Archive • the grugq's newsletter

August 21, 2025

August 22, 2025

August 21, 2025 Reading G-2 "#Counterintelligence Situation in China Theater" Report from 1946. "On the purpose of collecting information from the American...

August 20, 2025

August 20, 2025

August 20, 2025 Never considered it before until now.Abuse Microsoft AI copilot to "live off the land" and perform automated malicious tasks by simply...

August 18, 2025

August 19, 2025

August 18, 2025 At @defcon, I presented my research on client-side deanonymization attacks in @Google's Privacy Sandbox! Privacy research doesn't get as much...

August 16-17, 2025

August 17, 2025

August 16-17, 2025 The previous thread glossed over how our LLM Agents actually work.The truth is, it took us a long time to figure out how to get reliable...

August 15, 2025

August 15, 2025

August 15, 2025 Russian hackers seized control of Norwegian dam, spy chief says | Russia | The GuardianBeate Gangås says attack in April by Norway’s...

August 14, 2025

August 14, 2025

August 14, 2025 NewTaiwan’s New Naval Drones Could Strike Any Chinese Invasionhttps://t.co/vBKXtTZ5A5— H I Sutton (@CovertShores) August 13, 2025 Wrapped up...

August 13, 2025

August 13, 2025

August 13, 2025 If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial...

August 12, 2025

August 12, 2025

August 12, 2025 ThinkstKeeping up with security research is near impossible. ThinkstScapes helps with this. We scour through thousands of blog posts, tweets...

August 11, 2025

August 11, 2025

August 11, 2025 Phrack #72 release reveals TTPs, backdoors and targets of a Chinese/North Korean state actor mimicking KimsukyA copy of his workstation data...

August 10, 2025

August 10, 2025

August 10, 2025 You can't bug hunt your way to security. AI doesn't change that.— Sean Heelan (@seanhn) August 7, 2025...

August 9, 2025 That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit...

August 8, 2025 we got a persistent 0click on ChatGPT by sharing a docthat allowed us to exfiltrate sensitive data and creds from your connectors (google...

August 7, 2025 This might be the first time the Swiss weren't able to reach a financial deal with nazis [contains quote post or other embedded content] — Sam...

August 6, 2025 https://www.usenix.org/conference/usenixsecurity25/presentation/beitis KGB Stuff by Filip Kovacevic | SubstackKGB secrets you may want to know...

August 4-5, 2025

August 4-5, 2025 ai app so good it XSSes itself pic.twitter.com/4CdK2dwQqY— PatRyk (@Patrosi73) August 3, 2025 For years I have heard that MacOS is more...

August 3, 2025 Weeks ago I shared on LinkedIn about my quick thoughts why LLMs are useful for web pentesting:“IMO why LLMs are helpful in web black box...

August 2, 2025 [2506.11060] Code Researcher: Deep Research Agent for Large Systems Code and Commit HistoryLarge Language Model (LLM)-based coding agents have...

August 1, 2025 boB Rudis 🇺🇦 🇬🇱 🇨🇦: "🆕 GreyNoise Research: Early Warning Signals Befor…" - MastodonAttached: 2 images 🆕 GreyNoise Research: Early Warning...

July 31, 2025 Interesting and detailed explanation of how smartphones can be intercepted through the vulnerabilities of the SS7 signaling...

July 30, 2025 Top Lawyer for National Security Agency Is Fired https://t.co/kMbvqM95Ml— Dr. Dan Lomas (@Sandbagger_01) July 29, 2025 from "China’s Lessons...

July 29, 2025 Terence Tao: "In the field of cybersecurity, a distinction is m…" - MathstodonIn the field of cybersecurity, a distinction is made between the...

July 28, 2025 Modern Binary Exploitation by @RPISEC. This was a university course developed and run solely by students to teach skills in vulnerability...

July 27, 2025 Just finished a new blog sharing an interesting example demonstrating the power of cross-operating system vulnerability variant analysis! Check...

July 26, 2025 It's been months since https://t.co/70znqJx6hO went down and (apparently?) lost all of its data. I have a local copy of everything(ish). I made...

