Dominic White
@singe.bsky.social
Reposted by Dominic White
Turns out you can communicate across containers via 63-bits of available space in a shared lock you acquire on /proc/self/ns/time that all processes have access to.
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
November 12, 2025 at 2:35 PM
Turns out you can communicate across containers via 63-bits of available space in a shared lock you acquire on /proc/self/ns/time that all processes have access to.
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
Reposted by Dominic White
I chatted with @hex-rays.bsky.social about how I found my place in the security industry, how @blackhoodie.bsky.social came to be, what our goals are and why community matters so much. hex-rays.com/blog/blackho...
BlackHoodie Interview: Building Community, Opportunity, & Confidence
BlackHoodie founder Marion Marschalek shares her journey from early challenges to creating a global, inclusive reverse-engineering network.
hex-rays.com
November 18, 2025 at 6:02 PM
I chatted with @hex-rays.bsky.social about how I found my place in the security industry, how @blackhoodie.bsky.social came to be, what our goals are and why community matters so much. hex-rays.com/blog/blackho...
Reposted by Dominic White
HOPE has been banned from St. John's University. www.2600.com/content/hope...
HOPE CONFERENCE BANNED BY ST. JOHN'S UNIVERSITY | 2600
www.2600.com
November 18, 2025 at 6:21 PM
HOPE has been banned from St. John's University. www.2600.com/content/hope...
Reposted by Dominic White
November 18, 2025 at 5:11 PM
Here’s a free scanner for that FortiWeb CVE-2025-64446 I made for you.
GitHub - sensepost/CVE-2025-64446: A scanner for the FortiNet vulnerability CVE-2025-64446
A scanner for the FortiNet vulnerability CVE-2025-64446 - sensepost/CVE-2025-64446
github.com
November 18, 2025 at 5:07 PM
Here’s a free scanner for that FortiWeb CVE-2025-64446 I made for you.
Reposted by Dominic White
The clever folks at Grumpy Goose Labs have published even more ways to identify unauthorized IP KVMs across your environment, with some great memes to boot! Be KVM, Do Fraud - blog.grumpygoose.io/be-kvm-do-fr...
Be KVM, Do Fraud
Hi Everyone! It’s me, your friendly Wav3.
blog.grumpygoose.io
November 15, 2025 at 12:00 AM
The clever folks at Grumpy Goose Labs have published even more ways to identify unauthorized IP KVMs across your environment, with some great memes to boot! Be KVM, Do Fraud - blog.grumpygoose.io/be-kvm-do-fr...
Reposted by Dominic White
August 5, 2025 at 10:17 PM
Reposted by Dominic White
November 10, 2025 at 9:08 PM
Reposted by Dominic White
Reposted by Dominic White
@ellearmageddon.bsky.social wirh some words of inspiration at #kawaiicon
We can change the world, we do it in small steps, making each thing just a little better
We can change the world, we do it in small steps, making each thing just a little better
November 6, 2025 at 9:35 PM
@ellearmageddon.bsky.social wirh some words of inspiration at #kawaiicon
We can change the world, we do it in small steps, making each thing just a little better
We can change the world, we do it in small steps, making each thing just a little better
Reposted by Dominic White
NEW: Paragon spyware hit a key Italian campaign manager / political strategist.
Super concerning case & a reminder that Italy has a growing pile of unexplained infections with Paragon's Graphite spyware.
Super concerning case & a reminder that Italy has a growing pile of unexplained infections with Paragon's Graphite spyware.
NEW: The Paragon spyware scandal in Italy widens again.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
Italian political consultant says he was targeted with Paragon spyware | TechCrunch
WhatsApp notified the consultant, who works for left-wing politicians, that his phone was targeted with spyware made by Paragon.
techcrunch.com
November 6, 2025 at 9:03 PM
NEW: Paragon spyware hit a key Italian campaign manager / political strategist.
Super concerning case & a reminder that Italy has a growing pile of unexplained infections with Paragon's Graphite spyware.
Super concerning case & a reminder that Italy has a growing pile of unexplained infections with Paragon's Graphite spyware.
Reposted by Dominic White
D3 viz of Symbiote malware call graph created with @binaryninja.bsky.social. Interactive, and makes pewpew sounds. The pewpew sounds are naturally the most important analysis feature, duh. Code going public soon.
November 7, 2025 at 1:52 AM
D3 viz of Symbiote malware call graph created with @binaryninja.bsky.social. Interactive, and makes pewpew sounds. The pewpew sounds are naturally the most important analysis feature, duh. Code going public soon.
Reposted by Dominic White
Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
November 1, 2025 at 4:15 PM
Heeey, ncurses/terminfo has a small virtual machine! And if there's a VM, there are CTF challenges :)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
hackarcana.com/public-exerc...
hackarcana.com/public-exerc...
(third one coming next week, will be a bit harder)
T’was 0xC0N Jozi today. That makes number 9, finally beating ZaC0N’s run of 8 years. It’s such a special con because it’s small and full of passionate attendees - no corporate wage slaves there for a day off work, just a bunch of hackers new and old.
November 1, 2025 at 3:59 PM
T’was 0xC0N Jozi today. That makes number 9, finally beating ZaC0N’s run of 8 years. It’s such a special con because it’s small and full of passionate attendees - no corporate wage slaves there for a day off work, just a bunch of hackers new and old.
Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...
October 28, 2025 at 2:58 PM
Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...
github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.
GitHub - singe/contun.pl: A concurrent listen:listen connect:connect tunnelling solution written in Perl
A concurrent listen:listen connect:connect tunnelling solution written in Perl - singe/contun.pl
github.com
October 27, 2025 at 7:00 PM
github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.
