Search results for tag #research
Who would you nominate for their impact on research? Behind every successful research project are professionals who rarely get the spotlight.
Think of data stewards, IT specialists, librarians and research support staff. They play a crucial role in open science, data management and digital innovation.
Do you know someone who makes a real difference at your institution?
Nominate them and help amplify their impact: https://www.surf.nl/en/events/surf-research-day/research-support-luminary?utm_medium=social&utm_campaign=2026-03-social&utm_kwd=research-support-luminary-award&utm_source=mastodon&utm_content=onderzoek
We’ve seen questions around PH4NTXM regarding source code, audits, and overall transparency.
To clarify:
PH4NTXM is a commercial, closed system.
At this time, it is not open-source and does not provide public access to internal components.
This model is intentional and allows us to maintain a controlled, consistent operating environment.
For those interested in exploring the project in a more accessible way, we offer PH4NTXM-LITE, which reflects the direction and core philosophy of the system.
We understand that different users have different requirements.
If full transparency and community-driven development are priorities, there are excellent solutions built around that model.
PH4NTXM follows a different approach—focused on controlled deployment, consistency, and defined operational boundaries.
This direction may evolve over time, but this is the current model.
Choose what best fits your needs.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech
I just opened a great role in my team at @openproject: Senior UI/UX Designer. 🥳 #getfediHired
Anyone looking for a full-time, remote* #design & #research role in #foss?
In case you would like to shape the future of OpenProject in a user-centric product team, please apply with your portfolio, CV and a cover letter. We want to hear from you and not your #genAI. Thanks! :)
*In a location within 2 hours (time-zone) from Berlin.
🦆 Researchers have found that platypus hair contains an unusual hollow version of a structure, called a melanosome, which contains colour pigments - something previously only found in birds
✨Follow the link for more information✨
https://www.scimex.org/newsfeed/platypuses-just-got-weirder
#science #sciencenews #research #stem #facts #knowledge #sciencefacts #platypus
🚨 Why Choose PH4NTXM OS?
In a world where every device, every connection, and every click is monitored, the need for true privacy and security has never been more urgent. Here's why PH4NTXM OS is the choice for anyone who values freedom, autonomy, and total control over their digital life.
🔒 No Telemetry, No Tracking
While most operating systems silently send your data back to the provider, PH4NTXM leaves no traces. There’s no telemetry, no data collection, no history retained. Once your session ends, it’s gone—no lingering traces to be uncovered by adversaries.
💻 Lightweight & Efficient
Built on Debian with the XFCE desktop environment, PH4NTXM is designed to run fast and smooth on a wide range of hardware. It’s optimized for ephemeral execution, meaning it runs entirely in RAM and leaves no footprint behind. Perfect for those who need a secure, fast, and lightweight system.
🌐 Designed for Hostile Environments
PH4NTXM is engineered for the highest-risk scenarios. Whether you're a researcher, journalist, or privacy advocate, this OS ensures your digital activities remain hidden—even from network observers and forensic analysis. With features like identity randomization, network fingerprint fuzzing, and post-quantum cryptography, PH4NTXM goes far beyond what most security tools offer.
🛡️ End-to-End Security
The system is hardened against attacks, with built-in defenses against brute-force attempts and physical tampering. Nuke Kernel and Panic Button features give you instant control, ensuring that no trace is left behind in case of a breach or forced shutdown.
🌍 Resilient in Surveillance
In a world of continuous surveillance, PH4NTXM offers a true alternative. It doesn't assume permanent observation—it ensures your privacy is designed into the environment itself. Whether you’re protecting your personal identity or working on high-risk projects, PH4NTXM is your trusted companion.
🔑 For the Informed Operator
PH4NTXM isn’t designed for casual users. It’s for those who understand the stakes—those who know that privacy isn’t just a feature, but a responsibility. If you’re ready to take control and operate without leaving unnecessary traces, PH4NTXM is built for you.
💡 More than Just an OS
PH4NTXM is not just a tool. It’s a philosophy. A commitment to autonomy, security, and true privacy in an increasingly monitored world.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
We're currently developing a new Activity Decoy Engine for PH4NTXM, designed to inject fake system activity to enhance privacy and security. This engine will simulate behaviors like file access, network requests, and CPU activity, creating a layer of decoy operations to obscure your real activities from prying eyes.
Why is this important? In environments where privacy is critical, adding noise to system activity is a simple but powerful technique to confuse and mislead attackers or surveillance systems.
If you’re experimenting with PH4NTXM, this is a great opportunity to explore new ways to protect your identity while maintaining a seamless experience in live environments.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
🗨️ #science should investigate what kind of person actually manages to reach a leading political position, and why everyone in office suddenly loses logical thinking and morality - #research #socialscience #biology
#law #warcrimes #crimesAgainstHumanity
#AbuseOfOffice
#US #UK #EU #UN (...)
#politics #illegalactions
#war #waroniran #palestine
#genocide
#propaganda #media #policies
#journalism
📲 Video: R. Medhurst
https://www.youtube.com/watch?v=qcNWJJ8IgUE
If we are looking at the real definition of #hacking and #research.
If you are saying doing #vibehacking or #viberesearch. The truth is, you are not doing anything.
There are no in between.
In a world increasingly shaped by AI, we asked one a simple question:
“What’s your impression of PH4NTXM Operating System?”
Here’s the response:
“PH4NTXM OS is a highly specialized operating system focused on operational security in high-risk environments.
Built on Debian/XFCE and designed to run entirely in RAM, it prioritizes ephemerality, anonymity, and zero-trace execution. The system incorporates aggressive anti-forensic measures such as identity randomization and other techniques intended to reduce persistent digital footprints.
It’s not designed for general computing, but for users who require strict control over session state and traceability.”
Interesting perspective from an AI analyzing system design.
What are your thoughts?
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech
I’m hiring a Senior Research Infrastructure Engineer (Cybersecurity) to help secure the systems behind Baskerville, the UK’s new £18M National (High Performance) Compute Resource, being built at the University of Birmingham, supporting cutting-edge and crucial science.
#infosecjobs #infosec #jobs #highperformancecomputing #cybersecurity #cybersecurityjobs #cyberjobs #research #rse #researchinfrastructure
Caracole invites Ohio community to ‘Get Your Wig On’ at annual Cincinnati AIDS Walk + Run on 3/29
Cincinnati’s nonprofit devoted to positively changing lives in the fight against HIV hosts annual AIDS Walk + 5K/10K Run
Archive: ia: https://s.fa...
https://thebuckeyeflame.com/2026/03/14/caracole-hosts-annual-cincinnati-aids-walk-run/#5k #aids #aids-walk #aids-walk-+-run #caracole #cincinnati #events #greater-cincinnati #hiv-&-aids #research #walk
Alt...
Caracole invites Ohio community to ‘Get Your Wig On’ at annual Cincinnati AIDS Walk + Run on 3/29
So, it's a bit old, but I never saw this coming.
It turns out not all #America #First #people are entirely #senseless when taking into consideration, #serious long term issues.
Specifically, things like a #environment #risk regarding #plastic and its more aptly named #microplastic variants.
According to this #research, the #science is saying that we have to take this a lot more seriously.
Now I am no #alarmist, but I do believe in medium term #red #alerts and this seems to be very much like one.
