C has a borrow checker it’s called mythos

I managed to get the copy.fail exploit down to 395 bytes See if you can beat me! copy.golf

Three ways to implement dependency cooldown for your Python packages: * pip --uploaded-prior-to ichard26.github.io/blog/2026/04... * uv exclude-newer docs.astral.sh/uv/reference... * Dependabot cooldown github.blog/changelog/20...

Finding out this exists genuinely made my month github.com/psmux/psmux

For some reason, coding agents seem to love running `pip install --break-system-packages` unless I explicitly tell them not to. TIL you can do this to globally prevent installing packages without a venv.

lol

It's incredible how many redaction mistakes made it through neosmart.net/blog/recreat...

Is this the longest-lived GitHub action? github.com/tdakhran/raz...

Been looking through the latest sliver release today. Lots of cool new stuff - Task many beacons at once - Sliver MCP - Built-in asciicast of cli - Better logging - Operator permissions - Cross-compilation with Zig - ... github.com/BishopFox/sl...

I finally took the time to move away from Spotify. s/o to these two projects for making it fast and easy github.com/Pushan2005/S... github.com/OuterTune/Ou...

chatgpt knows me too well

Troopers Conference consistently has some of my favorite security talks every year. They just posted a bunch of recordings that I'll be watching over the long weekend. www.youtube.com/@TROOPERScon

security.googleblog.com/2025/11/rust... > We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code Wow

Here's the reality: the authoritative sources of truth in the coming decade will not be state-run. They will be decentralized, redundant, peer-reviewed, and often contrary to the state's narrative. And it's crucial we keep that fire alive.

BloodHound v8.0 is here! 🎉 This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID. Read more from Justin Kohler: ghst.ly/bloodhoundv8 🧵: 1/7

so used to the bus that when I got off the train, I looked back and shouted "thank you!'

found the malware author

Working on an MCP for sliver. Can't wait to see how LLMs red team

made a ceramic strawberry matcha set right before the studio closed. time to get back to cyber

spent 8 hours at the pottery studio today

as far as I know, these are numbered sequentially. I love the idea of a senator waiting for the right number to submit a bill

The American public:

Claude stops itself from using potentially dangerous binary "for security reasons" and then immediately comes up with a workaround lol

In the process of trying to figure out how claude code implemented their user input features / repl, I found this little easter egg in the code

This competition had tons of vulnerabilities, backdoors, rootkits etc. for the blue team to detect and defend against. I put all the ansible and terraform for deploying on my GitHub github.com/Adamkadaban/...

red teaming against the blue team novices today

I asked claude code to help me fix some unit tests, and it ended up just deleting all the tests and replacing them with this 💀

Found out recently that my apartment complex has this gorgeous 200 dollar scrabble board from Anthropologie. Game from today

"so I made a chrome plugin to patch Google maps and still show 'The Gulf of Mexico' as the world's smallest form of protest" youtu.be/F5m2JxplnXk?...

Woah since when did HTB have assumed breach machines 🤯

Go supply chain attack taking advantage of Google's Go mirror proxy. socket.dev/blog/malicio...

My recent annoyance with overleaf's docker-compose has led me to discover my new favorite persistence technique. Privileged container with a RestartPolicy of "always"

It traps AI crawlers and sends them down an "infinite maze" of static files with no exit links, where they "get stuck" and "thrash around" for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. #AI #ML #malware

In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests! www.synacktiv.com/publications...

it says a lot about an industry if a free and open source alternative to every product on the market can destroy 1 trillion dollars of “value” in one day lol

Phishing with a little salt…

In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...

This is pretty cool. Nice way to automatically get IoCs from malware samples github.com/RussianPanda...

The Cybersecurity and Infrastructure Security Agency (CISA) safeguards our nation against cyber attacks, including those targeting our elections. Project 2025 contains a push to gut CISA - threatening the our elections and national cybersecurity. ⤵️

Great feature from @jessicalyons.bsky.social on Trump's infosec policy, or lack of it. Dumping many talented security folks from unpaid advisory committees is bonkers.

ADCS honeypot. One more thing I'll have to add to my lab github.com/srlabs/Certi...

archive.org for the white house constitution page. why do I feel like they just deleted everything that was changed in the last 4 years?

Carrie Underwood has gone from singing disapprovingly about an unfaithful man to singing approvingly *to* an unfaithful man.

in related news, swampctf 2024 has now been statically archived at 2024.swampctf.com!

left a subdomain with a dangling DNS record for one day and someone took it over 💀

AWS introduced same RCE vulnerability three times in four years www.reddit.com/r/netsec/com...

Someone on LinkedIn posted something claiming that Crowdstrike only has 14% threat detection and SentinelOne has less than 1%. I was skeptical and replied. It seems comments have been disabled and my comment has since been deleted 💀

Better opsec too 🙌 Time to start working on new detection rules