ocdsec
@ocdsec.bsky.social
🏴☠️ 💚 🇺🇦 computer tester | 603,628 km²
Reposted by ocdsec
LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes.
github.com/pard0p/LibIPC
github.com/pard0p/LibIPC
GitHub - pard0p/LibIPC: LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes.
LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes. - pard0p/LibIPC
github.com
November 2, 2025 at 11:29 AM
LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes.
github.com/pard0p/LibIPC
github.com/pard0p/LibIPC
Reposted by ocdsec
Slides from Alexander Bluhm (bluhm@)'s talk "Update on #OpenBSD Networking Performance Improvements" today at #EuroBSDcon 2025.
www.openbsd.org/papers/eurob...
www.openbsd.org/papers/eurob...
Update on OpenBSD Networking Performance Improvements EuroBSDCon 2025
Since my previous talk about this topic in 2022 major improvements
in the OpenBSD network stack have been achieved. The socket API
has been unlocked in the kernel. This means that multiple userland
...
events.eurobsdcon.org
September 28, 2025 at 11:42 PM
Slides from Alexander Bluhm (bluhm@)'s talk "Update on #OpenBSD Networking Performance Improvements" today at #EuroBSDcon 2025.
www.openbsd.org/papers/eurob...
www.openbsd.org/papers/eurob...
Reposted by ocdsec
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) - Help Net Security
The CVE‑2025‑6543 NetScaler ADC vulnerability - patched in late June 2025 - has been exploited as a zero-day vulnerability since May 2025.
www.helpnetsecurity.com
August 12, 2025 at 4:10 PM
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)
Reposted by ocdsec
New Batavia spyware targets Russian industrial enterprises
New Batavia spyware targets Russian industrial enterprises
Since March 2025, fake contract emails have been spreading Batavia spyware in targeted attacks on Russian organizations.
securityaffairs.com
July 7, 2025 at 8:05 PM
New Batavia spyware targets Russian industrial enterprises
Reposted by ocdsec
Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User
Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User
cybersecuritynews.com
June 6, 2025 at 11:44 PM
Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User
Reposted by ocdsec
From over at the Bad Place:
There's an interesting NTFS symlink attack outlined here:
https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/
Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will […]
[Original post on infosec.exchange]
There's an interesting NTFS symlink attack outlined here:
https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/
Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will […]
[Original post on infosec.exchange]
February 25, 2025 at 10:49 PM
From over at the Bad Place:
There's an interesting NTFS symlink attack outlined here:
https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/
Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will […]
[Original post on infosec.exchange]
There's an interesting NTFS symlink attack outlined here:
https://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/
Basically, if an NTFS filesystem is corrupted in a way to provide duplicate file names, Windows will […]
[Original post on infosec.exchange]
Reposted by ocdsec
This is what I personally did back when I was involved in cybercrime. We'd host all our servers in Russia, transfer payments via Russian banks, and route all our traffic through Russian residential ISPs, which typically resulted in most authorities not even bothering to investigate further. 7/?
April 15, 2025 at 7:37 PM
This is what I personally did back when I was involved in cybercrime. We'd host all our servers in Russia, transfer payments via Russian banks, and route all our traffic through Russian residential ISPs, which typically resulted in most authorities not even bothering to investigate further. 7/?
Reposted by ocdsec
cybercrime
but its bigger
and on both sides.
but its bigger
and on both sides.
March 27, 2025 at 1:34 AM
cybercrime
but its bigger
and on both sides.
but its bigger
and on both sides.
Reposted by ocdsec
Reposted by ocdsec
VulnCheck has extracted and made a list of all the CVEs mentioned in a recent leak from the internal Matrix chat server of the BlackBasta ransomware group.
The list includes 62 vulnerabilities.
VulnCheck says the group focuses on CVEs with already public exploits
vulncheck.com/blog/black-b...
The list includes 62 vulnerabilities.
VulnCheck says the group focuses on CVEs with already public exploits
vulncheck.com/blog/black-b...
February 24, 2025 at 10:32 PM
VulnCheck has extracted and made a list of all the CVEs mentioned in a recent leak from the internal Matrix chat server of the BlackBasta ransomware group.
The list includes 62 vulnerabilities.
VulnCheck says the group focuses on CVEs with already public exploits
vulncheck.com/blog/black-b...
The list includes 62 vulnerabilities.
VulnCheck says the group focuses on CVEs with already public exploits
vulncheck.com/blog/black-b...
Reposted by ocdsec
I cannot overstate the value of being in community with other activists right now. It is what gives me the strength to get up in the morning and fight fascism.
February 24, 2025 at 8:53 PM
I cannot overstate the value of being in community with other activists right now. It is what gives me the strength to get up in the morning and fight fascism.
Reposted by ocdsec
"Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code"
Campaign delivers an infostealer, obviously. The threat-du-jour these days
securelist.com/gitvenom-cam...
Campaign delivers an infostealer, obviously. The threat-du-jour these days
securelist.com/gitvenom-cam...