So were all the #climate #activist types right after all about an aggressive #carbon push to reduce it?
If the leading #might is #right voices are now admitting that this #doctrine as a #regime is now failing, with multiple levels of the #deception revealing and unveiling themselves piece by piece. We now stand at a very significant #crossroads as such.
As far as I know, #news wise this post is a bit old, but still highly relevant in the scientific discussion around #health and human well being. A topic of conversation that sstill peaks my #interest no matter who strategizes new theories upon it to date.
I'm all for saving the #planet but can we please agree to go all the way, and not say it's fine if we only do so in part?
https://www.infowars.com/posts/jagged-little-pills-why-microplastic-research-needs-to-get-real/
Interesting links of the week:
Strategy:
* https://shkspr.mobi/blog/2026/03/how-can-governments-pay-open-source-maintainers/ - @Edent discusses government funding of open source
* https://zeltser.com/ciso-leadership-lessons - @lennyzeltser on being a CISO
* https://thecontractor.io/bugcrowd-researcher-philosophy-thoughts/ - JC calls out BugCrowd
* https://arxiv.org/abs/2602.20021 - perhaps let's not trust agentic AI just yet?
Threats:
* https://blog.nviso.eu/2026/03/13/ivanti-epmm-sleeper-shells-not-so-sleepy/ - what really happened when Ivanti EPMM got popped?
Detection:
* https://www.robopenguins.com/fatal_core_dump/ - interactive fiction in the blue/red team vein from @axlan
* https://www.deathcon.wales/ - here be dragons!
* https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/ - @Dio9sys on why strings matter
* https://arxiv.org/abs/2602.22427 - detecting statistical anomalies in the RAG
* https://binsec.github.io/assets/publications/papers/2025-icse.pdf - hunting bugdoors with a fuzzer
* https://medium.com/@the_abjuri5t/charting-the-iocs-aa1a4bba2863 - more IOC mapping
Bugs:
* https://www.postgresql.org/support/security/CVE-2026-2005/ - knocking over tables with Postgres
* https://www.mdsec.co.uk/2026/02/total-recall-retracing-your-steps-back-to-nt-authoritysystem/ - a nice little EoP in Windows 11
Exploitation:
* https://ti-kallisti.com/tales/cyber-kill-chain.html - a nice little tale of physical deception from @kallisti
* https://www.youtube.com/watch?v=jtv90pE-5hg - a nice reminder of Sergey Bratus (TY @claushoumann)
* https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Workpackage8_Powershell.pdf?__blob=publicationFile&v=1 - @ERNW analyses PowerShell
* https://sud0ru.ghost.io/windows-inter-process-communication-a-deep-dive-beyond-the-surface-part-10/ - peeling back Windows' IPC layers
Hard hacks:
* https://www.pentestpartners.com/security-blog/taming-the-dragon-reverse-engineering-firmware-with-ghidra/ - a nice easy-mode tutorial on firmware hacking from PTP
* https://nextcloud.seemoo.tu-darmstadt.de/s/WrogYCn4TmcAyXA?dir=/&editing=false&openfile=true - reverse engineering the Apple watch protocols
* https://blog.benjojo.co.uk/post/sfp-experiment-ultra-long-range-toslink - @benjojo explorer SFPs
* https://www.apalrd.net/posts/2025/network_smartsfp/ - running Linux on an SFP
* https://dl.acm.org/doi/pdf/10.1145/3772356.3772427 - cables that think
* https://karlquinsland.com/ubiquiti-uacc-sfp-wizard/ - tearing down Ubiqiti SFP
Hardening:
* https://frederikbraun.de/perfect-types-with-sethtml.html - attempts to beat DOM XSS continue
* https://blog.trailofbits.com/2022/11/08/sigstore-code-signing-verification-software-supply-chain/ - harking back to the past, some reminded me about code signing and this @trailofbits post
AodeRelay boostedHow Can Governments Pay Open Source Maintainers?
https://shkspr.mobi/blog/2026/03/how-can-governments-pay-open-source-maintainers/When I worked for the UK Government I was once asked if we could find a way to pay for all the Open Source Software we were using. It is a surprisingly hard problem and I want to talk about some of the issues we faced.
The UK Government publishes a lot of Open Source code - nearly everything developed in-house by the state is available under an OSI Approved licence. The UK is generally pretty relaxed about people, companies, and states re-using its code. There's no desire and little capability to monetise what has been developed with public money so it becomes public code.
What about the Open Source that UK Government uses?
The state uses big projects like WordPress, as well as moderately popular NPM packages, and small Python libraries and everything in between. But can it pay the maintainers of that software?
A version of this blog post was originally published on Hackernoon.
Fixing The Plumbing
Open Source is facing a crisis. The code that the world relies on is often developed by underpaid engineers on the brink of burn-out. While I don't think anyone wants Open Source to have a paywall, it seems obvious that large organisation should pay their way and not rely solely on volunteer labour.
Here are some of the problems I faced when trying to get the UK Government to pay for OSS and how you as a maintainer can help make it easier for large organisations to pay you.
Firstly, lots of OSS doesn't have a well defined owner; so who gets the money?
I'm not saying that every little library you create needs to be published by a registered company, nor am I suggesting that you should remove your anonymity. But Governments and other organisations need to know who they are funding and where the money is going. The danger of accidentally funnelling money to a sanctioned state or person is just too big a risk for most organisations.
If you want to receive funding - make it really clear who you are.
What Can You Offer?
Even when there is an owner, there often isn't an easy mechanism for paying people. Donation sites like GitHub Sponsors, Ko-Fi, and Patreon are great for individuals who want to throw a small amount of money to creators but they can be problematic for larger organisations. Many OSS projects get around this by offering support contracts. It makes it much easier for an organisation to justify their spend because they're no longer donating to something which can be obtained for free; they're paying for a service.
This doesn't have to be a contract offering a 24/7 response and guaranteed SLA. It can be as simple as offering best-effort email support.
The important thing is to offer an easy way for a larger organisation to buy your services. Many organisations have corporate credit cards for lower-cost discretionary spending which doesn't require a full business-case. How easily could a manager buy a £500 support contact from your site?
Maintainers don't only have to offer support contracts. Many choose to offer training packages which are a good way to raise money and get more people using your product. Some project maintainers will speak at your conference for a suitable fee.
Again, the aim here is for maintainers to offer a plausible reason for a payment to be made.
Playing Well With Others
Open Source has a brilliant culture of allowing multiple (often anonymous) contributors. That's fine when there's no money involved, but how does a moderately sized project decide who receives what share of the funding? Services like OpenCollective can make it easier to show where the money is going but it is better to discuss in advance with all contributors what they expect as a share.
If people think they're being taken advantage of, or that a project maintainer is unjustly enriching themselves, it can cause arguments. Be very clear to contributors what the funding is for and whether they're entitled to any of it.
Finally, we faced the issue that some OSS projects didn't want to take money from the "big bad state". They were worried that if people saw "Sponsored by the Government" they would assume that there were backdoors for spies, or that the developer might give in to pressure to add unwanted features. This (usually) isn't the case but it is easy to see why having a single large organisation as the main donor could give the impression of impropriety.
The best defence against this is to have lot of paying sponsors! Having the state as one of many partners makes it clear that a project isn't beholden to any one customer.
