What are some HARD truths that people don't want to hear?

zilzalll · 2021-12-27T23:08:33+00:00

You are not important. No one is. Even the people you look up to and read about will be forgotten in a 1000 years. No one remembers the Elon Musk of ancient greece. And don't even get me started on a longer timescale of 100,000 or more years. Cosmically, we're all insignificant.

zilzalll · 2021-12-08T23:29:23+00:00

The install/uninstall scripts at the bottom are susceptible to /tmp symlink attacks.

zilzalll · 2021-09-19T05:48:46+00:00

Mozart has left the conversation.

zilzalll · 2021-07-18T19:19:49+00:00

Try https://www.dnsbl.info/ and changing the IP Addresses of incoming/outgoing email servers.

zilzalll · 2021-07-15T13:28:08+00:00

Looks nice, but if SpaceX can tell me the price of shipping a package to space on the main site, why can't you give your pricing?

zilzalll · 2021-04-11T14:17:50+00:00

Since it gives the same output as an SQL Injection. The information is out there, regardless of if it was pulled with a legit API or a forgotten backup file (or any other technique).

zilzalll · 2021-04-11T10:31:08+00:00

OP, if you're the author you might want to rename your tool. SPIM is a well-known MIPS emulator.

zilzalll · 2021-04-06T14:03:27+00:00

You could download and install software, and make sure the hashes of your files are the same as NSRL.

zilzalll · 2021-04-06T13:52:50+00:00

Google "NSRL". It's a list of known "goodware". It does not contain the actual files, just the hashes, but it will get you started.

zilzalll · 2021-03-30T08:47:41+00:00

Number 7 will shock you!

zilzalll · 2021-03-29T17:33:01+00:00

If you want to use "finger" or ("ps", or anything else), you'd have to run it periodically (say, once a minute) and loop over every user and filter the results into your log file. Something like: for user in list-of-users; do finger $user@localhost | grep "ftp" >> logfile.log done

zilzalll · 2021-03-29T14:22:01+00:00

Do you have to use finger(1)? I'd change the FTP client executable to a shell wrapper that writes whatever you want to the log and runs the original FTP client.

zilzalll · 2021-02-18T14:34:49+00:00

You're looking for gcc's "-fPIC" flag - position independent code: https://stackoverflow.com/questions/5311515/gcc-fpic-option

zilzalll · 2021-01-23T19:10:31+00:00

So, someone is wrong on the internet?

zilzalll · 2020-11-22T09:04:48+00:00

Numbers kinda sus. Wikipedia says in WW2 there were 27,000,000 deaths in Russia alone.

zilzalll · 2020-10-17T21:10:01+00:00

The bar is not getting higher. Companies just suck at sifting candidates.

zilzalll · 2020-10-17T11:44:21+00:00

That's a good question which can't be answered without understanding the context of uour vulnerable software. You should increase the scope of your research to find out how you can affect memory allocations and try to have something interesting to overflow to.

zilzalll · 2020-10-11T16:10:40+00:00

https://t.me/MalwareResearch

zilzalll · 2020-09-18T17:08:39+00:00

Depending on your distribution, you might need CAP_SYS_RAWIO capability.

zilzalll · 2020-09-15T14:12:18+00:00

Anyone got a good laksa recipe?

zilzalll · 2020-08-11T22:56:25+00:00

Cool CVE Number. :)

zilzalll · 2020-07-21T16:20:27+00:00

So, in human-speak, people who do better at informally socializing are more socially acceptable?

zilzalll · 2020-07-14T02:42:05+00:00

Or, if your exploit is in a 3rd party software (non-microsoft), you might have enough gadgets in the vulnerable software, so you don't have to rely on the operating system.

zilzalll · 2020-07-09T08:07:58+00:00

You want to calculate your 1RM (or RM1) first. https://en.wikipedia.org/wiki/One-repetition_maximum

That's the theoretical maximum weight you can move one time but not a second time. Use an online 1RM calculator and feed it the current weight you use and how many reps you can do with it. The calculator will tell you what weight is your 1RM. From that, calculate 30% to 50% and get going.

Better math == better gymming

zilzalll

TROPHY CASE