Dominic White
@singe.bsky.social
📤 1230
📥 767
📝 654
Hacker at Orange Cyberdefense's SensePost Team
https://hello.singe.za.net/
reposted by
Dominic White
Exploit Code Not People
13 days ago
Hooo boy looks like I was right and quantum computing is gonna be the next grift
9
68
16
reposted by
Dominic White
Daniel Mangum
20 days ago
let’s build something great this week!
0
1
1
reposted by
Dominic White
Check whether a site supports post quantum crypto*
quantumhello.xyz
* Well hybrid PQ key exchange in the form of TLS 1.3 with X25519MLKEM768
23 days ago
1
0
4
Check whether a site supports post quantum crypto*
quantumhello.xyz
* Well hybrid PQ key exchange in the form of TLS 1.3 with X25519MLKEM768
23 days ago
1
0
4
I audibly eyeroll when most cyber people talk about post-quantum crypto, and it's even worse when they're talking big consulting engagement to do what? - update some openssl packages or makes a TLS key exchange explicit? Now you can give them pqc4free
github.com/singe/pqc4free
loading . . .
GitHub - singe/pqc4free: A script to check whether your Linux apache/nginx server is serving post-quantum safe crypto, and recommend improvements.
A script to check whether your Linux apache/nginx server is serving post-quantum safe crypto, and recommend improvements. - singe/pqc4free
https://github.com/singe/pqc4free
25 days ago
0
0
2
A quick run through the new iOS 27 beta system settings and I noticed: 1 You need to join a waitlist to access new Siri 2 it now shows what type of WiFi is in use when connected 3 it may not be new - but there’s an “impersonation risk detection” feature that can be shared with apps
26 days ago
1
0
0
reposted by
Dominic White
The Shadowserver Foundation
27 days ago
Shadowserver is excited to share its cybersecurity insights and actionable recommendations in a report aimed at helping ECOWAS stakeholders make West Africa more secure! Read the report & accompanying fact sheets in English, French & Portuguese at
www.shadowserver.org/news/shadows...
2
11
5
“I want conflict, I want dissent I want the scene to represent, Our hatred of authority Our fight against complacency”
youtube.com/watch?v=spLm30…
about 1 month ago
0
0
0
Love me some clankers - a little optimisation to common-substrings for your password cracking pleasure
github.com/sensepost/co...
loading . . .
optimize substring loop bounds in Go implementation · sensepost/common-substr@a43aedc
Rewrite the main substring generation loops to encode the minimum substring length directly in loop bounds instead of checking it inside the inner loop. This removes a hot-path branch for the all/...
https://github.com/sensepost/common-substr/commit/a43aedc2e423228f66f8ed186a40cf0a9d02ee40
about 1 month ago
0
0
0
reposted by
Dominic White
Raphael Mudge
about 1 month ago
Relax and unwind in the Tradecraft Garden
aff-wg.org/2026/06/01/r...
Celebrating one year of Tradecraft Garden. 40 blog posts. ~30 POCs/projects. A lot of thank you's inside. The release itself: stack unwinding data generation, reference relaxation in the linker, and COFF mixing (+disco baby!)
loading . . .
Relax and unwind in the Tradecraft Garden
We’re at the 12th release of Crystal Palace and marking one year in the Tradecraft Garden. This release adds reference relaxation to make global references PIC-friendly. I’ve also added stack unwin…
https://aff-wg.org/2026/06/01/relax-and-unwind-in-the-tradecraft-garden/
2
14
9
reposted by
Dominic White
pspaul
about 1 month ago
A fun gadget I found recently! The .NET JIT compiler makes sure there are no rwx pages by using a memfd, but that turns file writes into straight shellcode execution 🐚
add a skeleton here at some point
0
0
1
Those aren’t version numbers, they’re multipliers to token cost.
about 1 month ago
0
2
0
reposted by
Dominic White
The Official Pulpit of CULT OF THE DEAD COW
2 months ago
copy.fail
THANKS, I HATE IT.
loading . . .
Copy Fail — 732 Bytes to Root
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
https://copy.fail
0
38
20
I’m reminded of the disconnect between typical vuln scan/pentest XSS findings and real world exploitation by this write up of Russian exploitation of webmail apps
ctrlaltintel.com/threat researc…
How do you demonstrate XSS impact beyond the classic alert dialog or cookie stealer?
3 months ago
0
1
0
Periodic reminder - there’s no easy way to clear tracking cookies and other cruft from iOS apps. But you can do it across all of them with one easy shortcut! It won’t log you out of the app just get rid of the cruft from the in-app browser. prefs:root=SAFARI&path=CLEAR_HISTORY_AND_DATA
3 months ago
0
1
1
UK gov’s review of Mythos shows it completing challenge of approx 20hrs human expert time & 32 steps 3/10 times using 100M tokens.
www.aisi.gov.uk/blog/our-evalu…
Opus 4.6 did 28/32 steps max & 100M tokens is approx $900. More for Mythos when/if released.