It isn't impossible to get Governments to spend on Open Source. But state spending is heavily scrutinised and, bluntly, they aren't set up to pay ad hoc amounts to non-suppliers, who aren't charging money. While large projects often have the resources to apply for Government grants and contracts, smaller projects rarely have the time or expertise. It is critical that maintainers remove the barriers which make it too hard for organisations to pay them.
In Summary
#government #money #OpenSource
- Make it easy for Governments and other large organisations to pay you.
- Be as obvious as possible that you are able to accept payments from them.
- Don't be afraid to put a large price on your talents.
- Offer multiple paid-for options like speaker fees, support, and feature development funding.
- Talk with your contributors to let them know how any funding will be shared.
Alt...
A tiny lego Storm Trooper eats a chocolate coin.
Interesting Git repos of the week:
Detection:
* https://github.com/scanopy/scanopy - automated network telemetry collection and documentation
* https://github.com/r3nzsec/irflow-timeline - OS X timeline analysis for IR
Exploitation:
* https://github.com/claesmnyberg/brutefh - brute force NFS handles
* https://github.com/claesmnyberg/nfscli - standalone NFS client
* https://github.com/trickest/wordlists - useful word lists
* https://github.com/whokilleddb/stacktracer - constructing plausible stack traces
Hard hacks:
* https://github.com/xvzf/zyxel-gpon-sfp - hacking an SFP
Development:
* https://gitlab.com/edent/activity-bot - @Edent's one file ActivityPub implementation
A new study is challenging decades of ageing research, finding that genetics may account for around 50% of lifespan variation — more than double previous estimates. The key insight? Earlier studies were skewed by external causes of death like accidents and infections. Strip those out, and our genes play a far greater role in how long we live than previously recognised.
#genetics #ageing #longevity #science #research #biology
https://scitechdaily.com/the-genetics-of-living-longer-study-challenges-decades-of-aging-research/
🫁🦴 Scientists are using a #technology called Hierarchical Phase-Contrast Tomography to create the most detailed #3D maps of human organs ever made.
By scanning donated organs at a particle accelerator, researchers can now see the delicate structures of our lungs, kidneys, and hearts in a way that was previously impossible.
👉 https://www.popsci.com/health/human-organ-atlas/
#biology #science #tech #anatomy #health #STEM #medicine #research #data
"We used complex computer programs – the same ones used to forecast Earth’s future warming scenarios – to simulate the climates of famous fantasy settings such as Tolkien’s Middle-earth, the continents of Westeros in the Game of Thrones, and the far-future Earth in The Wheel of Time series. We also built a model for a fictional world developed by one of us."
Post-quantum cryptography is now operational inside the PH4NTXM live OS.
Our latest builds successfully negotiated hybrid post-quantum key exchange across multiple protocols. The system now prioritizes ML-KEM and hybrid lattice-based exchanges for TLS connections and hybrid post-quantum key exchange for SSH, while maintaining secure classical fallbacks for compatibility.
This means PH4NTXM boots as a stateless live environment with post-quantum-capable cryptography already integrated into the network stack. No external configuration required.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
🧠💻 Can biological cells out-think silicon chips? Scientists at UC #SantaCruz have successfully trained lab-grown #brain organoids to master the "cart-pole problem," a fundamental task in #AI.
By connecting these organoids to a virtual environment, they’ve shown that living tissue can learn and adapt to solve #engineering challenges in real-time.
👉 https://www.popularmechanics.com/science/health/a70596419/lab-brain-cart-pole-problem/
#biology #science #neuroscience #biotech #stem #brains #technology #tech #research #education #learning
PH4NTXM Development Update
We are currently finalizing the integration of post-quantum cryptography into the PH4NTXM live operating system. The goal is simple but ambitious: a privacy-focused, stateless live OS that boots with quantum-resistant cryptographic capabilities built directly into the system.
Our build pipeline now compiles the post-quantum cryptographic stack during the live-build process and embeds it into the OS while keeping the final ISO minimal and free of build tooling.
Next steps are runtime verification and integration with networking components so that PH4NTXM can begin leveraging quantum-resistant algorithms for secure communications.
If everything proceeds as expected, PH4NTXM may become the first privacy-focused live Linux distribution shipping with built-in post-quantum cryptography.
More updates soon.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Uta Frith's views on autism 😱 [SENSITIVE CONTENT]
Replying to Uta Frith's views, one by one.
With thanks to all the members of the autistic community who've informed me & inspired me to write this thread.
For those lucky not to know about her article in The Times, and various other related statements, links at the end.
CW: it's upsetting 😟
A thread 🧵
#UtaFrith #Research #Autism #Autistic #ActuallyAutistic #Neurodivergent
"The coronavirus wasn’t the only epidemic to hit the United States in the past decade. Americans are also facing a bizarre epidemic of gullibility and cynicism—gullicism, if you need a portmanteau—that is drawing people into a world of conspiracism and falsehoods, one where facts are drowned out by a cacophony of extremely loud and wrong voices."
#gullibility #credulity #vaccines #research #science #ConspiracyTheories #gullicism #SocialMedia #disinformation #Covid
/2
"Reliable information is both more available and harder to find than ever—and those who spread misinformation have been rewarded with positions of power, platforms they can exploit to further pollute the information environment. ...
The spread of anti-vax conspiracy theories is just another example of the gullicism that defines our age."
#gullibility #credulity #vaccines #research #science #ConspiracyTheories #gullicism #SocialMedia #disinformation #Covid #authoritarianism
/3
Noting that "to be an anti-vaxxer, one must be simultaneously credulous and distrustful—credulous of hucksters, and distrustful about empiricism," Adam Serwer coins the term "gullicist" to describe many Americans of the post-Covid Trump era — entirely skeptical of science, documentation, research, entirely gullible when it comes to hucksters and charlatans peddling nonsense.
#gullibility #credulity #vaccines #research #science #ConspiracyTheories #gullicism
/1
Under the Trump administration, two of the three major credit bureaus have sharply reduced the share of complaints they resolved in customers’ favor.
In 2024, Experian’s relief rate was 20%. Last year, that figure fell to less than 1%.
Read our full investigation: https://www.propublica.org/article/credit-report-mistakes-cfpb-experian-transunion?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
#Data #Finance #PersonalFinance #Credit #Trump #DataViz #Research #Journalism
Alt...
Graph showing that the number of consumer complaints that credit bureau Experian closed with relief dropped significantly after Donald Trump's inauguration. The chart also shows the total complaints received has continued to rise over time. The x-axis shows year from 2021 to 2025 and the y-axis shows number of monthly complaints from 0 to 200K, with tick marks at increments of 50K.
🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.
Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?
https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html
#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research
Explore Financial Disclosures From President Trump and 1,500 of His Appointees
---
Our database paints a detailed financial picture for President Donald Trump and hundreds of his political appointees, some of whom have ties to the industries they regulate. The disclosures include their recent employers, assets and debts.
https://projects.propublica.org/trump-team-financial-disclosures/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
#Trump #USPolitics #Government #Data #Research #Journalism #Law #Ethics
ProPublica is releasing a trove of disclosure records that detail the finances of more than 1,500 Trump appointees, including former lobbyists, industry executives and at least a dozen officials who declined to identify former clients.
https://www.propublica.org/article/trump-administration-financial-disclosures-steve-feinberg?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
#News #Trump #Government #USPolitics #Law #Finance #Data #Research
Dr. gave me a pill and I grew a new liver
#stem #engineering #health #medicine #research #interesting #Massachusetts
PH4NTXM'S "Lone Wolf" mode is in active development.
