| Github | https://github.com/australeo |
Are you in France with a cat that used to live in Aotearoa NZ and the cat is missing?
A cat found in Antony France with a NZ chip. Someone posted in reddit hoping to reunite the cat with the cat''s owners/slaves.
Post with pic:
https://www.reddit.com/r/newzealand/comments/1rm8cnc/nz_pussy_found_in_france/
Apparently also posted in NZers in France fb page.
#cat #cats #lechat #Aotearoa #NewZealand #NZ #Nouvelle-Zélande #France #francaise
My partner is looking for work. I'd appreciate boosts.
He's looking to move into #appsec, but will accept short #webdev or #devops contracts (<12 months). Location: Melbourne Australia, or remote. For a short enough contract he'd go anywhere though.
He's a senior full stack web dev (Linux/python/django/js/elm, ~12 years).
Experienced in dev ops, dev sec ops and automation (ansible, selenium, etc etc).
He has experience with OWASP ZAP, bandit and Snyk, and is part way through the PortSwigger academy.
FOSS contributions include writing a django authentication function for OWASP ZAP, making a wrapper to improve accessibility and usability for selenium (Elemental), and other bits and bobs.
He isn't on any socials, but if you want to get in touch I can share his email or signal ID (or give him yours).
He and I have been the security people for little apps without any dedicated security team, for the last decade or so. If you're in security you might have met him (or me) at conferences (Disobey, BSides, CCC, Defcon and Ruxmon), because we've been attending since we launched our own app in 2014, picking up everything we can to protect our users.
(Yep, he is aware a move to security from senior dev roles will be a step down in seniority and $. He just really likes security.)
RE: https://infosec.exchange/@cxiao/116111084846495192
I spend a lot of time consuming C++ developer resources (talks, blog posts) and I can’t imagine someone trying to RE modern C++ without doing so. Viewing everything through a C abstraction just doesn’t cut it anymore.
Trying to understand why a *documented feature* causes null deref when you try to call its API is like something out of Hitchhikers:
"Eventually I found a single comment from the vendor, inside a closed git issue, in a disused repo with a sign on homepage reading 'this project is now archived'"
RE: https://cyberplace.social/@GossiTheDog/115929393014353710
Thankfully no one uses telnet anymore, except maybe every major bank on the planet and probably various government orgs.
lol https://seclists.org/oss-sec/2026/q1/89
telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.
If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes
In telnetd for a decade 💀
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Do LLMs actually help hackers reverse engineer and understand the software they want to exploit?
We ran the first fine-grained human study of LLMs + reverse engineering.
To appear at NDSS 2026.
Interested? Some quick findings in 🧵👇
Paper: https://www.zionbasque.com/files/papers/dec-synergy-study.pdf
I'm not good at this marketing lark, but as it's black friday and I'm inundated with other people's offers...
You can get 10% off CE swag today with code BLACKFRIDAY :)
https://shop.compiler-explorer.com/promo/BLACKFRIDAY
Makes a great present too!
Lin Nah
Keira (She/Her)
Kevin Beaumont
Natalie Silvanovich
Jerry 🦙💝🦙
mahaloz
matt godbolt