July 25, 2025 https://t.co/bEGbFvtNiE pic.twitter.com/VqkRK8aaYJ— Zack Witten (@zswitten) July 24, 2025 BlackHat-MEA-2024-slides/BH MEA 2024 - Reverse...

July 24, 2025 Introducing Loki, a software obfuscation approach designed to withstand all known automated deobfuscation attacks.This method efficiently...

July 23, 2025 https://www.theregister.com/2025/07/21/replit_saastr_vibe_coding_incident/?td=rt-3a MSTIC blog on Sharepoint exploitation At least 3 actors...

July 22, 2025 The #CIA has to adjust to a world where everyone's activities and movements are being watched and stored and analysed by artificial...

July 20, 2025 101 Chrome Exploitation — Part 0: Preface We are starting a new series on modern browsers' architecture and their exploitation using Chrome as...

July 19, 2025 Very interesting view. Social media, traditional media, blogs, etc give voices to single individuals, while LLMs sample among many....

July 18, 2025 One of the very first tools/projects I released back in early 2022 looked at hosting malware via DNS records and then retrieving+reassembling....

July 17, 2025 https://t.co/b0CJjfm4eB pic.twitter.com/PhAlnlIKrI— Silas Cutler // p1nk (@silascutler) July 17, 2025 This is so much! 🔥🔥😎Found two new Potato...

July 16, 2025 Dear attacker, Clear-History does not clear the PSReadLine command history file.Clear-History, as taken from the official documentation,...

July 15, 2025 grok claims to be mechahitler and they immediately operation paperclip it lol https://t.co/W9E0jtjYQ3— sam (dependent thinker) (@CobrastanGuy)...

July 14, 2025 Intelligence Group 13, embedded within the Shahid Kaveh Cyber Group, represents one of the most operationally aggressive and ideologically...

July 13, 2025 Senate Armed Services Committee wants DOD to explore 'tactical' cyber employment | DefenseScoopA provision in the Senate Armed Services...

July 12, 2025 This one mostly flew below radar and media coverage, but I think is a significant case. The article refrains from directly naming the group or...

July 11, 2025 Four UK arrests in Scattered Spider incidents. Suspects are 17 to 20 years old. https://t.co/sJhfry71Tk— John Hultquist (@JohnHultquist) July...

July 10, 2025 How can the Government best protect the UK against grey zone threats? We have published a report. Read our recommendations...

July 9, 2025 AI voice clones have hit the White House AGAIN, now impersonating the Secretary of State to other Gov officials to try to steal...

July 8, 2025 🇺🇸 #US: A Homeland Security operation took place at the MacArthur Park in Los Angeles, described in leaked Army documents as a "show of...

July 7, 2025 my weekend project to learn about bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other...

July 6, 2025 #SpyNews - week 27 (June 29-July 5):A summary of 91 espionage-related stories from week 27 coming from...

June 5, 2025 🚨 New APT group “NightEagle” is hacking Microsoft Exchange with stealthy tools and unpatched exploits.Targets? China’s AI, military, and quantum...

July 4, 2025 Pro-Russian hacktivism: Shifting alliances, new groups… | Intel 471Pro-Russian hacktivism campaigns continued to be directed at countries and...

July 3, 2025 GitHub - VirtualBox/virtualbox: Source code for Oracle VirtualBoxSource code for Oracle VirtualBox. Contribute to VirtualBox/virtualbox...

July 2, 2025 Jesko is an excellent reverse engineer and Binary Refinery is a great tool to check out for malware triage: https://t.co/wjWZk3PU6G...

July 1, 2025 Proofpoint: TA829 is a unique actor... its behavior classifies it as a financially-motivated actor. Following the invasion of Ukraine, TA829...

June 30, 2025 Today, Microsoft Threat Intelligence Center is proud to announce the release of RIFT, an open-source tool designed to assist malware analysts...

June 29, 2025 AI and Secure Code Generation AI and Secure Code Generation | Lawfare AI is reshaping code security—shifting metrics, unknown bugs, and...