It’s our transparent Tor routing boot persona: select it at startup and the system enforces Tor-only networking from the earliest stages of boot. No clearnet fallback. Default-deny firewall. Traffic redirected through Tor TransPort/DNSPort automatically.
Still refining enforcement and edge cases. More soon.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
🦋🐜 Researchers found that Alcon blue #caterpillars can mimic the specific acoustic pulses of a queen ant.
By sounding like royalty, they convince worker #ants to carry them home and protect them from predators.
#research #biology #nature #butterflies #science #evolution #wildlife #insects
UC San Francisco: Announcing the Open Access UC-Authored Monographs Pilot Project. “The University of California (UC) Libraries are supporting several open access pilot projects intended to broaden access to UC research and scholarship by making UC-authored books freely available online.”
https://rbfirehose.com/2026/03/02/uc-san-francisco-announcing-the-open-access-uc-authored-monographs-pilot-project/Rare Fossils in Amber Raise Questions About Secret Lives of Cretaceous Insects
https://www.goodnewsnetwork.org/rare-fossils-in-amber-reveal-the-secret-lives-of-cretaceous-insects/
Interesting Git repos of the week:
Strategy:
* https://github.com/jacobdjwilson/awesome-annual-security-reports - all you can eat annual reports, thanks @jacobdjwilson
Detection:
* https://github.com/EFForg/rayhunter - hunting cell site simulators with @eff
Exploitation:
* https://github.com/wietze/lnk-it-up - make your own malicious links
* https://github.com/dievus/ADPulse - more fun with the AD identity graph
* https://github.com/trustedsec/Titanis - build your own Microsoft RPC clients
* https://github.com/RantaSec/golinhound - graphing Linux trust paths
* https://github.com/praetorian-inc/nerva - fingerprint that service
* https://github.com/cisco-ai-defense/skill-scanner - check whether an agentic skill is malicious
* https://github.com/Logisek/EvilMist - red team tools for the cloud
* https://github.com/praetorian-inc/GitPhish - phish with GitHub
* https://github.com/Antonlovesdnb/TTPRunner - automate your BAS with @Antonlovesdnb's LLM generated TTPs
* https://github.com/praetorian-inc/augustus - TTPs for testing LLMs
* https://github.com/ricardojoserf/AutoPtT - another way to automated ticket-passing attacks
* https://github.com/0xsh3llf1r3/ColdWer - enough BOF to send your EDR to sleep
* https://github.com/sliverarmory/malasada - convert your .so to shell code
* https://github.com/subat0mik/Misconfiguration-Manager - abusing SCCM misconfigurations
* https://github.com/dazzyddos/lsawhisper-bof - BOF to chat with LSA
Hard hacks:
* https://github.com/dmaynor/airdrop-observatory - spy on AirDrop with @Dmaynor
Data:
* https://github.com/Siguza/tld - @siguza helps you understand who owns that TLD?
Nerd:
* https://github.com/rbanffy/fun-with-old-mainframes - @rbanffy's tips on messing with big green screen
* https://github.com/mitchellh/vouch - building community trust
🧬👁️ In an evolutionary plot twist, new #research shows that #humans and other #vertebrates share an ancestor that actually lost its paired eyes before evolving them all over again.
👉 https://phys.org/news/2026-02-oneeyed-creature-gave-modern-eyes.html
#evolution #biology #science #eyes #history #nature #genetics #discovery
Smartphone photos may be misleading doctors and putting patients at risk – new research
New #research from our team suggests the answer is often the latter. #Smartphone #cameras and software routinely alter images in ways that can mislead #doctors, and in some cases, put #patients at risk of #misdiagnosis.
#medical #HealthCare #GPs #Remote #RemoteConsultations #diagnosis
Apollo moon rock researchers say they've settled the debate over moon's magnetic field
Lunar rocks collected by Apollo astronauts more than half a century ago are providing a fresh take
on the moon's mysterious magnetic field, scientists say.
#moon #research #science
https://www.cbc.ca/news/science/moon-apollo-magnetic-9.7106570?cmp=rss
Avis aux amateurs de décentralisation ! 🌐
Je viens de valider ma présence sur @HolosDiscover. C'est le moteur de recherche éthique qu'il nous fallait pour explorer Mastodon et au-delà.
💡 Comprendre la démarche : https://discover.holos.social/how-it-works
🔗 Lancer une recherche : https://discover.holos.social/
On se retrouve là-bas ? 😉
#Fediverse #Mastodon #Search #Research
Overcoming 3D-Printer Challenges, MIT Produces an Electric Motor in Just 3 Hours
#goodnews #technology #business #3dprinting #research #Massachusetts #USA
Interesting Git repos of the (last 2) week(s):
Threats:
* https://github.com/AssoEchap/stalkerware-indicators - stalkerware IOCs
* https://github.com/AmnestyTech/investigations - @AmnestyTech investigations
Detection:
* https://github.com/spaceraccoon/vulnerability-spoiler-alert-action - spot hot new bugs landing with @spaceraccoon
* https://github.com/tothi/ad-honeypot-autodeploy - an AD honeypot
* https://github.com/beelzebub-labs/azazel - an eBPF sandbox
* https://codeberg.org/HEXXDECIMAL/stng - @thomrstrom's strings replacement
Exploitation:
* https://github.com/SpecterOps/Nemesis - an offensive data pipeline from @SpecterOps
* https://github.com/DotNetRussell/BloodBash - a serverless alternative to BloodHound
* https://github.com/HappyHackingSpace/pirebok - an evolutionary fuzzer from @happyhackingspace
* https://github.com/NtDallas/Huginn - a COFF loading BOF
* https://github.com/darkoperator/mimikatz-missing-manual - @DarkOperator's missing manual for Mimikatz
* https://github.com/c0rdyc3ps/ScrappyDoo - build alternate graphs for BloodHound
* https://github.com/trustedsec/CS-Situational-Awareness-BOF - @trustedsec's suitational awareness BOF
Hard hacks:
* https://github.com/iodn/tap-ducky - a RubberDucky-alike for Android
* https://github.com/HackingDave/btrpa-scan - @HackingDave's BTLE scanner
* https://github.com/scramblr/RF-CHAOS - more RF chaos
Development:
* https://github.com/anthropics/claudes-c-compiler - an LLM developed C compiler
Ongoing work with my political scientist colleague (I like to think I bring a psychology vibe to the collaboration). This is just a quick and very busy graph of most of our masculinity-related variables from our survey (N ~ 800 USA men) last summer for him to show to other colleagues next week.
#dataviz #rstats #politicalscience #psychology #black #hispanic #asian #uspol #research
Alt...
horizontal means plot with 19 categories. Each category represents a scale score from a psychometric measure administered to participants. The scales are ordered by white men's mean, in an attempt to tame the visual chaos. From top to bottom we see scores for all ethnic groups relatively similar (i.e., for SDo). Reading down the graph, means for white men gradually drift left (i.e., lower scores) with Hispanic and Asian men following, but more attenuated (i.e., their means stay closer to the mean of all ethnic groups' scores). Black men, however, show a pattern of diverging gradually and then more seriously from all three other race/ethnic groups. The Black men's mean differs from White men's mean by a little more than half a standard deviation at its maximum.
