so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


The goal of this project is to provide an OpenSource knowledge database of all the techniques to achieve Remote Code Execution (RCE) on various applications. All of these techniques also comes with a test environment (usually a Docker image) for you to train these techniques. Awesome RCE techniques

China’s Lijian-1 (ZK-1) solid propellant rocket made its maiden flight from the Jiuquan Satellite Launch Center in Northwest China, successfully sending six satellites into their preset orbits. According to its developer, the Chinese Academy of Sciences (CAS), the 2.65-meter-diameter and 30-meter-long new rocket is the largest of its kind in China.

The rocket is a four-stage launch vehicle and weighs 135 tons at launch with a thrust of 200 tons. A fairing of 2.65 meters in diameter was atop the rocket during the Wednesday launch. The ZK-1 is capable of sending payloads of 1,500 kilograms into 500-kilometer Sun-synchronous orbits (SSO), the CAS disclosed. source

Small thing I always seem to forget: the Internet is way bigger than the American Internet.

Integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent red team tools. Code-level optimization, parameter optimization, and individual modules, such as vscan filefuzz, have been rewritten for these integrated projects.

Cross-platform: based on golang implementation, lightweight, highly customizable, open source, supports Linux, windows, mac os, etc. scan4all

This social media era of absence of thoughts might simply be a response to the previous years of overthinking and we will hopefully bounce back to a stance in between.

Bryan Sparks, President of DRDOS, clarified the license of CP/M:

Let this paragraph represent a right to use, distribute, modify, enhance, and otherwise make available in a nonexclusive manner CP/M and its derivatives. This right comes from the company, DRDOS, Inc.’s purchase of Digital Research, the company and all assets, dating back to the mid-1990’s. DRDOS, Inc. and I, Bryan Sparks, President of DRDOS, Inc. as its representative, is the owner of CP/M and the successor in interest of Digital Research assets. CP/M is really open-source now

Surfraw provides a fast unix command line interface to a variety of popular WWW search engines and other artifacts of power. It reclaims google, altavista, babelfish, dejanews, freshmeat, research index, slashdot and many others from the false-prophet, pox-infested heathen lands of html-forms, placing these wonders where they belong, deep in unix heartland, as god loving extensions to the shell.

Surfraw abstracts the browser away from input. Doing so lets it get on with what it’s good at. Browsing. Interpretation of linguistic forms is handed back to the shell, which is what it, and human beings are good at. Combined with netscape-remote or incremental text browsers, such as links (http://artax.karlin.mff.cuni.cz/~mikulas/links/), w3m (http://www.w3m.org/), and screen(1) a Surfraw liberateur is capable of navigating speeds that leave GUI tainted idolaters agape with fear and wonder. Surfraw - Shell Users’ Revolutionary Front Rage Against the Web

When we look back we see only ruined societies. All the great civilizations have failed, what makes us think we are any different from them? The most depressing thing is that those societies were the highest point of development and adaptation we have reached. Today we are trapped in a kind of macro-scale Skinner box, we are slaves to our own impulses.

List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa, de-china-malware etc. etc.” your mobile phone, as always, the list is written in a (KISS) simple way. Feel free to contact me to add applications or modify the list.

The links in the list are related to the application website (if exists) or to the source code repository, I suggest to install Droid-ify or Neo Store which already has the repositories of Guardian Project, IzzyOnDroid and other applications such as Bromite and NewPipe, and search apps from there. Android FOSS Apps List

People online always speaking anecdotes on life as if it were universal dogma, not realizing the sheer range of human experience.

The greatest living writer died last week; they found him caught up in a bunch of machinery, hands all mangled like. Thailand. Never wrote a thing, hadn’t had the time. Wife put him in a jar next to the Buddha.

Vodafone & Deutsche Telekom recently started trials with Trustpid to reintroduce persistent user tracking.

Network operators are a vital part of transmitting data traffic on the internet. In this process, the data is sent largely untouched. This is about to change as Vodafone & Deutsche Telekom are tapping into ways to monetize these data streams.

They have recently started a trial to test new ways of marketing customer data in collaboration with Trustpid.

Although Vodafone claims there is nothing to worry about, privacy officials are especially concerned about the recent involvement of network operators. Privacy advocates call it the return of the “Super Cookie.” If they are correct, this would be a massive step backward in creating an independent web where the privacy of internet users is respected. Vodafone & Deutsche Telekom to introduce persistent user tracking

Software is getting slower faster than hardware is getting faster.

Planting a garden really puts you in touch with nature and the day itself in a way that few other things do. It’s very fulfilling.

In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the Netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04. CVE-2022-34918 - A crack in the Linux firewall

Remember, nobody is your friend. We live in a pitiless system where everyone must fend for themselves and clawing at each-others throats over an ever shrinking slice of the pie. Fuck capitalism.

Mobile applications has become a trend these days since there are a rapid growing companies and startups which already taken their steps into digital world, scaling up their business into a bundle of an APK or IPA. Little did they know that there are most likely a vulnerabilities exposed inside which can be manipulated by an unknown adversaries who may take an advantage from them.

In this writings, I’d like to show you how such a third party application may affects an application that has a vulnerable security design especially in Android. The scope of the APK that I chose will be an oversecured APK that can be downloaded from their official Github. Exploiting Android Vulnerabilities with Malicious Third-Party Apps

We demonstrate how targeted deanonymization attacks performed via the CPU cache side channel can circumvent browser-based defenses. The attack framework we show is able to overcome the limitations of prior work, such as assumptions on the existence of cross-site leaks. As a result of this attack, the attacker is able to learn whether a specific individual visits the attacker-controlled website – a potentially serious privacy violation.

When a user visits the attacker-controlled website, the website uses an iframe, popunder, or tabunder to request a resource from a third-party website (i.e., the “leaky resource”). The response to this request, as well as the cache activity it generates in the user’s system, differs depending on the user state on the third-party website. An attacker monitoring the CPU cache side channel can analyze the cache patterns and learn whether the leaky resource was loaded successfully in the browser or not, and use this information to learn the identity of the visiting user. The attack can be scaled to identify thousands of users. Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses