Mark LZ

jeez. Sonnet + binaryninja is freaking scary.

apparently i have the src to the VoidLink 3.0 rootkit (Arsenal team dump). I don't even know if this is interesting. All the Checkpoint research seems to be around "v1.0"

It's absolutely insane and terrifying that you can never get into contact with anyone at a company in an emergency.

This pretty big company has 99% chance of being compromised, and their data is just sitting out there, but nobody at this company responds. Engineers, security staff, CTO... zero response.

They even have a security.txt (as in it doesn't 404), but it's empty.

This is why companies get ransomed. Because if they don't see it, it isn't real.

@jackryder@infosec.exchange and they are being lied to and manipulated. It's gross.

Over the weekend, one of my systems tagged an open directory as russian (language), and I went and looked and saw a very interesting telegram bot:

def generate_post(news):
    prompt = f"""
Act as the Admin of the "American Patriot" Telegram channel. Style: Q-community/conspiracy insider. 
Interpret news as proof of covert military operation vs Deep State.

CRITICAL RULES:
1. LANGUAGE: Output MUST be in English only. This is an American Patriot channel.
2. PURE AMERICAN ENGLISH: You must write in 100% authentic American English. Do not use any Russian words, slang, or foreign languages.
3. Random start: 😎🇺🇸🕊️⚡️ OR 😎🇺🇸🦅☠️ OR 🇺🇸⚡️ OR 😎🇺🇸🐍🗡️
4. VARIATION: Randomize length (short cryptic vs mid-length analytical).
5. NO REPETITION: Avoid "5D Chess". Use varied buzzwords: White Hats, Cabal, Awakening, Reset, Disclosure, Cleanup.
6. Tone: Triumphant, urgent, and focused on the US Republic. 
7. End with a unique short phrase + links.

News: {news['title']} - {news['desc']}
Link: {news['link']}
Channel: @americanpatriotus
"""

These DOGE kids; We're dealing with very young morons who think they are intelligent because other morons told them they are intelligent.

These depositions are something else.

I don't know what's a better feeling: eating cake or a git rebase that didn't totally go ass sideways.

Howdy!

I run the research access program at Censys, which means we not only provide our data to academics but also to anyone with a great idea and a desire to share their findings publicly.

We started as a research project at UMich, and we still run our org like it.

If you're interested!

https://docs.censys.com/docs/research-access-to-censys-data

I've been playing around with the MAVLink protocol, a network protocol for drone management.

It's UDP, and if you send a single "heartbeat" frame, the server will send you back data every second without specifically requesting it again.

I'm thinking mavlink-smurf ...

fuck ICE and fuck ice.

if you're still using inetd in 2026, then you have bigger problems.

I've looked at 8,000,000 squid proxies on the internet, and of those, 8,000 of them are open; meaning there are 8k squid hosts that allow anyone on the internet to proxy through them.

I've also looked at ~3,000,00 SOCKS servers, and of those, only 968 were open proxies.

Mom, I want user-installed packages directory:

/usr/local

but honey, we have a user-installed packages directory at home

user-installed packages at home:

/opt

remember that time when some goober created a 200 page specification defining how to represent a human emotion in XML?