Finally a use case for Microsoft Power Automate

Lockpicking? Of course! But this year, #BSidesVienna is cracking open some extra workshop slots. If your idea involves breaking, building, or teaching something useful — CfP and CfW will launch together soon. Get your ideas ready!

Venue BSidesVienna

It begins! On November 22nd, 2025, #BSidesVienna is back at Urania Sternwarte. Fresh insights, familiar faces, and the same legendary venue. More to come—stay tuned. bsidesvienna.at/venue/

Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5 Hardware Analysis The Thermomix TM5 is a multifunctional kitchen appliance composed of two key electronic boards: the power board, which handles the motor and heating functions, and the main board, w

Ever thought your kitchen appliance could harbor a persistent threat?
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...

Release v3.7.0 · OJ/gobuster use new cli library a lot more short options due to the new cli library more user friendly error messages clean up DNS mode renamed show-cname to check-cname in dns mode got rid of verbose flag and...

Long time no see - Gobuster v.3.7.0 is released with a bunch of new features
github.com/OJ/gobuster/...

Features removed or no longer developed starting with Windows Server 2025 Learn about the features and functionalities removed or no longer developed starting with Windows Server 2025.

It looks like Microsoft finally removed NTLMv1 from Windows Server 2025 🥳
learn.microsoft.com/en-us/window...

Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.

Calls to this function are then inserted in various places that (legitimately) access the private key.

CVEs of SSH A talk about recent high-profile issues related to the SSH ecosystem.

We're doing a cool online talk tomorrow btw – hexarcana.ch/workshops/cv...

GitHub - wagoodman/dive: A tool for exploring each layer in a docker image A tool for exploring each layer in a docker image. Contribute to wagoodman/dive development by creating an account on GitHub.

If you ever find yourself investigating random docker images, dive (github.com/wagoodman/dive) is amazingly useful. It lets you see which files changed in each filesystem layer. I've used it to spot config files accidentally left in images :)

Reverse Engineering iOS 18 Inactivity Reboot Wireless and firmware hacking, PhD life, Technology

How does the new iOS inactivity reboot work? What does it protect from?

I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.

naehrdine.blogspot.com/2024/11/reve...

Just added a whole bunch more people to my Hackers starter pack 🥰 go.bsky.app/NRP3ecE

We have gotten a pretty much finalized shedule, you can check it out here:
cfp.bsidesvienna.at/bsv2024/sche...

If you want to quickly identify clients on your corporate network using teamviewer just search your firewall logs for port 5938. Teamviewer will first try this port before "falling back" to the http protocol: www.teamviewer.com/en/global/su...