April 17, 2024
April 17, 2024
My @BlackHatEvents #BHEU presentation has now been posted 📽️https://t.co/NUJQhW1ha6
— Brett Hawkins (@h4wkst3r) March 28, 2024
Finished reading the probably best blog post I‘ll come across this week by @swagitda_
— Daniel Bodky (@d_bodky) April 16, 2024
Thanks to @rseroter for listing it on your newsletter.
Now let‘s head over across the street to #devopsdayszh 🤩https://t.co/RzLzbotiEV
Since it's out there now this is what I caught in wild CVE-2024-3400
— Justin Elze (@HackingLZ) April 16, 2024
GET /global-protect/login.esp HTTP/1.1 Host: X User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Accept-Encoding: gzip, deflate, br…
CVE-2024-0517 - Chrome V8 maglev compiler optimization RCE vulnerability, has been derestricted (along with exploit code). This was reported by our teammate @__sutohttps://t.co/tD5GSsYcEv pic.twitter.com/cKVgkyltbT
— Qrious Secure (@qriousec) April 17, 2024
nothing will ever top this tweet pic.twitter.com/j4hiORU7FP
— Reconstructionist (@un_a_valeable) April 15, 2024
Something that has been true for over a decade: there's no captcha you can put in front of a service to prevent bots from signing up. It's impossible -- captchas only serve to annoy real users.
— François Chollet (@fchollet) April 16, 2024
The reason is that in professional spam operations, the account creation process is…
And of course the propaganda department of the GRU has its own in-house account creation service, which is entirely manual and uses US-based (etc) VPNs. They use virtually no automation -- they employ thousands of real people, manning hundreds of thousands of accounts. They're…
— François Chollet (@fchollet) April 16, 2024
The only way you can counter it is via ML. You need to use all available signals to make a judgment call on whether an account's activity is spam or not. It's a game of cat and mouse, ever shifting. Very solvable, but it requires actual people labeling your data everyday.
— François Chollet (@fchollet) April 16, 2024
Very interesting reading on reverse engineering rail ticketshttps://t.co/huHmBZlpCQ#reverseengineering #infosec pic.twitter.com/oDbbq946Z1
— 0xor0ne (@0xor0ne) April 17, 2024
Full @rapid7 analysis of PAN-OS CVE-2024-3400 now available from @stephenfewer and our stellar new research teammate @ChairNectar! Spoiler: It's a two-vuln exploit chain. https://t.co/KT2Xd7vyE5
— Caitlin Condon (@catc0n) April 16, 2024
Dune’s summary of World War II is great pic.twitter.com/uaIUBWW09j
— Delta9250 (@deltaIV9250) April 17, 2024