|
| 1 | +Date: 15-11-2025 |
| 2 | + |
| 3 | +Duration: 2 hrs 30 mins |
| 4 | + |
| 5 | +==== Topics Discussed |
| 6 | + |
| 7 | +* Janvi Matani asked for advice on finding internships as a 2nd year IT student. |
| 8 | + ** Suyash and others suggested targeting small startups and reaching out directly to founders on LinkedIn rather than relying on job portals like Internshala. |
| 9 | +* Rehan Shaikh talked about his work as a junior penetration tester at TCS in the BFSI (Banking, Financial Services and Insurance) vertical. |
| 10 | + ** Discussed the freedom in his team checking in, checking out, and working independently on pen testing projects. |
| 11 | +* Alpesh Bhagwatkar mentioned the new Android PixNapping vulnerability (CVE-2025-48561). |
| 12 | + ** It's a hardware-based vulnerability where malicious apps can steal OAuth keys without user interaction by layering intents. |
| 13 | + ** Google decided not to fix it until 2026. |
| 14 | + ** link:https://www.malwarebytes.com/blog/news/2025/10/pixel-stealing-pixnapping-attack-targets-android-devices[PixNapping Attack Blog^] |
| 15 | +* Discussion about NSO's Pegasus spyware and the incredible techniques used. |
| 16 | + ** Rehan shared the Google Project Zero article about how Pegasus exploited iMessage using Turing machine principles to create a virtual machine inside iMessage. |
| 17 | + ** link:https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html[Google Project Zero: NSO Zero-Click Deep Dive^] |
| 18 | +* Discussion about vibe coding with brain waves. |
| 19 | + ** A new technology that reads alpha/gamma brain waves through a headset and uses LLM to generate code based on what you're thinking. |
| 20 | + ** link:https://www.youtube.com/watch?v=4bQ2qhfJUjA[This neural interface writes code from my brain waves… By Fireship^] |
| 21 | +* Rehan shared about the Operating System series by Adhokshaj Mishra. |
| 22 | + ** Back to basics lectures covering OS fundamentals, focusing on understanding why certain designs were chosen rather than just definitions. |
| 23 | + ** Adhokshaj has built his own OS and created a programming language in Sanskrit. |
| 24 | + ** link:https://breachforce.net/series/os-intro[OS Introduction Series^] |
| 25 | + ** link:https://www.linkedin.com/in/adhokshajmishra[Adhokshaj Mishra's LinkedIn^] |
| 26 | +* Jaden explained what eBPF is. |
| 27 | + ** It's like an API for running code at the kernel level, allowing operations that would normally require kernel drivers. |
| 28 | + ** Useful for network packet filtering and kernel-level operations without the overhead of traditional syscalls. |
| 29 | +* Discussion about the difference between syscall wrappers (glibc) and actual syscalls. |
| 30 | + ** Glibc wrappers like `open()` use variadic arguments (the `...` syntax in C) to provide flexibility. |
| 31 | + ** The wrapper handles default parameters and then calls the actual syscall. |
| 32 | +* Chirag joined and discussed his work. |
| 33 | + ** Talked about the difference between product companies and consulting firms for sales engineers. |
| 34 | + ** His daily work involves gathering customer requirements for cloud migration and designing proposals. |
| 35 | +* Shared resources: |
| 36 | + ** link:https://lwn.net/Kernel/Index[LWN Kernel Index^] |
| 37 | + ** link:https://livegrep.com/search/linux[Live Grep Linux Kernel Search^] |
| 38 | + ** link:https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist[HTB CPTS Certification^] |
| 39 | + ** link:https://www.youtube.com/watch?v=BM62xi4FE3c[ELF Parsing by Harsh Kapadia^] |
0 commit comments