Reposted by Dominic White
I just can't get over how this track is literally about when your phone's 2G GSM signals would interfere with speakers, and they even sample the interference sound repeatedly: www.youtube.com/watch?v=gpQS... (1/2)
October 25, 2025 at 1:58 AM
I just can't get over how this track is literally about when your phone's 2G GSM signals would interfere with speakers, and they even sample the interference sound repeatedly: www.youtube.com/watch?v=gpQS... (1/2)
Back in days of IRC my friend vhata maintained an ibid* bot called Spinach. Spinach had a ton of lore saved in its factoid database and was an essential part of our daily lives. From helping us with cricket scores to making major life choices with the choose plugin.
*
*
GitHub - ibid/ibid: Ibid is a multi-protocol general purpose chat bot written in Python. Bugs tracked on launchpad.
Ibid is a multi-protocol general purpose chat bot written in Python. Bugs tracked on launchpad. - ibid/ibid
github.com
October 19, 2025 at 11:26 AM
Back in days of IRC my friend vhata maintained an ibid* bot called Spinach. Spinach had a ton of lore saved in its factoid database and was an essential part of our daily lives. From helping us with cricket scores to making major life choices with the choose plugin.
*
*
Reposted by Dominic White
Seriously, I love this post so much - Good weekend timeline cleanser: "Root for Your Friends · Joseph Thacker"
m.cje.io/3KYvnLt
m.cje.io/3KYvnLt
Root for Your Friends
Discover the power of rooting for your friends and how it can amplify success for everyone involved.
m.cje.io
October 18, 2025 at 10:39 PM
Seriously, I love this post so much - Good weekend timeline cleanser: "Root for Your Friends · Joseph Thacker"
m.cje.io/3KYvnLt
m.cje.io/3KYvnLt
Reposted by Dominic White
Why plant a Tradecraft Garden?
April 2025, I talked to my camera about how tradecraft may go the route we saw vuln research go years ago, red teaming's retreat to self-protective secrecy, and the opportunity I see for a public tradecraft ecosystem. This starts @ 1:16:00
vimeo.com/1074106659#t...
April 2025, I talked to my camera about how tradecraft may go the route we saw vuln research go years ago, red teaming's retreat to self-protective secrecy, and the opportunity I see for a public tradecraft ecosystem. This starts @ 1:16:00
vimeo.com/1074106659#t...
Post-ex Weaponization: An Oral History
This is "Post-ex Weaponization: An Oral History" by AFF-WG on Vimeo, the home for high quality videos and the people who love them.
vimeo.com
October 14, 2025 at 4:57 PM
Why plant a Tradecraft Garden?
April 2025, I talked to my camera about how tradecraft may go the route we saw vuln research go years ago, red teaming's retreat to self-protective secrecy, and the opportunity I see for a public tradecraft ecosystem. This starts @ 1:16:00
vimeo.com/1074106659#t...
April 2025, I talked to my camera about how tradecraft may go the route we saw vuln research go years ago, red teaming's retreat to self-protective secrecy, and the opportunity I see for a public tradecraft ecosystem. This starts @ 1:16:00
vimeo.com/1074106659#t...
Unsolicited tick pic
October 11, 2025 at 11:49 AM
Unsolicited tick pic
Rewatching this banger of a talk, that we’re now spoiled with two versions of; the original DEFCON 33 main stage talk, and the follow up RomHack 2025 talk with the PipeTap additions.
DEFCON https://youtube.com/watch?v=zSBf2CMKlBk
RomHack https://youtube.com/watch?v=_39UbCePFfw
DEFCON https://youtube.com/watch?v=zSBf2CMKlBk
RomHack https://youtube.com/watch?v=_39UbCePFfw
October 11, 2025 at 10:57 AM
Rewatching this banger of a talk, that we’re now spoiled with two versions of; the original DEFCON 33 main stage talk, and the follow up RomHack 2025 talk with the PipeTap additions.
DEFCON https://youtube.com/watch?v=zSBf2CMKlBk
RomHack https://youtube.com/watch?v=_39UbCePFfw
DEFCON https://youtube.com/watch?v=zSBf2CMKlBk
RomHack https://youtube.com/watch?v=_39UbCePFfw
Reposted by Dominic White
Tomorrow morning I am cycling 100km from Brisbane to the Gold Coast for cancer research 🚴♀️❤️
If you’d like to sponsor me (even small donations are super appreciated): fundraise.mater.org.au/s/120023/179...
If you’d like to sponsor me (even small donations are super appreciated): fundraise.mater.org.au/s/120023/179...
Please support my ride
I’m taking on the Brisbane to Gold Coast Cycle for Cancer to raise money for cancer research at Mater. Please support my ride by making a donation today. Thank you.
fundraise.mater.org.au
October 11, 2025 at 10:29 AM
Tomorrow morning I am cycling 100km from Brisbane to the Gold Coast for cancer research 🚴♀️❤️
If you’d like to sponsor me (even small donations are super appreciated): fundraise.mater.org.au/s/120023/179...
If you’d like to sponsor me (even small donations are super appreciated): fundraise.mater.org.au/s/120023/179...
Reposted by Dominic White
I think about this often.
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
My understanding from @timmedin.bsky.social is RC4 risk is mitigable w/ a properly (service account std differs from user account) strong password. If it was never cracked by a pen tester, because their level of effort vs. adversary effort differed--how would Ascension know it wasn't strong enough?
September 30, 2025 at 2:18 PM
I think about this often.
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?