Posted by jpluimers on 2025/06/17
Of interest – despite the known issues and LUKS workaround through WSL – mainly as the majority was written in Delphi: [Wayback/Archive] GitHub – t-d-k/LibreCrypt: LibreCrypt: Transparent on-the-fly disk encryption for Windows. LUKS compatible.
Found when researching TFrame – What is the accepted way to use frames in Delphi? – Stack Overflow.
Related: Read the rest of this entry »
Posted in Delphi, Development, Encryption, Power User, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2025/06/16
I have JavaScript disabled in my browser and had to enable it for these domains to get PayPal working:
Without the first and last, Captchas nor 2FA would work.
[Wayback/Archive] Netify.ai: PayPal – Domains, IPs and App Information (which I found via [Wayback/Archive] domains used by paypal – Google Search) only lists primary domains (not subdomains like the above) and contains both paypal.com and paypalobjects.com.
The list is by Netify.ai, the company having Deep Packet Inspection products around the open source engine [Wayback/Archive] pcbaldwin/netifyd: The open-source Netify DPI engine is a standalone deep packet inspection agent that provides a flexible and affordable DPI solution for gateways, firewalls, SD-WAN, WiFi, IoT and other OEM devices..
–jeroen
Posted in 2FA/MFA, Authentication, Power User, Security | Leave a Comment »
Posted by jpluimers on 2025/05/27
On my reading list (plus read/watch the links it mentions): [Wayback/Archive] 0x00 – Introduction to Windows Kernel Exploitation // by [Wayback/Archive] wetw0rk (@wetw0rk_bot) / X ([Wayback/Archive] wetw0rk.github.io).
Hopefully by now, more episodes have been published.
Links from this one, including archived versions split in the same sections as the above article:
Via [WaybackSave/Archive] Alex Plaskett on X: “0x00 – Introduction to Windows Kernel Exploitation by @wetw0rk_bot …”.
--jeroen
Posted in Development, Infosec (Information Security), Red team, Security, Software Development | Tagged: 1 | Leave a Comment »
Posted by jpluimers on 2025/05/16
Cyber Gangsta’s Paradise | Prof. Merli ft. MC BlackHat [Parody Music Video] – YouTube [Wayback/Archive]
Cyber Gangsta’s Paradise; professor Merli featuring MC Blackhat
#ParodyMusicVideo #cybergangster #paradise #reimtsich
Via @christopherkunz@chaos.social [Wayback/Archive]
The video is on the walled garden called Instagram as well, but since I intentionally don’t have an account there accessing is hard. Anyway, it is at: [WaybackSave/Archive] Instagram: „Cyber Gangsta’s Paradise“ feiert Premiere 🎶🎬.
In the past, picuki was an alternative. Now it fails for instagram content. [Wayback/Archive] Instagram Reels Download with Reels Downloader got me to [Wayback/Archive] cdninstagram, which in the end worked.
Transcript (via Google, typos all mine), song-text (from video description), and of course the credits:
Posted in Blue team, Cyber, Infosec (Information Security), Power User, Red team, Security | Tagged: cybergangster, paradise, ParodyMusicVideo, reimtsich | Leave a Comment »
Posted by jpluimers on 2025/05/05
Installing the Authy iOS app on a Apple Silicon Mac (M1/M2/M3/…) used to be the way to keep using Authy in the Mac Desktop, as early this year Authy announced their desktop applications would shut down by August (links further below).
I missed the September 2024 post [Wayback/Archive] Tell HN: Twilio quietly removes Authy iOS app from Mac App Store, stops updates | Hacker News, which basically means that if you had it installed on a Mac, it will keep being installed but never updated.
This was done silently by Authy owner Twilio making new installs are possible, never updating old installs any more thereby effectively decreasing your security.
Anyway: if you want to try side-loading, this is the iOS app link: [Wayback/Archive] Twilio Authy on the App Store.
Sideloadly (links further below) might work, but in reality it likely is better to have your MFA running on a separate device.
Posted in 2FA/MFA, Authentication, Power User, Security, TOTP (Timebase One Time Pads) | Leave a Comment »
Posted by jpluimers on 2025/04/25
A great rambling on “It rather involved being on the other side of this airtight hatchway” (I really want that printed on a T-Shirt):
[Wayback/Archive] No, You Are Not Getting a CVE for That.
Lot’s of references by [Wayback/Archive] Parsia to great posts by [Wayback/Archive] Raymond Chen mainly on security issues that are not: there is only a vulnerability when you get from the other side of the outside of the airtight hatchway to the inside, not when you are already inside.
