daniel:// stenberg://https://www.theregister.com/2026/01/21/curl_ends_bug_bounty/
(I will blog about the details next week)
nyxgeek
- 300 Followers
- 159 Following
- 91 Posts
rebel scum, nerfherder, dogged and relentless
If you’re using Azure Front Door WAF, make sure you select the correct IP match variable or you’re gonna have a bad time.
Here’s a standalone tool you can run from CloudShell to check for insecure Front Door WAF rules that utilize RemoteAddr.
https://github.com/nyxgeek/frontdoor_waf_wtf
The full blog post can be found here:
https://trustedsec.com/blog/azures-front-door-waf-wtf-ip-restriction-bypass
InfoSecSherpa🎤 Do your part to save libraries. Get a library card. Make a donation. Visit their building. Use their online offerings that you can access with a library card. Many libraries offer access to digital subscriptions from home or on-site. Sites like Ancestry and more. 🎤 #SaveLibraries
Ben HardillOh joy, people posting to the OpenSource project's forum saying that the documentation is wrong. The link they provided does not point to any project webpage, but to a Google search result.
When pressed they post a screenshot of the "AI Overview" answer with a bunch of hallucinated BS...
We really need to start sending Invoices to these companies for just wasting everybody's time.
I recently finished compiling stats on my 3 years of scraping Azure via OneDrive, where I enumerated 70m+ users. I spoke about this project at ShmooCon this year.
Stats on Azure tenants, domains, ADFS, username formats, nicknames, service accounts, and more.
@Viss I am curious where they found it working. I had checked some "normal" places I remembered it back when i was doing research on time-based user enum via the AutoDiscover basic auth endpoint. I had found it disabled, but apparently there were other endpoints, or configurations where you could keep it up.
jesus.
vga256a welder learns how to become a programmer, by ben cornia
@darrel_miller @yossis Thanks for the interest! While I won't be sharing my HackCon slides publicly, that particular slide (and some other fun ones) were also in my ShmooCon talk this year. https://github.com/nyxgeek/shmoocon
Not *all* of the video slides are in the current slide deck, so if you have 10 minutes to spare, might be worth the video (linked in github).
Feel free to DM me if you have any questions!
@vga256 love hearing stories like this. Hypercard was so badass.
update: i found it! see reply.
friendly request for #hypercard users and a little story:
in the early 90s my hillbilly county school had mandatory “shop class” (aka “industrial ed”) for junior high kids. giving 13 year olds access to 500C injection moulders, band saws and metal and wood lathes was always a recipe for insanity. and i loved it.
squirreled away in the shop teacher’s office, separate from the shop, was a neglected Macintosh Classic. with no games, no localtalk network, no After Dark, and no Mac Paint it was nothing more than a disquieting lump of plastic on his desk, that sat there for the 6 years I attended the school.
it did have one program though, that could have shaped my understanding of computing had I understood how it worked at the time: it had Hypercard.
there was one stack in particular that has haunted me for 30 years. it was a series of scanned atkinson-dithered photos of people’s heads. i think most of them were celebrities. but the one that stood out to me was this glorious photo of who I *think* was Boy George. (edit: it might have been George Michael. the name 'george' is most salient in my memory.)
hypercarders: has anyone ever seen this stack or particular photo? i’d love to put it on my desktop.