Ooggle

the same technique giving cheaters wallhacks in Valorant is the same one being used in malware to pwn you. Still working no patch, undetected from AV's and AC's. I pulled the source from a cheating forum, built it, and ran it on my fully patched Windows 11 machine. it reads memory straight out of another running program without needing admin, without loading a driver, without calling any API that your EDR monitors. it just uses two normal Windows functions that have existed since the 90s, SetWindowsHookEx and SendMessage. I reversed the root cause in Ghidra. two functions that ship in every copy of Windows ntdll.dll and shell32.dll will blindly execute whatever function pointer you hand them through a window message. Microsoft's own exploit protection CFG signs off on it because they're legitimate functions. no CVE. no patch. 279 stars on GitHub. Microsoft won't fix it because they consider same-privilege process interaction "by design." Chinese researchers found the same technique in live malware back in 2023.

Google paid us $57,000 for two bugs in Chrome. We’re not doing this for the bounty, but it’s always fun to get rewarded. These bugs were found using nothing fancier than a $20/month AI subscription. If you’re curious, come check out our talk at the Real World AI Security Conference at Stanford: https://t.co/QPanlB3lUS We haven’t published the Chrome bugs in our MAD Bugs series. They work better as part of something even more fun, stay tuned!

The Legend of Zelda: The Minish Cap (2004) It's been recompiled and ported to PC! With all the modern bells and whistles you'd expect! Gameplay improvements, improved framerate beyond the original 30FPS hard limit, controls and an expanded inventory system which was limited in the original GBA! You can play it on PC and handhelds like the Steam Deck! This is amazing, and Twilight Princess is just around the corner! ENJOY!

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ #oppo

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread

> be nerds > look into persona (used by discord) > kyc (know your customer) service > used for age verification > search on internet (shodan) > find weird server > image 1 > openai-watchlistdb.withpersona > openai-watchlistdb-testing.withpersona > lolwtf > look inside > supposed to be behind cloudflare to hide ip > openai messed up > not behind cloudflare > real ip shown > using google cloud > lookup cert history > 2023-11-16 created > 2024-02-28 gets cert > 2024-03-04 prod goes live > google stuff > openai and persona partners > partner around timeline of certs > back to searching stuff > find withpersona-gov > look inside > okta (image 2) > lolwtf > look inside > website accidentally leaking stuff > fedramp-private-backend-api > look inside > api .js accidentally exposed > look inside > wtf "SARInstructionsCard" > wtf "app.onyx.withpersona-gov" > wtf "FINTRAC" > wtf "PrivatePartnershipProjectNameCodes" > image 3 > wtf "AsyncSelfie" > look inside > openai, persona, send data to us gov > feds map face to financial records > map face using AI > map face to ICE stuff > api stores data for lots of stuff > image 4 tl;dr persona kyc and openai are frens, using your selfie for verification and sending to ICE (or USGOV in general), using AI to tie to your financial records. see subsequent post for full write-up. its long and not mobile friendly