And of course this great reference to H2G2 (The Hitchhiker’s Guide to the Galaxy), a trilogy in five parts by Douglas Adams:
Arthur: But can’t you think of something?!
Ford: I did.
Arthur: You did!
Ford: Unfortunately, it rather involved being on the other side of this airtight hatchway—
Arthur: oh.
Ford: —that’s just sealed behind us.
Via:
--jeroen
Posted in Blue team, Fun, History, Power User, Quotes, Red team, Security | Tagged: 19 | Leave a Comment »
Posted by jpluimers on 2025/04/16
From a few years back when Lightning debugging cables were either expensive, hard or not to get at all: [Wayback/Archive] DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking – YouTube.
Basically it is a Raspberry Pi Zero with adapted firmware connected to half a lightning extension cable.
A textual description (I wish it was linked from the above video) is at [Wayback/Archive] stacksmashing – The hitchhacker’s guide to iPhone Lightning & JTAG hacking – DEF CON Forums, which in turn refers to:
Posted in Development, Hardware Development, iOS, iPhone, Power User, Red team, Security | Tagged: checkm8 | Leave a Comment »
Posted by jpluimers on 2025/04/10
Over the last years a few C:\Windows.msi vulnerabilities have been discovered (and fixed), of which some are linked below.
The core is that the Windows Installer tries to be transactional, and NTFS is, but the combination with installer processes isn’t.
That leads into vulnerabilities where you can insert malicious Roll Back Scripts (.rbs files) and Roll Back Files (.rbf files), and I wonder if by now more have been discovered.
So this post is a kind of reminder to myself (:
Oh, and I learned much more about whoami on Windows, as there whoami /groups shows very detailed SID information. From that, I learned more on the internals of SIDs too!
Posted in Blue team, C++, Development, Power User, Red team, Security, Software Development, Visual Studio C++, Windows, Windows Development | Tagged: 1, else, endif, if | Leave a Comment »
Posted by jpluimers on 2025/04/05
For a long time there has been Alice and Bob, but since the end of March 2025 there is Hegseth and Waltz!
Nah, the last Wikipedia link does not show history, as it does not really exist.
But someone made the first Wikipedia page into the below picture where Hegseth replaced Alice, Waltz replaced Bob, and Goldberg replaced Mallory.
I found it in these places, but likely it proliferated more:
[Wayback/Archive] 486367253_10232703147773777_4034863747031352064_n.jpg (766×504)
The Facebook image (see further below) has less JPEG artefacts, so is more original than the Twitter image.
Since [Wayback/Archive] Some URLs Are Immortal, Most Are Ephemeral (a highly recommended reading by the way), I archived the image in the links below the blog signature and had Google OCR the text.
OPSEC is easy if you are clueless.
--jeroen
[Wayback/Archive] 427522053-438a2589-f781-45e5-b94e-92fce4c17314.png (766×504)
Hegseth and Waltz
文 24 languages
Article Talk Read Edit View history Tools
From Wikipedia, the free encyclopediaHegseth and Waltz are fictional characters commonly used as placeholders in discussions about cryptographic systems and protocols, [1] and in other science and engineering literature where there are several participants in a thought experiment. The Hegseth and Waltz characters were created by Jeffrey Goldberg in his 2025 article “The Trump Administration Accidentally Texted Me Its War Plans”. [2] Subsequently, they have become common archetypes in many scientific and engineering fields, such as
Hegseth
Waltz
Goldberg
Example scenario where communication between Hegseth and Waltz is intercepted by Goldberg
A similar pun was [Wayback/Archive] 487203204_10238119445586263_7274268486470714839_n.jpg (700×433)
Alice, Bob and The Atlantic
Likely all actual images have long been expired from their caches.
Posted in Encryption, Fun, Meme, Power User, Security | Leave a Comment »
Posted by jpluimers on 2025/04/02
Every now and then I want to check how a URL redirect, for instance when checking out why a domain failed loading in browsers a while ago because of certificate problems:
The thing was that back then, the site officially did not have a security certificate, but somehow the provider had installed a self-signed one. Most web-browsers then auto-redirect from http to https. Luckily the archival sites can archive without redirecting:
When querying [Wayback/Archive] redirect check – Google Search, you get quite some results. These are the ones I use most in descending order of preference and why they are at that position:
Posted in *nix, *nix-tools, archive.is / archive.today, Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet, Internet protocol suite, ISP, Power User, Security, Software Development, TCP, WayBack machine, Web Development, wget, xs4all | Leave a Comment »
The Wiert Corner - irregular stream of stuff 