Mastodawn

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

Dclaw Mar 20

sash Mar 19

Rooting OpenWRT from the parking lot: I discovered an XSS in the OpenWRT SSID scan page, that can be chained to remote root access 👾
Write-up and demo: https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/
CVE-2026-32721, fixed in 24.10.6 / 25.12.1

Dclaw Mar 10

stux⚡️Mar 9

The money is there, or was..

sigh

Don’t call it age verification. Call it centralised personal data collection. And understand that it serves surveillance, not safety for children. Thank you for your cooperation.

Show thread

Dclaw Feb 20

@Viss @briankrebs They won't do squat. If they pull back on prices at all, it'll be 5% (not 30 or whatever it may have actually been. The rest they will shrug off as InFlAtIoN.... as we see more record profits.

Dclaw Feb 19