RECON

In 2018 I published this post. In 2022 I published this post and this post. @Radkeyboard7984 and I continue chatting about the new Windows 11 protocols and I just did a quick comparison between the protocols I posted before, and … Continue reading →

Research: Claude system prompts as a git timeline Anthropic publish the system prompts for Claude chat and make that page available as Markdown . I had Claude Code turn that page into separate files for each model and model family with fake git commit dates to enable browsing the changes via the GitHub commit view. I used this to write my own detailed notes on the changes between Opus 4.6 and 4.7 . Tags: system-prompts , anthropic , claude , generative-ai , ai , llms

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting

Recently, I completed the “Airtouch” machine on Hack The Box (Medium difficulty), which provided a great hands-on experience in combining system exploitation with wireless attack techniques. The challenge started with basic reconnaissance and service enumeration, leading to initial access via SSH as a low-privileged user. From there, misconfigured sudo permissions allowed quick privilege escalation on the host. What made this machine particularly interesting was its setup as a wireless attack...

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave, most

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1

I spend a significant amount of my time thinking about EPSS, CVSS, and the inherent gaps in how we prioritize vulnerabilities. We all know the drill: a 9.8 CRITICAL that remains unexploited shouldn’t jump the line ahead of a 7.5 HIGH that is being actively used in the wild. Closing that gap between theoretical severity and actual exploitability is why I started RogoLabs and why I built cve.icu. Today, I’m releasing an update to my CVE Intelligence TA for Splunk on Splunkbase. It is a free, op...

## 前言 **在训练duckgpt之前，我认为未来端点推理一定是主流的，因为大模型在服务器上跑，大是大，确实性能可以，但是太贵了，未来LLM一定是软件一样分发到各家各户而不是在云端集中推理。*...

https://b01lersc.tf/challenges

Font data (C header) All characters fit within a 5 pixel square, and are safe to draw on a 6x6 grid. The design is based off of lcamtuf's 5x6 font-inline.h, which is itself inspired by the ZX Spectrum's 8x8 font. 5x5 is the smallest size that doesn't compromise legibility: 2x2 : Impossible. 3x3 : Technically possible, but unreadable. 4x4 : Not enough to draw "E", "M" or "W" properly. 5x5 : This font. Five by five is actually big enough to draw most lowercase letters one pixel smaller, making ...

Follow-Up Regarding App Store Reviews, Which Are Definitely Busted

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support    BleepingComputer

ShinyHunters adds Zara, Carnival, 7-Eleven to growing ransomware leak list    Cybernews

Trivy Supply Chain Compromise Enters Extortion Phase as Vect Ransomware Publishes First Victim    Halcyon

Zero Day Musings from Anglesey Island    The Trek