fysac's Avatar

fysac

@fysac

Security engineer with an interest in vulnerability research, cryptography, and software engineering. https://github.com/fysac

20
Followers 65
Following 8
Posts 23.11.2024
Joined
Posts Following

Latest posts by fysac @fysac

Progress: [ 28%] packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended Exception during pm.DoInstall(): E:Sub-process /usr/bin/dpkg received a segmentation fault.

Progress: [ 28%] packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended Exception during pm.DoInstall(): E:Sub-process /usr/bin/dpkg received a segmentation fault.

Um... that's bad

08.02.2026 17:31 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

do-release-upgrade over unmultiplexed remote terminal #yolo

08.02.2026 17:29 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I think fuzzing activates the same addiction pathways in my brain as a slot machine or something. I’m always just one harness modification away from getting a crash. My brain feels absolutely fried afterward in a way that’s unlike any other way I use a computer.

07.01.2026 03:35 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image Post image
27.12.2025 21:37 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

A reminder that if I block you, it’s definitely because I’m afraid of your superior intellect, arguments, and attractiveness. It has nothing to do with your being an annoying, toxic dimwit.

14.11.2025 21:05 πŸ‘ 52 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0

Happy Memory Safety Day to all who observe. πŸ”

08.11.2025 16:09 πŸ‘ 13 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

Exploit demo for CVE-2024-51317, a use-after-free in the NetSurf web browser enabling arbitrary code execution when JavaScript is enabled. Target is NetSurf 3.11 on Ubuntu 22.04.

Patched in upstream source code, still making its way to distro packages. To mitigate, disable JS (off by default).

03.11.2025 20:08 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Cable management is the bane of my existence

13.10.2025 22:29 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I am doing a survey of supply chain attacks, and it's annoying how 95% of the analysis is on payloads vs. compromise vectors.

Yes, you are a very smart reverser and that's a very clever payload. Yes, rolling out phishing-resistant auth is a slog. No, this is not how we make progress.

</rant>

01.10.2025 15:29 πŸ‘ 88 πŸ” 15 πŸ’¬ 8 πŸ“Œ 0
01.05.2025 22:10 πŸ‘ 59 πŸ” 14 πŸ’¬ 3 πŸ“Œ 1

New in Go 1.24: os.Root, to prevent path traversal by constraining filesystem ops to a root directory. Seems pretty cool.

pkg.go.dev/os@master#Root

14.02.2025 01:12 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

reddit allowing threads less than a year old to be archived is legitimately infuriating.

20.12.2024 20:44 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

VPN vendors have huge budgets to advertise on your favorite podcasts.

We don't have marketing for the IETF, browser and OS security teams, CAs (Let's Encrypt), CDNs, researchers, open source authors, website builders, digital rights activists...

We made the web secure and didn't tell anyone.

20.12.2024 03:46 πŸ‘ 820 πŸ” 179 πŸ’¬ 10 πŸ“Œ 5