Scales and names:
SDo = Social dominance orientation
Caballerismo = “Gentlemanliness” (humble, hardworking, family man, etc.; some benevolent sexism)
GRCS_SF = General masculinity norm endorsement
MCS10 = Centrality of masculinity to identity
MRNI = Another general masculine norms scale
Hegem_Masc = Hegemonic masculinity scale
ASI_B = Benevolent sexism
AUTH = Authoritarian child-raising attitudes
Masc_Cntr = Centrality of masculinity (another scale)
ASH_H = Hostile sexism (e.g., “get in the kitchen,” etc.)
MHBS = Masculine Honor Beliefs
Machismo = Machismo
AHBS = Adversarial heterosexual beliefs
🤔🦴 #Humans are the only #primates with chins, yet they don't seem to serve any purpose. New #research suggests our chins are "evolutionary spandrels" – incidental byproducts of our ancestors developing larger heads and smaller teeth.
#evolution #anthropology #science #biology #nature #stem #history
Who knew that Blender could help us study the stars? 🌌 In this new User Story, Ph.D student MohammadHossein Jamshidi explains how he used Geometry Nodes for his research in cosmology.
https://www.blender.org/user-stories/cosmology-with-geometry-nodes/
An intriguing read. It confirms a theory about life I've had for a long time…
( No paywall: https://archive.is/FtA31 )
#science #life #brain #neuroscience #biology #research #knowledge #info #information #reading #article
Old and busted: transparent aluminum. New hotness: unsinkable aluminum
#stem #engineering #technology #cleanenergy #materials #ocean #research #cool
GitHub - estiwen0x/swiftloader-research: A specialized research project exploring Windows Manual Mapping techniques for PE injection, focusing on custom relocation and IAT reconstruction without native OS loader dependency.
If Rich Lucas is here on the #fediverse, I hope he's followable. I just read a few of his posts from 2019 and they're great reading (at least for a psychologist who uses R). Wherever you are, Dr. Lucas, thrive on!
How AI slop is causing a crisis in computer science…
Preprint repositories and conference organizers are having to counter a tide of ‘AI slop’ submissions.
https://www.nature.com/articles/d41586-025-03967-9
( No paywall: https://archive.is/VEh8d )
#research #science #tech #technology #BigTech #AI #ArtificialIntelligence #LLM #LLMs #ML #MachineLearning #GenAI #generativeAI #AISlop #Fuck_AI #Microsoft #copilot #Meta #Google #NVIDIA #gemini #OpenAI #ChatGPT #anthropic #claude
PH4NTXM currently ships as a controlled distribution to sustainably fund development, infrastructure, and long-term research.
Reaching PH4NTXM’s current level has been a long process — involving extensive design, iteration, and hard technical decisions. This model allows us to maintain build integrity, focus on security guarantees, and continue active development without external dependencies.
Thank you to those who have followed, challenged, and supported the project.
If and when sustainability no longer requires controlled access, the project may transition to a more open model. Any such change would be deliberate and aligned with PH4NTXM’s long-term goals.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
PH4NTXM includes an Identity utility for the operator.
It displays the exact identity the system is presenting for the current
session — the assigned persona name, hostname, machine-id, MAC addresses, and other boot-time identifiers.
PH4NTXM generates a new identity on every boot.
Nothing is reused between sessions.
Because identities are ephemeral by design, the utility exists as a stable
reference point. It shows only the values assigned at boot and never reflects runtime drift or transient state changes.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
PH4NTXM runs entirely from RAM.
Once the system is live, the original boot USB is no longer required and can be removed and discarded. A secondary USB stick is then inserted.
That USB can contain anything.
Photos. Documents. Music.
Or nothing at all.
It is not used by the system.
It is not read from.
It is not trusted.
It exists only as a physical marker.
When armed, the continued presence of that USB is mandatory. The moment it is removed, execution is transferred immediately to the Nuke Kernel.
No processes are allowed to continue.
No network activity survives.
No teardown is performed.
What appears to be a harmless souvenir stick is, in reality, a physical
kill-switch. Its removal ends the session at the hardware boundary.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
There are moments where recovery is not the goal.
PH4NTXM provides an exit.
The Panic Button is a privileged emergency trigger that immediately terminates all user processes, drops all network interfaces, and destroys volatile traces in-flight. Control is then handed directly to the Nuke Kernel.
There is no delay.
No confirmation.
No rollback.
Once triggered, execution is cut short, state is invalidated, and the system
is forced through an irreversible shutdown path. The session does not wind down — it is ended.
This is not a safety feature.
It is a last action.
When the Panic Button is pressed, the only guarantee is that nothing continues.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Sessions don’t fade out.
They are terminated.
PH4NTXM routes every shutdown and reboot through a dedicated panic kernel we called "nuke"
designed to end execution violently and without negotiation. The system is
forced into an immediate hardware reset path. CPU state is discarded. Power is
cut to volatile memory to trigger rapid RAM decay.
Before the reset, volatile key material stored in NVM-backed regions is
explicitly erased. No userspace teardown is allowed. No services exit cleanly.
Nothing is given time to persist.
There is no shutdown sequence to observe.
No memory image to trust.
No previous session for firmware to inherit.
When the system comes back, it comes back empty.
This is not hardening.
This is a kill-switch for state.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Sessions don’t fade out.
They are terminated.
PH4NTXM routes every shutdown and reboot through a dedicated panic kernel we called, "nuke" designed to end execution violently and without negotiation. The system is
forced into an immediate hardware reset path. CPU state is discarded. Power is
cut to volatile memory to trigger rapid RAM decay.
Before the reset, volatile key material stored in NVM-backed regions is
explicitly erased. No userspace teardown is allowed. No services exit cleanly.
Nothing is given time to persist.
There is no shutdown sequence to observe.
No memory image to trust.
No previous session for firmware to inherit.
When the system comes back, it comes back empty.
This is not hardening.
This is a kill-switch for state.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Networks are the fastest way to lose control.
PH4NTXM provides a hard stop.
Lockdown is a privileged isolation switch that immediately disables all
network interfaces at the system level. No traffic enters. No traffic leaves.
Interfaces remain sealed until the operator explicitly restores them.
When Lockdown is active, there is no exfiltration path.
No remote access surface.
No background connectivity to exploit.
This is not a firewall rule.
Not a profile.
Not a “disconnect”.
It is enforced isolation — designed for moments where uncertainty is higher
than trust, and silence is the safest state.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Memory forensics assumes RAM converges toward meaningful state.
PH4NTXM prevents that.
The RAM Seeding Engine continuously injects realistic cryptographic and
application-shaped artifacts into physical memory during live operation.
These artifacts mutate over time and are spread naturally through allocator
reuse into active process memory.
When memory contents are unstable and statistically polluted, forensic
analysis loses reliability. Captured memory reflects plausible but
non-attributable structures rather than clean session data.
There’s no single snapshot to trust.
No stable baseline to analyze.
By keeping volatile memory in flux, PH4NTXM ensures RAM cannot be treated
as a reliable source of ground truth during or after a session.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Surveillance relies on sensors being present.