3 months ago
1
0
0
reposted by
Dominic White
SpecterOps
3 months ago
BloodHound isn’t just AD anymore. With OpenGraph, it extends into GitHub, Jamf, and more. But most training hasn’t caught up. If you maintain coursework,
@mrmurky.bsky.social
shares what you should update:
ghst.ly/4dzYnFL
loading . . .
BloodHound Has Changed. Your Course Probably Hasn't. - SpecterOps
Four out of five BloodHound courses are three years out of date. If you create or maintain BloodHound training, here is what to update and how to check if your content reflects the current platform.
https://ghst.ly/4dzYnFL
0
6
1
reposted by
Dominic White
Kevin Beaumont
3 months ago
Orgs aiming to implement a Mythos-ready security program when they have a flat network with default creds everywhere and ransomware actors casually logged in.
5
122
20
reposted by
Dominic White
Jorge Liboreiro
3 months ago
🧵 Thread of European leaders reacting to Péter Magyar's victory and Viktor Orbán's defeat. Ursula von der Leyen: "Hungary has chosen Europe. Europe has always chosen Hungary. A country reclaims its European path. The Union grows stronger."
add a skeleton here at some point
3
359
104
reposted by
Dominic White
Thomas Fuchs
3 months ago
Companies should be required by law to completely open devices when they end support for them
www.theguardian.com/technology/2...
loading . . .
Amazon upsets ebook lovers by ending support for old Kindle devices
Up to 2m e-readers made before 2013 will no longer be able to download new titles
https://www.theguardian.com/technology/2026/apr/09/amazon-upsets-book-lovers-by-ending-support-for-old-kindles
2
61
12
reposted by
Dominic White
Joe Slowik
3 months ago
This thread is :chefs kiss:
add a skeleton here at some point
0
8
1
Can attest, they’re super nice about it if you ask.
add a skeleton here at some point
3 months ago
0
1
0
reposted by
Dominic White
Joe Slowik
3 months ago
Yeah Project Glasswing seems cool and all but when you're screaming from the rooftops about "OUR AI IS SO POWERFUL WE CANT RELEASE IT BECAUSE THE RISKS ARE TOO GREAT" then what you're really doing is product marketing.
1
37
12
reposted by
Dominic White
Ant Stanley
3 months ago
100% this. I also don't think they can afford to release it to subscribers on Max plans without tiny limits which would upset the user base. They also want to avoid distillation by the Chinese AI labs.
0
4
1
What if Mythos is being overhyped so that Anthropic can develop a higher margin enterprise model instead of the high volume low margin one they’ve pursued until now? This is not to say we can disregard the claim - but let’s wait and see where the truth lies.
3 months ago
2
8
1
reposted by
Dominic White
Ollie Whitehouse
3 months ago
There is no easy 'just do' in response to the surfacing of latent vulnerability in technology. Vendors must make the investment to address, test and then release. Customers then need to patch. There is no magic - just a sequence of events which now need to take place..
1
0
1
FBI IC3 report is out for 2025. Reports from ZA went up by 42% (1075-1532). Small compared to the 1m they received in total. Reported losses since 2022 have doubled from $10 to $20 billion. $1.6b of that is from outside the US (complaints from over 200 countries)
www.ic3.gov/AnnualReport/R…
3 months ago
0
0
0
reposted by
Dominic White
Gabino Iglesias
3 months ago
Monthly reminder: Many people have a book in them, but it takes a special kind of freak to leave the Land of Laziness, cross the Plains of Procrastination and Insecurity Mountain, find the Blade of No One Made You Do This, and use it to cut your chest open and yank that book out.
29
578
111
reposted by
Dominic White
dragosr
3 months ago
I watched LLMs write full exploit chains years ago. The amazement fades once you hit context limits and have to steer the model through every hard corner. The industry is full of people who just got here and are still in the amazement phase. That's the gap worth watching.
loading . . .
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
1
6
2
Totally worth reading.
add a skeleton here at some point
3 months ago
0
2
1
reposted by
Dominic White
evacide
3 months ago
No really, I am not kidding when I say that the data broker industry must be destroyed:
www.npr.org/2026/03/25/n...
loading . . .
Your data is everywhere. The government is buying it without a warrant
Data brokers buy up huge amounts of information from cell phones and browsers to sell for targeted advertising. But the government, including ICE, also buys the data.
https://www.npr.org/2026/03/25/nx-s1-5752369/ice-surveillance-data-brokers-congress-anthropic
54
2912
1185
I’ve been fighting a losing battle in my home and the time has come to admit defeat. We’ll be getting a dog. Most likely an Alsatian - I know nothing about dog ownership. Internet - I’m looking for all the advice you care to give!
