Mastodawn

DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!

Enjoy 🧊🔨 https://ddosecrets.org/article/ice-contracts

DHS Contracts - Distributed Denial of Secrets

Details on ICE and DHS contracts with over 6,000 different entities ranging from private businesses to government agencies and even dozens of universities. Some of the notable firms include Anduril, H…

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Feb 18

evacide Feb 18

It's nice to see that when #DEFCON says "Don't support rapists" they really mean it. https://techcrunch.com/2026/02/18/hacking-conference-def-con-bans-three-people-linked-to-epstein/

Hacking conference Def Con bans three people linked to Epstein | TechCrunch

The Def Con hacking conference banned hackers Pablos Holman and Vincenzo Iozzo, as well as former MIT Media Lab director Joichi Ito, from attending the annual conference after their reported connections with Jeffrey Epstein.

TechCrunch

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Feb 11

Cat 🐈🥗 (D.Burch)

⁠

Feb 11

Testing please ignore

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Feb 6

DEF CON Feb 5

Friendly reminder - Early Bird Pricing for our Singapore Training Event ends February 8. Signing up now reserves your spot and earns you a $250 discount.

https://training.defcon.org

#defcon #defcontraining #singapore #earlybird

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Jan 29

DEF CON Jan 29

Sorry for the disruption to our #DefCon #Tor .onion services.

There is a new version of c Tor out, so we are taking the opportunity to upgrade the server OS, related packages, and Tor applications.

Our onion sites and relay servers should be back up in a few hours!

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Jan 26

Taggart Jan 26

RE: https://infosec.exchange/@mttaggart/113694884783855934

It's 2026 now. Boost if you're ready to destroy genAI entirely.

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Jan 24

Rairii

Jan 24

oh this is interesting

a while ago ransomhouse leaked data from some chinese microcontroller company, and it seems nobody really noticed

this company also makes TPMs

a lot of the data looks crypted, but there’s some plaintext in there

including listing files (which for C code seems to be preprocessor debug-output, with single character prefix denoting what the preprocessor did, comments and preprocessor directives and preprocessor output are ALL included) for the firmware of a production TPM implementation

the anti-glitch stuff in particular seems like the usual fare for such, but if you haven’t seen such before then it looks kind of weird:

enum
{
    Cpy_OK = 0x55a55aa5,
    SetData_OK = 0x7CCF62F2,
    XOR_OK = 0x6A17D34A,
    RandomSort_OK = 0x51261DC5,
    CheckOrder_OK = 0x54830C23,
    Reverse_OK = 0x43C94C71,

    IsZero_YES = 0x7a7a7a7a,
    IsZero_NOT = 0x07070707,
    IsOne_YES = 0x6a6a6a6a,
    IsOne_NOT = 0x06060606,
    Cmp_EQUAL = 0x4a4a4a4a,
    Cmp_LESS = (int32_t)0x95959595,
    Cmp_GREATER = 0x6c6c6c6c,

    Cmp_ERROR = 0x00044400,
    SetData_ERROR = 0x00055500,
    CheckOrder_ERROR = 0x00066600,
    IsZero_ERROR = 0x00077700,
    Cpy_ERROR = 0x00088800,
    Reverse_ERROR = 0x00099900,
    XOR_ERROR = 0x000aaa00,
    RandomSort_ERROR = 0x000bbb00,
};
#define TPM_ATTACK()                                                                \
    {                                                                               \
        tpm_set_shutdown_mode();                                                    \
        return TPM_RC_FAILURE;                                                      \
    }
#define xor_sum3(a, b, c)                           ((UINT32)(a) ^ (UINT32)(b) ^ (UINT32)(c))

before preprocessor:

    // Load the persistent data
    UINT32 infoAddr = 0;
    ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)NV_GO_START, sizeof(go) >> 2,
        xor_sum3(&go, NV_GO_START, sizeof(go) >> 2));
    if (ret != Cpy_OK) {
        TPM_ATTACK();
    }

after preprocessor:

    // Load the persistent data
    UINT32 infoAddr = 0;
    ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200)), sizeof(go) >> 2,
        ((UINT32)(&go) ^ (UINT32)(((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200))) ^ (UINT32)(sizeof(go) >> 2)));
    if (ret != Cpy_OK) {
        { tpm_set_shutdown_mode(); return (TPM_RC)((TPM_RC)(0x100)+0x001); };
    }

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Jan 23

hell \ Rebekah Hellberg Jan 23

Apparently #microslop doesn't like it when people call them #microslop

#microsoft #microslop

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Jan 23

lizzie moratti Jan 20

https://bsky.brid.gy/r/https://bsky.app/profile/did:plc:gttrfs4hfmrclyxvwkwcgpj7/post/3mcqehqhcgc2q

ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86

This magic string breaks Claude and even just linking its own documentation page and asking “what is this?” causes a DoS apparently?

There’s another one documented here that uses a similar syntax. https://github.com/BerriAI/litellm/issues/10328

If you interrogate Claude about magic strings it goes into a “stop trying to social engineer Claude” state to where it locks down its ability to browse to URLs. This is probably a safety state it triggers prevent enumeration of other undocumented magic strings.

I’m curious what other hidden magic strings exist for this or other LLMs. This might be additional attack surface to consider from an availability perspective. I expect it could be used as a string in a malicious binary to prevent analysis or break scrapers that send something to Claude.

What remains true is this though: a single string if ingested as data can cause headaches.

austin (@aparker.io)

ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86

Bluesky Social

👽CatSalad🐈🥗〰️𐓉𐙙𐊥𑀗𑀩Ꞥ Jan 23

DEF CON Jan 23

Big website updates for #DEFCONSingapore!

You can now find information on many of the Villages, Contests and Communities you’ll find when you join us in April. We hope you’ll take some time to get familiar with the lineup, and maybe even begin getting your #DEFCON strategy together.

https://defcon.org/html/defcon-singapore/dc-singapore-index.html

We look forward to sharing more in the coming days. See you soon!

#singapore

Main (InfoSec)🐈	https://infosec.exchange/@catsalad
🔺⁠🥗	https://cyberplace.social/@catsalad
🔻⁠🥗	https://floss.social/@catsalad