PH4NTXM removes that assumption at the kernel level.
Microphone, camera, and audio output never reach userspace.
Applications, browsers, and malware have nothing to enumerate, request, or exploit.
When sensors don’t exist to the operating system, surveillance tooling loses its footing — not because it’s blocked, but because the attack surface is gone.
There’s no muting.
No permissions.
No trust model.
By enforcing sensor absence at the kernel boundary, entire categories of monitoring and exfiltration simply fail by design.
This isn’t anti-surveillance through resistance.
It’s anti-surveillance through architecture.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Defense doesn’t need to be permanent to be effective.
PH4NTXM is designed to block common intrusion attempts while a session is active — without carrying defensive history forward.
Attacks are mitigated in real time.
But once the session ends, there’s no accumulated state, no retained memory, no historical footprint.
Protection happens when it’s needed.
Persistence doesn’t.
This keeps defensive mechanisms effective without turning yesterday’s noise into today’s liability.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
DNS is one of the easiest places to correlate activity.
Even when traffic is protected, repeated use of the same resolver quietly creates long-lived associations.
PH4NTXM avoids that by design.
Each session operates with a different DNS context, so name resolution never settles into a stable, reusable pattern.
Nothing breaks. Resolution remains normal and reliable.
But no single resolver becomes a long-term witness.
This isn’t about “hiding DNS”.
It’s about preventing small, boring infrastructure choices from turning into permanent identifiers.
Correlation thrives on consistency.
We work to deny it.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
Network identity isn’t just IP addresses.
Many systems can be recognized by how they talk on the network, not just where the traffic comes from.
PH4NTXM actively avoids stable network behavior.
Each session introduces subtle variation in how connections behave over time — without breaking compatibility or reliability.
The result is network traffic that doesn’t settle into a repeatable pattern from one session to the next.
This isn’t noise for the sake of noise.
It’s controlled inconsistency, designed to make long-term correlation unreliable.
Network tracking works best when behavior stays the same.
PH4NTXM is built on the opposite assumption.
#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology
The Trump administration’s push for mass deportations has resulted in more than 18,000 challenges in federal court from immigrants claiming their detention is illegal.
We are tracking the increase in these cases:
https://projects.propublica.org/habeas-tracker/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
#News #Trump #Immigration #Research #Data #Law #USPolitics #Legal
Why walking in a national park in the dark prompts people to turn off lights at home. Wow, those people must have really powerful claps
AI Slop is Flooding the Scientific Community
Scientific journals are dealing with a flood of AI slop and with the release of Prism, the fear is that it's only getting worse.
https://www.freezenet.ca/ai-slop-is-flooding-the-scientific-community/
#News #Technology #academia #AI #journals #OpenAI #paper #research #science
Interesting Git repos of the week (with a big shout out to @UK_Daniel_Card):
Strategy:
* https://github.com/toniall/ransomchat - planning for ransomware
Detection:
* https://github.com/Yamato-Security/EnableWindowsLogSettings - improving WIndows logging
* https://github.com/TinyActive/fluxion -working with vulnerability intelligence
* https://github.com/Karib0u/rustinel - a Rusty EDR for Windows
* https://github.com/linuxartifactparser/LAP - Linux artifact parser
* https://github.com/mr-r3b00t/nmap_vis - visualising nmap
* https://github.com/p0dalirius/ShareHound - hunting WIndows shares for use with BloodHound
* https://github.com/mr-r3b00t/kerberoast_audit - auditing for roastable users
Exploitation:
* https://github.com/Logisek/AzureADEnumeration - exploring Azure AD
* https://github.com/yo-yo-yo-jbo/dumping_lsass - dumping LSASS secrets
* https://github.com/depthsecurity/RelayKing-Depth - relay creds, get DA
* https://github.com/mr-r3b00t/enumerate - enumerating Windows with PS
* https://github.com/mr-r3b00t/govuk - scraping gov.uk
* https://github.com/mr-r3b00t/find-high-priv-users-with-spns - hunting valuable SPNs
https://github.com/hfiref0x/UACME - defeat UAC
Hard hacks:
* https://github.com/finngineering/apxutil - poking Schneider Electric PLCs
Nerd:
* https://github.com/ajkingio/logbooks - running an encrypted command line journal for tracking work
Apes Show Ability to Imagine in ‘Tea Party’ Experiments, and Scientists are Very Excited
https://www.youtube.com/watch?v=b9EbCb5A408
Today's find on the impact of LLMcoding to maintainability of the result.
Assumption 80% of a systens cost arises from.maintenance, thus maintainability is still relevant in the prssence of LLMcoding.
TL;DR: A fool with a tool is still a fool. And LLMcoding is just that: a tool
Given the confirmation bias I'm curious to see reproduction and follow up studies and papers.
The video mentions that the results were published as a peer reviewed paper. Unfortunately I couldn't immediately find said paper. If any one finds it, please post a link/DOI below.
#swe #research #softwareengineering #LLMs #aiassistedcoding #claude #ai
"With generative AI we have essentially provided a tool for conducting denial of service attacks on the infrastructure of the scientific publishing process (broadly construed). And we have done this at the time when we are seeing well-funded campaigns seeking to undermine free and independent scientific research."
@UlrikeHahn, 2026
https://write.as/ulrikehahn/is-ai-killing-scientific-reform
Our Rx Inspector tool allows you to use information from your prescription label to locate the factory where a generic drug was made and see if the plant has a history of inspection violations.
Explore the tool:
https://projects.propublica.org/rx-inspector/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
Interesting links of the week:
Strategy:
* https://x-c3ll.github.io/posts/Rant-Red-Team/ - @XC3LL talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)
Threats:
* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit
https://secure.dev/securing_ggml_rpc.html - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - @greynoise discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - @rapid7's excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
Detection:
* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - @zeek discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - @jmhill describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of @huntress's excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - @da_667's survivors guide to @suricata
Bugs:
* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - @index continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw
Exploitation:
* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ from @sj
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
Hard hacks:
* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon
Hardening:
* https://itsfoss.com/news/amutable-linux-security/ - @pid_eins triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked
✍️🧠 Is cursive a relic of the past? New #research suggests otherwise.
Scientists have found that the specific hand movements required for cursive #writing create unique neural pathways that typing simply can't replicate, helping with memory and #learning.
Using stochastic differential equations, researchers mapped classical chaos onto quantum harmonic oscillators. The result: one quantum simulation captures what takes 10,000 classical runs to approximate.
This is BQP-complete—fundamentally beyond classical reach.
#QuantumPhysics #Research
People often struggle to find good follows on Fedi. I just realized I have a great resource for this: the list of everyone I've cited for the Product Picnic newsletter over the past year and a bit!
If your feed feels "dead" or not interesting, inject some active #UX #tech #product #research people into it (as well as authors/academics writing about these topics):
@iris_meredith
@GIFmodel
@davidgerard
@tottinge
@doriantaylor
@ronbronson
@emilymbender
@RayNewman
@Chronotope
@mulegirl
@dcr
1/
Follow the Changes: 9 Ways Web Archives are Used in Digital Investigations
Drawing on a combination of digital methods, machine learning and lots of reading – we surfaced nine ways that journalists use the Wayback Machine in their reporting.
by Chris Freeland via @internetarchive
https://blog.archive.org/2026/02/02/follow-the-changes/
Alt...