Fake GitHub projects distribute stealers in GitVenom campaign
Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.
securelist.com
February 25, 2025 at 1:04 AM
"Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code"
Campaign delivers an infostealer, obviously. The threat-du-jour these days
securelist.com/gitvenom-cam...
Campaign delivers an infostealer, obviously. The threat-du-jour these days
securelist.com/gitvenom-cam...
Reposted by ocdsec
I just finished our #shmoocon talk on container security. Here's my seccomp bpf disassembler and diffing tool.
github.com/antitree/sec...
github.com/antitree/sec...
GitHub - antitree/seccomp-diff
Contribute to antitree/seccomp-diff development by creating an account on GitHub.
github.com
January 11, 2025 at 4:39 PM
I just finished our #shmoocon talk on container security. Here's my seccomp bpf disassembler and diffing tool.
github.com/antitree/sec...
github.com/antitree/sec...
Reposted by ocdsec
Diving into ADB protocol internals:
part 01: www.synacktiv.com/publications...
part 02: www.synacktiv.com/en/publicati...
#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering
part 01: www.synacktiv.com/publications...
part 02: www.synacktiv.com/en/publicati...
#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering
January 2, 2025 at 3:43 PM
Diving into ADB protocol internals:
part 01: www.synacktiv.com/publications...
part 02: www.synacktiv.com/en/publicati...
#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering
part 01: www.synacktiv.com/publications...
part 02: www.synacktiv.com/en/publicati...
#adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering
Reposted by ocdsec
These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com pentesterlab.com/blog/jwt-alg... & pentesterlab.com/blog/another... nice one @snyff.pentesterlab.com!
PentesterLab Blog: Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150
Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.
pentesterlab.com
December 22, 2024 at 7:06 PM
These are some really nice blog posts regarding algo confusion bugs in JWT by @pentesterlab.com pentesterlab.com/blog/jwt-alg... & pentesterlab.com/blog/another... nice one @snyff.pentesterlab.com!
Reposted by ocdsec
Ruble to fall to 200 per dollar: Russian economist warns of approaching catastrophe – media
читайте подробнее на сайте "Диалог.UA": www.dialog.ua/business/306...
читайте подробнее на сайте "Диалог.UA": www.dialog.ua/business/306...
Курс рубля рухнет до 200 за доллар: экономист в РФ предупредил о приближении катастрофы – СМИ
В России скопилась огромная рублёвая масса, которая уже вскоре хлынет на рынок и вызовет массовый спрос на валюту, это обвалит курс рубля как минимум до 200 за доллар.
www.dialog.ua
December 19, 2024 at 2:44 PM
Ruble to fall to 200 per dollar: Russian economist warns of approaching catastrophe – media
читайте подробнее на сайте "Диалог.UA": www.dialog.ua/business/306...
читайте подробнее на сайте "Диалог.UA": www.dialog.ua/business/306...
Reposted by ocdsec
Reposted by ocdsec
Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:
"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."
securityonline.info/...
"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."
securityonline.info/...
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers
Find out about the Next.js vulnerability CVE-2024-51479 that could have exposed sensitive data. Take necessary measures to secure your Next.js application.
securityonline.info
December 20, 2024 at 4:52 AM
Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:
"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."
securityonline.info/...
"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."
securityonline.info/...
Reposted by ocdsec
The #OpenBSD Foundation is currently at ~$230,280 (65%) raised of the $350,000 goal for their 2024 Fundraising Campaign, and it's nearly the end of December. 🐡
www.openbsdfoundation.org/campaign2024...
www.openbsdfoundation.org/donations.html
Donations fund events for developers, infra. costs.
www.openbsdfoundation.org/campaign2024...
www.openbsdfoundation.org/donations.html
Donations fund events for developers, infra. costs.
December 18, 2024 at 10:35 PM
The #OpenBSD Foundation is currently at ~$230,280 (65%) raised of the $350,000 goal for their 2024 Fundraising Campaign, and it's nearly the end of December. 🐡
www.openbsdfoundation.org/campaign2024...
www.openbsdfoundation.org/donations.html
Donations fund events for developers, infra. costs.
www.openbsdfoundation.org/campaign2024...
www.openbsdfoundation.org/donations.html
Donations fund events for developers, infra. costs.
Reposted by ocdsec
I did a blog instead of working on my projects again. This time a maldev blog talkin' about PE runtime decryption and other ways to be an asshole to the analyst. amethyst.systems/blog/posts/v... #infosec #malware
Various Ways to Be an Asshole with Runtime PE Decryption
I am currently procrastinating undoing the mess I made with CMake files for a bigger project I’m working on. It’s not hard– it’s just annoying, and I have no one to blame but myself. I did this intent...
amethyst.systems
December 7, 2024 at 8:18 PM
I did a blog instead of working on my projects again. This time a maldev blog talkin' about PE runtime decryption and other ways to be an asshole to the analyst. amethyst.systems/blog/posts/v... #infosec #malware
Reposted by ocdsec
Objective by the Sea v7.0 - Day 2
YouTube video by Objective-See Foundation
www.youtube.com
December 6, 2024 at 9:35 PM