chore: update feed state [2026-04-19]

Author: github-actions[bot]

logs/urls.txt

@@ -148,3 +148,5 @@
 [2026-04-18] https://www.wiz.io/blog/wiz-iac-inventory
 [2026-04-18] https://www.datadoghq.com/blog/governance-console/
 [2026-04-18] https://falconforce.nl/northsec-may-2026/
+[2026-04-19] https://avi.im/blag/2026/etilqs/
+[2026-04-19] https://0xdf.gitlab.io/2026/04/18/htb-airtouch.html

site/_posts/2026-04-19-htb-airtouch.md

@@ -0,0 +1,12 @@
+---
+layout: post
+title: "HTB: AirTouch"
+date: 2026-04-19 03:12:15 +0300
+categories: [RSS]
+tags: [ctf, wifi, snmp, rce, evil-twin]
+toc: true
+---
+
+This Hack The Box write-up chains multiple wireless and web weaknesses in a simulated enterprise environment, starting with an SNMP-exposed default consultant password that grants SSH access to a containerized workstation. From there, the attacker captures and cracks a WPA2-PSK handshake, uses the recovered key to decrypt packet captures in Wireshark, and extracts session cookies for a router management interface where a client-side role cookie unlocks an admin upload feature. The web foothold becomes RCE by bypassing a PHP extension filter with a `.phtml` upload, and hardcoded credentials in source code provide the next local pivot. The final stage abuses leaked CA/server certs to run an evil twin AP with eaphammer, capture a PEAP-MSCHAPv2 challenge, crack a user password, and then recover an admin credential from `hostapd`'s `eap_user` file to reach root on the corporate wireless segment.
+
+[Read original article](https://0xdf.gitlab.io/2026/04/18/htb-airtouch.html){: .btn .btn-primary }

site/_posts/2026-04-19-sqlite-prefixes-its-temp-files-with-etilqs.md

@@ -0,0 +1,12 @@
+---
+layout: post
+title: "SQLite prefixes its temp files with `etilqs_`"
+date: 2026-04-19 03:12:14 +0300
+categories: [RSS]
+tags: [sqlite, internals, temp-files, vacuum]
+toc: true
+---
+
+This post documents a small but concrete SQLite implementation detail: temporary files created during operations like `VACUUM` are prefixed with `etilqs_`, which is simply `sqlite_` spelled backwards. `VACUUM` rebuilds the database into a fresh temporary file to reclaim free space and defragment pages, so the prefix appears in SQLite's temp-file creation path rather than in user-visible database names. The article cites the upstream `src/os.h` comment explaining that SQLite changed the default prefix in 2006 after McAfee-created temp files with `sqlite` in the name caused Windows users to misattribute those files to SQLite and contact the developers. It is mainly useful as implementation and debugging context for anyone studying SQLite-compatible engines or filesystem artifacts produced during database maintenance.
+
+[Read original article](https://avi.im/blag/2026/etilqs/){: .btn .btn-primary }

state/processed_urls.json

@@ -1347,7 +1347,9 @@
     "https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-16-7/": "2026-04-18",
     "https://www.wiz.io/blog/wiz-iac-inventory": "2026-04-18",
     "https://www.datadoghq.com/blog/governance-console/": "2026-04-18",
-    "https://falconforce.nl/northsec-may-2026/": "2026-04-18"
+    "https://falconforce.nl/northsec-may-2026/": "2026-04-18",
+    "https://avi.im/blag/2026/etilqs/": "2026-04-19",
+    "https://0xdf.gitlab.io/2026/04/18/htb-airtouch.html": "2026-04-19"
   },
-  "last_updated": "2026-04-18T03:10:53.358550+00:00"
+  "last_updated": "2026-04-19T03:12:15.092038+00:00"
 }