Internet Archive logo.
The design features:
Classical Greek/Roman temple with columns
Symbolizes a library or repository of knowledge
"INTERNET" written vertically on the left
"ARCHIVE" prominently displayed
I remember when the #Internet first became widely available and all of a sudden we had all these #research sources at our fingertips that we no longer had to go to the closest university library to access.
Now with #AI it's <<I Want an answer now and I don't care where it comes from or how accurate it is I just want it now with no work on my part.>>
Register to enjoy a free webinar replay from the NC Genealogical Society the weekend of 6-8 February 2026 on “Legal Lingo in the Tarheel State: Using Black’s Law Dictionary” with Judy G. Russell, JD, CG®, CGL®
(The live webinar was originally presented on 6 Sept 2023.)
NCGS will email the direct link to the recording to you for viewing any time between midnight Thursday night through midnight Sunday night (ET).
The handout for this presentation will only be available to the public during the viewing period, and may not be downloaded. It will open in a separate tab, however, so it can be referred to during the webinar.
#Geneadons #Genealogy
#NorthCarolina #Research
#FamilyHistory
@geneadons @histodons
https://www.ncgenealogy.org/event/recorded-webinar-with-judy-russell-feb-2026/
Threats:
* https://github.com/unicodeveloper/globalthreatmap - the history of conflict mapped with analysis on it affects modern threats
* https://github.com/narimangharib/starlink-iran-gps-spoofing - analysis of .ir tampering with Starlink
Detection:
* https://github.com/MHaggis/ADTrapper - automated hunting in AD
* https://github.com/NasirzadehMoh/CoLog - hunting with collaborative transformers
* https://github.com/Pr0kythera/Mitre-Attack-Sunburst - visualising ATT&CK
Bugs:
* https://github.com/mistymntncop/CVE-2025-5419 - Chrome popper?
Exploitation:
* https://github.com/thesp0nge/nightcrawler-mitm - stress test your web apps with @thesp0nge
* https://github.com/htrgouvea/nozaki - another HTTP fuzzer
* https://github.com/splunk/attack_range - simulated environments from Splunk
Hard hacks:
* https://github.com/blacktop/ipsw - dicking around with Apple
* https://github.com/checkra1n/PongoOS - alternative booting on Apple hardware
Hardening:
* https://github.com/splunk/DECEIVE - Splunk's work on LLM-based honeypots
Development:
* https://github.com/shortstheory/kioslave-tutorial - writing KDE IO slaves
Nerd:
* https://github.com/zampierilucas/scx_horoscope - a star crossed /proc
Interesting links of the week:
Strategy:
* https://www-tokio--dr-jp.translate.goog/thinktank/acd/acd-007.html - active defense in .jp
* https://www.cambridge.org/core/books/securing-democracies/stacking-up-for-resilience/EB2072FAE9F97CF41B568B1C4AAFC190 - building digital resilience ala India
* https://www.csis.org/analysis/civil-takedowns-missing-legal-framework-cyber-disruption - avoiding disruption when performing takedowns
* https://breakmeifyoucan.com/
https://sabsa.org/w105-sabsa-enterprise-security-architecture-principles/ - constructing a security architecture using SABSA principles
* https://www.ncsc.gov.uk/collection/how-to-prepare-and-plan-your-organisations-response-to-severe-cyber-threat-a-guide-for-cni - NCSC guidance on how to not get yourself in a panic
* https://home.treasury.gov/system/files/136/G7-CEG-Quantum-Roadmap.pdf - a roadmap for quantum
Standards:
* https://www.etsi.org/deliver/etsi_en/304200_304299/304223/02.01.01_60/en_304223v020101p.pdf - ETSI standards on AI in public life
Threats:
* https://ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/before-vegas-cyberdefense-report.pdf - understanding .cn hackers in long form
* https://www.bitsight.com/blog/what-is-y2k38-problem - do you even 2038?
Detection:
* https://it4sec.substack.com/p/detect-rogue-cell-towers-for-50-who - hunting rogue radios
* https://www.detectionengineering.net/ - a nice news feed for detection engineers
* https://github.com/OpenTideHQ/.github/blob/main/profile/OpenTide%20White%20Paper.pdf - paper on OpenTIDE
* https://huggingface.co/datasets/CIRCL/vulnerability-cwe-patch - enriching bug classifications
* https://arxiv.org/abs/2402.15147 - mapping techniques
* https://www.huntress.com/blog/ldap-active-directory-detection-part-three - @huntress discuss AD's LDAP logs
* https://api.gcforum.org/api/files/public/upload/523c55f1-b24a-4824-a841-b513c2aca3bc_Practical-Threat-Detections.pdf - getting the most from your telco logs
Bugs:
* https://www.zerodayinitiative.com/advisories/ZDI-26-020/ - why are LLMs so quick to oopsie
* https://www.interruptlabs.co.uk/articles/when-nas-vendors-forget-how-tls-works - TLS is hard
* https://projectzero.google/2026/01/pixel-0-click-part-1.html - taking over the world, Pixel by Pixel
* https://projectzero.google/2026/26/windows-administrator-protection.html - @tiraniddo beats up admins
* https://whisperpair.eu/ - BTLE gets another bad report
* https://www.atredis.com/blog/2026/1/26/generals - exploiting games for fun, high scores and remote tank execution
* https://fortiguard.fortinet.com/psirt/FG-IR-26-060 - FortiCloud makes a splash
Exploitation:
* https://www.synacktiv.com/publications/pentesting-cisco-aci-lldp-mishandling - kicking Cisco's ACI tyres
* https://shazzer.co.uk/blog/distributed-fuzzing-crowdsourced-browser-testing - scaling browser fuzzing from @gaz
* https://dl.acm.org/doi/10.1145/3776743 - inferring grammar from parsing
* https://arxiv.org/abs/2601.01592 - breaking multi-model AI
Hard hacks:
* https://jyn.dev/remotely-unlocking-an-encrypted-hard-disk/ - picking the hard disk lock
Perhaps the most compelling finding from a UW Medicine study to help stroke victims recover hand movement is that if its first subject applied to be part of the study today, he would not qualify.
https://www.kuow.org/stories/he-suffered-two-strokes-this-electric-brain-implant-helped-him-regain-use-of-his-arm
#KUOW #News #Health #UniversityOfWashington #Science #Technology #MedicalTreatments #Research #Technology
How New #Research Shows We Don’t #Age Evenly : Medium
Can’t Get Started on a #Daunting Task? This #BrainCircuit That Slams the #Brakes on #Motivation Might Be to Blame : Misc
How realistic is #India's #Quest for #Magnets made of #RareEarths : BBC
Latest #KnowledgeLinks
https://knowledgezone.co.in/resources/bookmarks
@brian_gettler I feel that curricula (at least in the natSci) do not offer enough of these curiosity-driven experiences (this is why they sign up!), while grinding through the fundamentals. I offer an introductory research practices courses. We head out to an abandoned mine after learning about the historical context before deciding what trace metals to sample for. Scaffolding provided to get the project off the ground, but objectives, plans, equipment… are up to students & outcomes unknown. Project objectives are quite diverse. And students are doing well in their “detective work” looking for pollutants. #academicchatter #learning #research
Bacteria use wrapping flagella to tunnel through microscopic passages as Rule 34 rolls on
Rx Inspector, our free, searchable tool, allows you to look up where your generic prescription drug was made.
