базы Antizapret для сплит-роутинга на клиенте, FakeIP против утечек DNS, Shadowsocks 2022 over Cloak в качестве транспорта. Первый хоп на сервера VK Cloud в России, потом в Нидерланды. Фолбек на коммерческие сервера RedShield через AmneziaWG2.0. — Оnлично, Бейтман, но всё это пустяки. Смотри. Сплит трафика по приложениям: браузерный трафик идёт через Naive Proxy, тяжёлый трафик — через Hysteria2 с Brutal, на разные VPS, также с мультихопом через Россиию. Telegram через MTProto. Подключено два интернет-провадйера, между которыми роутер переключается по round-robin в случае потери связи. DNS leak исключён за счёт использования DoH к Quad99 и блокировки исходящего трафика на 53 порт. Ну как? — Красиво. Высший класс. (Не думал, что у него столько вкуса. Не могу поверить, что Брайсу больше понравился стек Ван-Пата) — Но постойте. Вы ещё ничего не видели. VLESS через Xray-Core с транспортом в виде WebSocket и gRPC — трафик идёт до известных CDN: Cloudflare, NGENIX, Yandex CDN и CDN77, с domain-fronting и ротацией в зависимости от пинга и загрузки. Глобальный фолбек в виде Tor Snowflake (WebRTC) через хоп на резидентный IP в Беларуси, с которым устанавливается параллельный настоящий звонок для маскировки. — Очень красиво... А покажи-ка VPN Пола Алена. Какой лаконичный стек... Это же золотой стандарт индустрии... VLESS + Reality + XTLS-Vision + uTLS... И первый хоп подобран со вкусом: белосписочный VPS в Yandex Cloud... Максировка под сертификат Yandex Market из той же подсети, защита от активного пробинга... Боже, даже фолбек есть: нелегальный turn-proxy через абьюз WebRTC звонков Вконтакте...
Даниил Чебыкин tweet media
Русский
77
346
5K
284.6K
Jean-Christophe N 🛡️ retweetledi
Geek Lite
Geek Lite@QingQ77·
跨平台网络流量监控应用,让用户直观地查看和分析自己电脑的网络连接情况。 github.com/GyulyVGC/sniff… Sniffnet 是一个用 Rust 写的开源桌面应用,用来监控网络流量。它基于 iced 做 GUI、pcap 做底层抓包,支持 Windows、macOS 和 Linux。 你可以选一个网络适配器开始抓包,设定过滤规则,实时看到流量统计图表、连接的地理位置、域名和 ASN 信息,还能识别 6000 多种上层服务协议。
Geek Lite tweet media
中文
14
238
1.2K
75.9K
Jean-Christophe N 🛡️ retweetledi
Gustavo Cardenas
Gustavo Cardenas@gustav0cardenas·
Se habla de cómo se llegó a la Luna, pero casi nunca de cómo salieron de ella. La escena es simple: dos astronautas dentro de un módulo del tamaño de un ascensor, sentados sobre la única máquina que podía sacarlos de la superficie lunar. Si ese motor fallaba, no había plan B. No existía un “rescate”. Era despegar… o quedarse ahí para siempre. El Módulo Lunar “Eagle” dejó atrás sus patas, su base y todo lo que no fuera estrictamente necesario. Solo despegó la parte superior: un cascarón ligero con un motor hipersensible que debía encenderse una sola vez y sin margen de error. El 21 de julio de 1969, Armstrong y Aldrin activaron el motor de ascenso. No hubo cuenta regresiva épica ni música heroica. Solo un encendido limpio, una vibración corta y el Eagle levantándose en silencio absoluto, dejando una nube de polvo que tardó segundos eternos en asentarse. Mientras subían, el módulo tuvo que ejecutar una coreografía precisa para encontrarse con el Módulo de Servicio y Mando, donde Michael Collins los esperaba en órbita. Un error de ángulo, de velocidad o de sincronización… y no había segunda oportunidad. El acoplamiento fue perfecto. Se transfirieron, sellaron la nave, soltaron el Eagle y lo dejaron morir en órbita lunar. Desde ahí, el viaje de regreso a la Tierra ya era “simple”: encender motores, tomar trayectoria y caer en el Pacífico. Así fue la salida del Apolo 11: nada de tomas hollywoodense, solo ingeniería al límite, un motor que debía funcionar sí o sí, y dos humanos apostando su vida a una chispa exacta en el vacío.
Español
434
602
5K
487.5K
Jean-Christophe N 🛡️ retweetledi
Paul Young
Paul Young@PaulYoungX·
Cet atelier de 30 minutes, animé par le créateur de Claude Code, vous en apprendra plus sur le vibe-coding que 100 tutoriels vidéo sur YouTube. Ajoutez-le à vos favoris et consacrez-y 30 minutes dès aujourd'hui. Cette vidéo transformera votre utilisation de Claude à jamais.
Français
26
452
3K
387.2K
TechOperator
TechOperator@TechOperator·
You walk up to your computer and see this screen. Your next move?
TechOperator tweet media
English
6.1K
64
1.6K
273.5K
SaxX ¯\_(ツ)_/¯
SaxX ¯\_(ツ)_/¯@_SaxX_·
Pendant que tout le monde s'excite sur Mythos, les chinois (Alibaba) publie Qwen3.6-35b-A3B 🤯🤯 Ce nouveau modèle d'Alibaba bien qu'énorme -35 milliards de paramètres- consomme que 3B pendant l'inférence. Des performances d'un très très bon niveau sur ton laptop perso -enfin si t'as une bécane avec de la GPU et au moins 32Go de VRAM pour exploiter le contexte long- et ce à une vitesse de consommation de tokens assez hallucinante ! La Chine rebat les cartes. On sera vraiment dans la m*rde avec un modèle Mythos équivalent uncensored...
Qwen@Alibaba_Qwen

⚡ Meet Qwen3.6-35B-A3B:Now Open-Source!🚀🚀 A sparse MoE model, 35B total params, 3B active. Apache 2.0 license. 🔥 Agentic coding on par with models 10x its active size 📷 Strong multimodal perception and reasoning ability 🧠 Multimodal thinking + non-thinking modes Efficient. Powerful. Versatile. Try it now👇 Blog:qwen.ai/blog?id=qwen3.… Qwen Studio:chat.qwen.ai HuggingFace:huggingface.co/Qwen/Qwen3.6-3… ModelScope:modelscope.cn/models/Qwen/Qw… API(‘Qwen3.6-Flash’ on Model Studio):Coming soon~ Stay tuned

Français
16
35
251
60.1K
Jean-Christophe N 🛡️ retweetledi
Andrej Karpathy
Andrej Karpathy@karpathy·
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
Daniel Hnyk@hnykda

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

English
1.3K
5.3K
27.7K
66.6M
Parisian Aesthetics
Parisian Aesthetics@Parisianaes1·
You arrive in Paris what's the first thing you do?
Parisian Aesthetics tweet media
English
1K
130
2.1K
256.9K