3 months ago
5
5
0
reposted by
Dominic White
Nute
4 months ago
This whole concept in LOTR is one of my favourite parts of the whole book. “Evil fucks up because evil people fundamentally cannot imagine that others are not motivated by the same things as them” is another theme that feels relevant right now
138
7653
1778
@infosecjen.bsky.social
Jen! 👀
4 months ago
1
0
0
reposted by
Dominic White
Danielkennedy74
4 months ago
𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗼𝗿 𝗔𝗜 𝗶𝘀 𝗰𝗿𝗲𝗮𝘁𝗶𝗻𝗴 𝗮𝗻 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 𝗽𝗮𝗿𝗮𝗱𝗼𝘅 -
blog.451alliance.com/security-for...
0
1
1
reposted by
Dominic White
evacide
4 months ago
The data broker industry must be destroyed:
www.theverge.com/news/897145/...
loading . . .
The FBI is buying Americans’ location data
“We do purchase commercially available information.”
https://www.theverge.com/news/897145/kash-patel-ron-wyden-fbi-location-data-no-warrant
14
529
197
reposted by
Dominic White
Catalin Cimpanu
4 months ago
-EU finally imposes more cyber sanctions -US-Israeli strikes killed Iranian cyber chief -UK fixes major bug in Companies House portal -Celebrity phisher continued phishing while in detention -Digg shuts down after bot attack Newsletter:
news.risky.biz/risky-bullet...
Podcast:
risky.biz/RBNEWS539/
1
12
9
Giving up drinking years ago meant giving up a love for peaty whisky, but I just discovered Lapsang Souchong tea totally hits the same spot.
4 months ago
0
2
0
As a break from doomscrolling the Middle East, news that the EU may join the CPTPP and Mark Carney’s middle powers vision may be coming true is buoying
youtu.be/t4vNi8dxeyQ
4 months ago
0
1
0
We must never again allow ourselves to dehumanise each other.
add a skeleton here at some point
4 months ago
1
2
0
reposted by
Dominic White
Richard Johnson
4 months ago
Spread the word!
@phrack.org
CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of @PiotrBania with some hopefully inspiring text from phrack staff :)
phrack.org
0
28
18
reposted by
Dominic White
Annie Sexton
4 months ago
its always ❯ whoami but never ❯ howami
11
245
19
reposted by
Dominic White
Adam Weinstein
4 months ago
Logistics is woke. Supply is woke. End-state planning is woke. Force protection? Believe it or not, woke
64
2721
459
Time to exploit reducing? Zero day clock? Pepperidge farm remembers the early 2000’s.
4 months ago
0
1
0
I’ve been generating AI music for myself and family using the local ACE-step generator … and they’re surprisingly good. I’ve had my trance playlist on repeat for a week now. I’m obviously not distributing them, but I’d highly recommend trying it out. Hyper contextual lyrics from a good LLM help too.
4 months ago
0
1
0
reposted by
Dominic White
Jeff Moss
4 months ago
RIP FX - You are a legend
5
60
27
I AI generated this punk song a week ago. Kind of saw it coming. Wish we could move on from rhyming the death and misery.
4 months ago
0
0
0
reposted by
Dominic White
Ryan O'Horo
4 months ago
A little late to the party, but Johnny's video makes very accessible the parallels of history in this current moment and what experts want to convey. Good for friends on the fence.
www.youtube.com/watch?v=GV8K...
loading . . .
Is Fascism Back?
YouTube video by Johnny Harris
https://www.youtube.com/watch?v=GV8KGcFqeLc
0
3
2
reposted by
Dominic White
Phat Hobbit
4 months ago
Was re-watching BSG: "There's a reason you separate military and the police. One fights the enemies of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people." - Cmdr Adama
1
2
1
reposted by
Dominic White
Joseph Lorenzo Hall, PhD
4 months ago
Is your fancy new keyboard betraying you? Chen et al. propose DualStrike, a hardware attack on commodity Hall-effect keyboards. Using electromagnetic emissions, it perfectly eavesdrops on your typing and can even invisibly inject malicious keystrokes.
loading . . .
DualStrike: Accurate, Real-time Eavesdropping and Injection of Keystrokes on Commodity Keyboards - NDSS Symposium
View More Papers
https://www.ndss-symposium.org/ndss-paper/dualstrike-accurate-real-time-eavesdropping-and-injection-of-keystrokes-on-commodity-keyboards/
0
2
2
Load more
feeds!
log in