From patients and doctors to researchers, it is already reshaping how people make decisions. “This is a godsend,” one professor told us.
https://www.propublica.org/article/rx-inspector-reshaping-decisions-generic-drugs?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
#Research #Data #Science #Medicine #Pharmacy #Journalism #Drugs
https://www.europesays.com/us/541077/ Once Wiped Out by Blight, Thousands of American Chestnut Trees are Thriving on Biologist’s Land in Maine #discovery #Forests #Health #Maine #research #trees #UnitedStates #UnitedStates #US #USA
Alt...
Once Wiped Out by Blight, Thousands of American Chestnut Trees are Thriving on Biologist’s Land in Maine
🪤 When two years of academic work vanished with a single click // Nature
「 I temporarily disabled the ‘data consent’ option because I wanted to see whether I would still have access to all of the model’s functions if I did not provide OpenAI with my data. At that moment, all of my chats were permanently deleted and the project folders were emptied — two years of carefully structured academic work disappeared. No warning appeared 」
#ai #genai #science #research
https://www.nature.com/articles/d41586-025-04064-7?error=cookies_not_supported&code=b548669d-4699-45f9-ab08-177c18f132de
Interesting Git repos of the week:
Bugs:
* https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 - apparent 0-click PoC in iOS
Exploitation:
* https://github.com/secorizon/OffByWon - fuzzing framework
* https://github.com/trailofbits/skills - @trailofbits share their skills
* https://github.com/sagishahar/lpeworkshop - Windows/Linux privesc workshop
* https://github.com/Chocapikk/pgread - fuck GRANT, who needs permission
* https://github.com/matro7sh/BypassAV - AV to hole mapping :(
Hardening:
* https://github.com/raesene/baremetalvmm - spinning up firecrackers with @raesene
Data:
* https://github.com/jivoi/awesome-ml-for-cybersecurity - another one of those "awesome" repos but this one focusses on AI in cyber security
* https://github.com/cisco-foundation-ai/cookbook - Cisco's Foundation AI cookbook
Defund #Science, Distort #Culture, Mock #Education
It’s not just about cuts to #research.
It’s about #power.
By Anne Applebaum @anneapplebaum
#SevenMountainMandate #law #Constitution #FirstAmendment #AcademicFreedom #dictatorship #authoritarianism #autocracy #MafiaState #RevengePolitics #Trump
https://www.theatlantic.com/podcasts/2026/01/reality-reshaped/685289/?gift=guxsrl_dAdXUP9zqbQPWxVCfwC75UsaONz24l2NqAdQ
Last month, we released Rx Inspector, a groundbreaking tool that lets you find the factories where your generic drugs were manufactured.
See the never-before-released data that ties everything together.
https://www.propublica.org/article/rx-inspector-generic-drugs-data?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post
#Health #Medicine #Data #Research #FDA #Drugs #Science #Journalism
🩹⏱️ Researchers have developed an aerosolized wound spray called SEAL that stops severe arterial bleeding nearly instantly.
The #Baltimore-based team uses a specialized chitosan mixture to create a physical seal, providing a potential lifesaver for soldiers and first responders in remote areas.
👉 https://newatlas.com/medical-tech/battlefield-wound-spray/
#medicine #health #innovation #science #biology #tech #technology #research #safety #emergency
On the heels of researchers finding a way to create tooth enamel, Stanford researchers have found a way to regrow cartilage and stop arthritis, thereby obviating the need for joint replacements
Interesting links of the week:
Strategy:
* https://assets.publishing.service.gov.uk/media/696e0eae719d837d69afc7de/National_security_assessment_-_global_biodiversity_loss__ecosystem_collapse_and_national_security.pdf - biodiversity and national security
* https://www.gov.uk/government/publications/software-security-ambassadors-scheme - when you get summoned to number 10 for a nasty oopsie
* https://www.cjr.org/news/hannah-natanson-fbi-washington-post-raid-devices-seized-runa-sandvik-security-computer-phone-laptop-sources.php - how to blow whistles safely, is it even possible?
* https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector/2025-cbest-thematic - themes and trends from UK FSI red teaming under Bank of England's CBEST programme
Standards:
* https://aivss.parthsohaney.online/calculator - a stab at quantifying AI risk... not convinced it'll work but at least people are thinking about the problem
Threats:
* https://www.esentire.com/blog/new-botnet-emerges-from-the-shadows-nightshadec2 - yay, more C2
Detection:
* https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules%2FDay17.yara - always like a bit of nice YARA
* https://andpalmier.com/posts/abuse-ch-toolkit/ - tools for @abuse_ch
Bugs:
* https://seclists.org/oss-sec/2026/q1/89 - finally Linux telnetd gets an auth-pass feature
* https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/ - CVE wen, an overflow in UNIX v4
* https://www.ibm.com/support/pages/node/7257143 - so you wanna pop a mainframe?
Exploitation:
* https://github.blog/developer-skills/github/codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/ - hunting bugs with CodeQL
* https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/ - industrialising set $pc=0x41414141
* https://netaskari.substack.com/p/whats-in-the-box - pentesting in .cn
* https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables - GOOG launch rainbows, share Net NTLMv1 pot of gold
*
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/passwortmanager_sicherheit_datenschutz.pdf - .de takes pop at password managers
* https://security.opensuse.org/2026/01/16/the-journey-of-auditing-uyuni.html - SuSE takes UYUNI for a space walk
Hard hacks:
* https://medium.com/@marcel.rickcen/no-tamper-alert-no-password-and-a-backdoor-root-access-on-a-pos-credit-card-payment-terminal-1ea32c73ca41 - what a POS
* https://neodyme.io/en/blog/drone_hacking_part_1/ - on and on, they drone
* https://blog.nns.ee/2026/01/06/aike-ble/ - sniffing scooter emissions
* https://lucasteske.dev/2025/09/running-code-in-pax-machines - this looks like payback
* https://web.archive.org/web/20160128030439/http://www.elemental.net/%7Elf/undoc/ - undocumented Cisco commands
Hardening:
* https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-by-using-ou-objects - delegation in AD by OU
Nerd:
* https://rbanffy.github.io/fun-with-old-mainframes.github.io/fun-with-vm370.html - mmm, greenscreen
* https://openmail.one/ - OpenAI lawsuits ahoi!
ATENCIÓN a todos los MÚSICOS en la sala!. El equipo de Glaze / Nightshade / Hemlock necesitan voluntarios para participar en un breve cuestionario para evaluar su capacidad para distinguir entre música generada por IA y música compuesta por humanos. Es importante para ayudar en su investigación! 🙏
🔵 https://uchicago.co1.qualtrics.com/jfe/form/SV_39vyYBpNbwWigt0
📌 Study Title: Detecting AI Generated Music
#music #musica #AI #IA #genAI #survey #glaze #study #research
Alt...
Glaze and Nightshade
@theglazeproject.bsky.social
Another favor to ask on a research project. We're wrapping up a large project on AI music. We need folks to participate in a short 10 min quiz to test your ability to distinguish between AI music & human music. Especially looking for help from musicians!