Lightnews — Scholar-powered news

Dominic White @singe.bsky.social · 1d

www.amsterdamreview.org/considering-... via @tashjoeza.bsky.social

Considering the Bathroom Scale (Which Might be Fucked) by Genna Gardini | Amsterdam Review

Read "Considering the Bathroom Scale (Which Might be Fucked)" by Genna Gardini

www.amsterdamreview.org

1 2

Dominic White @singe.bsky.social · 1d

Turgid with blood even.

2

Dominic White @singe.bsky.social · 1d

Unsolicited tick pic

A close up macro picture of a tick (parasite) from Wikipedia with the comment “Ixodes ricinus, a hard tick, engorged”

2 2

Dominic White @singe.bsky.social · 1d

Rewatching this banger of a talk, that we’re now spoiled with two versions of; the original DEFCON 33 main stage talk, and the follow up RomHack 2025 talk with the PipeTap additions.

DEFCON https://youtube.com/watch?v=zSBf2CMKlBk
RomHack https://youtube.com/watch?v=_39UbCePFfw

1

Reposted by Dominic White

noopkat @noopkat.fragile.systems · 1d

Tomorrow morning I am cycling 100km from Brisbane to the Gold Coast for cancer research 🚴‍♀️❤️

If you’d like to sponsor me (even small donations are super appreciated): fundraise.mater.org.au/s/120023/179...

Please support my ride

I’m taking on the Brisbane to Gold Coast Cycle for Cancer to raise money for cancer research at Mater. Please support my ride by making a donation today. Thank you.

fundraise.mater.org.au

7 13 47

Reposted by Dominic White

Tim Medin @timmedin.bsky.social · 12d

I think about this often.
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?

Raphael Mudge @raphaelmudge.bsky.social · 15d

My understanding from @timmedin.bsky.social is RC4 risk is mitigable w/ a properly (service account std differs from user account) strong password. If it was never cracked by a pen tester, because their level of effort vs. adversary effort differed--how would Ascension know it wasn't strong enough?

1 1 6

Dominic White @singe.bsky.social · 12d

https://www.reuters.com/world/europe/south-africas-ambassador-france-found-dead-paris-le-parisien-2025-09-30/ 👀

1

Reposted by Dominic White

alkali @alkalinesec.bsky.social · 17d

the grapheneOS hardened allocator is pretty scary

www.synacktiv.com/en/publicati...

has there ever been a recorded ITW 0c exploit on a grapheneOS device?

Exploring GrapheneOS secure allocator: Hardened Malloc

www.synacktiv.com

1 1

Dominic White @singe.bsky.social · 16d

romhack.io/live/ is where the live stream is at. @leonjza.bsky.social is on at 11:55 CET.

RomHack Conference 2025 Live Stream

Live from Rome (Italy), welcome to the 8th edition of RomHack, one of Italy's premier cybersecurity community conferences! Join the Cyber Saiyan community fo...

romhack.io

2

Dominic White @singe.bsky.social · 17d

Whoops broken tags - @titon.org, @leonjza.bsky.social & @albinowax.bsky.social

2

Dominic White @singe.bsky.social · 17d

Looking forward to the #romhack live stream on Saturday to see three of my favs - @titon, @leonjza & @albinowax

2 3

Reposted by Dominic White

bubbe yaga @ellearmageddon.bsky.social · 19d

i don’t think i’m autistic because my mom took tylenol while she was pregnant with me, i’m pretty sure it’s because she decided to reproduce with a guy who had an engineering degree, a ham radio hobby, and an inability to wear clothing not made from natural fibers

2 90 890

Dominic White @singe.bsky.social · 21d

I still remember listening to Halcyon On & On landing in Vegas for my first BlackHat/DC in 2008.

1 2

Dominic White @singe.bsky.social · 21d

Oooh ooh, did you bite the one end off and drink milk through it like an adult or chew it dry and dainty like some sort of psychopath? Well done on the talk (I haven’t seen it yet, is there a recording or too soon?)

Dominic White @singe.bsky.social · 22d

That was so interesting. When they placed a new case sealant strip that was perfectly aligned to the new case I was pretty sure this stuff is possible due to major leaks out of the factories producing the new iPhones.

1

Reposted by Dominic White

Dirk-jan @dirkjanm.io · 25d

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...

dirkjanm.io

9 37 86

Dominic White @singe.bsky.social · 29d

That’s a great description!

1 2

Dominic White @singe.bsky.social · 29d

I’m struggling with my emotions this game. I keep wanting to look away in frustration but then the play is constantly compelling and intense.

2

Dominic White @singe.bsky.social · Sep 12

I had occasion to hack on some Wordpress’es and realised there’s a ton of surface area exposed over the "new" REST interfaces. Here's a small utility to convert it into a OpenAPI/Swagger file so you can explore it in your pentests/bug bounty work. github.com/sensepost/wp...

It turns this into this, with two screenshots, one of a browser showing the /wp-json endpoint and the other with a swagger-ui view of the same.

2 13

Dominic White @singe.bsky.social · Sep 11

That made me laugh out loud.

1

Reposted by Dominic White

Nosferatu Joseph 🧛🏻‍♀️ @tashjoeza.bsky.social · Sep 11

When FW De Klerk died someone on Twitter scolded me for sharing an old Private Eye cover about Verwoed's assassination (it was celebratory). "What if that was your grandpa?"

Neither of my grandpas were war criminals and, if they were, I hope people would chat huge shit when they died.

David Muller @phaezen.bsky.social · Sep 11

"Don't speak ill of the dead"

Why not? Why do people get to be insufferable arseholes thier entire lives and then suddenly we have to treat them like saints?

1 3 16

Dominic White @singe.bsky.social · Sep 11

It used to be that “not supporting the murder of people I don’t like” wasn’t a controversial stance.

Yes, even if they called for my murder.

3

Dominic White @singe.bsky.social · Sep 10

I’ve been watching the inside track on this one, it’s super cool.

💥 leonjza @leonjza.bsky.social · Sep 10

I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

The proxy view for PipeTap, a Windows Named Pipe Analysis Tool

1 4

Reposted by Dominic White

💥 leonjza @leonjza.bsky.social · Sep 10

I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

2 7 7

Reposted by Dominic White

Josh @jgraessley.bsky.social · Sep 9

Good stuff. Proud to have been involved in an aspect of this.

Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our adv...

security.apple.com

1