Mastodawn

Really big age release coming tomorrow! 🎅🏻

- native post-quantum keys
- built-in recipients for hw plugins
- age-inspect tool
- plugin framework
- batchpass plugin
- many improved error messages

https://age-encryption.org

GitHub - FiloSottile/age: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. - FiloSottile/age

GitHub

David Dec 10

BSides Málaga Dec 10

root@bsidesmalaga:~# ./init_cfp.sh

[+] PROTOCOL: CALL FOR PAPERS
[+] TARGET: BSides Málaga 2026
[+] STATUS: OPEN 🔓

Cut the slides, bring the substance. We want the POC that gave the CISO nightmares, that secret 0day, or how you breached the core during your last Red Team op. 💥

Launch the payload before we close the firewall. 👇

💉 INJECT PROPOSAL:
https://www.bsidesmalaga.com/

#BSides #BSidesMalaga #Infosec #CFP #CyberSecurity

David Dec 10

BSides Málaga Dec 10

root@bsidesmalaga:~# ./init_cfp.sh

[+] PROTOCOL: CALL FOR PAPERS
[+] TARGET: BSides Málaga 2026
[+] STATUS: OPEN 🔓

Menos PowerPoints y más chicha. Queremos ver esa POC que hizo sudar al CISOs, el 0day que tienes escondido bajo siete llaves o la historia de cómo te colaste hasta la cocina en tu último Red Team. 💥

Tira el payload a nuestro sistema antes de que levantemos el firewall. 👇

💉 INJECT PROPOSAL:
https://www.bsidesmalaga.com/

#BSides #BSidesMalaga #Infosec #CFP #CyberSecurity

David Aug 13, 2025

Florencio Cano Aug 13, 2025

Do you know any repository or dataset of samples of backdoored or trojanized source code? I'm looking for samples of legit software that has been backdoored through malicious contributions, compromises or other techniques. I'm also interested in software that has been backdoored and then published again trying to exploit typosquatting.

David Aug 11, 2025

Show thread

daniel:// stenberg://Aug 11, 2025

Two slides in progress. An open source maintainer's day, a good and a bad day.

David Aug 11, 2025

@edu que tal tio como va el verano? He estado desconectado un poco, ya de vuelta. Lo que no significa que no os haya seguido viendo a 'los Eduardos', me encanta vuestro canal

David Mar 18, 2025

Alexandre Borges Mar 18, 2025

To date, I have published 15 articles (1045 pages) with the strict goal of helping the cybersecurity community.

ERS (439 pages, so far):

[+] ERS 05: https://exploitreversing.com/2025/03/12/exploiting-reversing-er-series-article-05/
[+] ERS 04: https://exploitreversing.com/2025/02/04/exploiting-reversing-er-series-article-04/
[+] ERS 03: https://exploitreversing.com/2025/01/22/exploiting-reversing-er-series-article-03/
[+] ERS 02: https://exploitreversing.com/2024/01/03/exploiting-reversing-er-series-article-02/
[+] ERS 01: https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/

MAS (606 pages -- finished):

The blog home page is: https://exploitreversing.com/

I will be back in a few months with the next articles in the Exploiting Reversing series, which will focus on vulnerability and exploitation, once I have laid all the necessary groundwork. I'm currently taking a break from writing to focus on research.

Enjoy reading and have an excellent day.

#windows #iOS #macOS #cybersecurity #infosec #chrome #kernel #malware #reverseengineering #vulnerability #research #hypervisor

Exploiting Reversing (ER) series: article 05 | Hyper-V (part 01)

The fifth article (57 pages) of the Exploiting Reversing Series (ERS), a step-by-step research series on Windows, macOS, hypervisors and browsers, is available for reading on: (PDF): I would like t…

Exploit Reversing

David Mar 10, 2025

Xeno Kovah Mar 9, 2025

I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/

The ESP32 "backdoor" that wasn't | Dark Mentor LLC

This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".

Dark Mentor LLC

David Mar 2, 2025

Show thread