initstring

Local Privilege Escalation in Fedora Linux (CVE-2025-12744). Red Hat has made this public, but patches aren't out yet. Reliable root for any local user. Mitigation: sudo systemctl disable --now abrtd Writeup + PoC: https://t.co/iLURNVyppZ

Drive-By Attack in Ollama Desktop v0.10.0 Found a bug in Ollama desktop GUI (not the core API) where malicious websites could hijack all private chats. Ollama crew patched it within hours. Make sure to update! Tech details, video, IoCs, and PoC here: https://t.co/KNzypwNpC9

A lot has happened in a year! I’ve refreshed the dynamic data sources for passphrase-wordlist and generated a new file. If you’re into cracking complex passwords, this may be for you. Enjoy! https://t.co/lHSWSbvLV1

I'm not very active on here, and probably won't be on the next one either. But just in case, here's the new Mastodon profile I set up: @[email protected]

Spent some time recently formalizing our Red Team workflow at GitLab. The process is open-source, and we're sharing our issue templates to track logistics, goals, TTPs, reports, etc. https://t.co/wjAAvlguhQ

Sometimes I like to just grep random things and see if it made it into the list. $ grep covid ./passphrases.txt | wc -l 5937 Well, some of those are... interesting.

Just pushed an update for passphrase-wordlist. Massive list of passphrases with hashcat rules for offline cracking of long, complex passwords. Enjoy! https://t.co/lHSWSbvLV1

@fomm_io And yes, you'll also need to use the uBlock method in combo with whatever rebind protection you're using. It blocks local IPs, while the rebind protection blocks DNS names that resolve to local IPs.

Wanted to share this combo, as it's such a cool protection from drive-by attacks. 1. uBlock Origin with the "block access to LAN" filter-list 2. DNS rebind protection (available in pihole, NextDNS, dnsmasq, AsusWRT-Merlin, etc) JS can no longer easily target your LAN!!!

@fomm_io I'm not familiar with Fritzbox. Try to resolve the DNS name `https://t.co/fhDFTAZoKM`. If your rebind protection is working, it should not resolve to a real IP.

I've not yet spent time trying to bypass the combo, but that could be a fun adventure for the future.