Yearly blog post just dropped: Control Flow Hijacking via Data Pointers 🐸 Showcasing how to find your own in Binary Ninja, how to weaponize and write a shellcode stub etc. Hopefully people find it useful :) legacyy.xyz/defenseevasion…
Decided I'd like to make a career swap toward the defensive side: e.g. Detection Engineering, Threat Research etc. Happy to provide more information via DM 🙏 (also any retweets would be greatly appreciated)
One of the biggest security expertise redpills is this is unironically a good idea and the time spent making fun of it was ill-advised for most users whose physical security threat is not a factor in comparison.
The xz package tar's were backdoored. Only discovered because the backdoor slowed down sshd enough for Andres Freund to investigate. Consider the case where the backdoor didn't cause perf issues... How long would this have gone undetected? openwall.com/lists/oss-secu…
Attempt no. 3 at motivating myself to write more blog posts 🐸 Been studying vulnerability research content lately, decided to start a blog series on writing a fuzzer for Windows targets legacyy.xyz/vr/windows/202…
Impressive, very nice. Now let's see Paul Allen's C2 framework
Every defender should excel in adversary simulations to experience and understand how to conduct advanced attacks And every red teamer should deeply understand visibility and detection opportunities of every move
Wondering if any other attackers have a story of a basic hardening thing stopping them? My favorite that comes to mind is Windows FIPS Mode blocked a Commercial C2's SOCKS proxy feature because of its use of non-fips compliant stream cipher (RC4).
Today I found out SharpHound has a function to enumerate all domains in a given forest (-s), despite the documentation on ReadTheDocs saying it doesn't. Saved me a little bit of time today :) #bloodhound #sharphound #redteamtips
When an attacker gains initial access to a system on a network, common actions are: 1. Scanning the network for pivot targets 2. Pillaging the system for valuable files 3. Stealing credentials from the system Each provides an opportunity for honeypot-based detection 🧵 1/
[ALERT] Moses Staff gang has announced "Unit 8200" on the victim list.
![stealthmole_int's tweet image. [ALERT] Moses Staff gang has announced "Unit 8200" on the victim list.](https://pbs.twimg.com/media/FEOcFNaaIAIeMiM.jpg)
Hey... did anyone notice that PAN 0day was fixed in a version that was released over a year ago? Guess it wasn't easy to notice under all the loud opinions about ethics. 🤣
No. Cybersecurity issues like ransomware is a just a cost of doing business. At the moment it's worse than shoplifting, but businesses will adapt without government intrusion. Government intrusion is more an existential threat to business than the ransomware itself.
“Ransomware has become a scourge on nearly every facet of our lives, and it’s a prime example of the vulnerabilities that are emerging as our digital and our physical infrastructure increasingly converge.” Jen Easterly, director of CISA bloomberg.com/news/articles/… @business
bloomberg.com
Cyber Official Warns ‘American Way of Life’ at Risk From Hackers
A top U.S. cybersecurity official offered a dire warning to members of Congress on Wednesday, saying the “American way of life” faces serious risks amid the drumbeat of ransomware attacks and...
I don't really understand the twitter outrage over taxing unrealized gains when literally everyone on fintwit is deep in the red
122.51.55[.]133 #cobaltstrike #beacon sha256: 9ea7f4b6b7d6dfdd68d3cbda127fdbbaf4526634f071f7be2d46cd527c831a2f
United States الاتجاهات
- 1. Auburn 40.7K posts
- 2. Duke 32.5K posts
- 3. Bama 29.6K posts
- 4. Stockton 23.8K posts
- 5. Ole Miss 38.5K posts
- 6. Miami 134K posts
- 7. Lane Kiffin 48.5K posts
- 8. Notre Dame 25.8K posts
- 9. Stanford 9,901 posts
- 10. #SurvivorSeries 189K posts
- 11. Virginia 48.7K posts
- 12. Austin Theory 5,178 posts
- 13. #JimmySeaFanconD2 167K posts
- 14. Cam Coleman 2,024 posts
- 15. Ewing 1,264 posts
- 16. #Toonami 3,044 posts
- 17. #BNewEraBirthdayConcert 518K posts
- 18. Cooper Flagg 8,533 posts
- 19. #INDvSA 28K posts
- 20. Oxford 22.5K posts
Something went wrong.
Something went wrong.