April 28, 2024
April 28, 2024
Excellent LPE write-up by @gabe_k , where he details how suspected compiler changes lead to the introduction of double fetch vulnerabilities. Also discusses a KASLR side channel bypass. PoCs included. Definitely check it out https://t.co/RAjMDsnTgm
โ chompie (@chompie1337) April 28, 2024
Germany grapples with wave of spying threats from Russia and Chinahttps://t.co/RuMfY9IGae
โ Dr. Dan Lomas (@Sandbagger_01) April 28, 2024
#SpyNews - week 17 (April 21-27):
โ Spy Collection (@SpyCollection1) April 28, 2024
A summary of 89 espionage-related stories from week 17 coming from ๐ฎ๐ณ๐ต๐ฐ๐บ๐ธ๐น๐ท๐ฌ๐ง๐ฆ๐ซ๐ซ๐ท๐ท๐บ๐บ๐ฆ๐ญ๐ฐ๐จ๐ณ๐ฑ๐ง๐ฎ๐ฑ๐จ๐ฟ๐ฎ๐ถ๐ฎ๐น๐ฑ๐พ๐ท๐ด๐จ๐พ๐ฉ๐ช๐ช๐ธ๐ฉ๐ฟ๐ฐ๐ต๐ฐ๐ท๐ธ๐ฉ๐ฆ๐บ๐ธ๐ช๐น๐ณ๐น๐ฏ๐น๐ฉ๐จ๐ฆ๐ฌ๐ท๐ณ๐ฑ๐ณ๐ฟ๐น๐ผ๐ฎ๐ท๐ต๐น๐ฆ๐ช๐ต๐ฑ๐ง๐ท๐ฆ๐ฟ https://t.co/wccMd7Two6#OSINT #SIGINT #HUMINT #Espionage #Spy
A ~/.bashrc 1-liner to sniff ๐ถsudo/ssh/git passwords (pty MitM). No root required. ๐
โ The Hacker's Choice (@thc@infosec.exchange) (@hackerschoice) April 28, 2024
๐ https://t.co/zVCLwmbXv2 pic.twitter.com/Ep54gcWAqj
Here's also our postmortem of 3 years of Rust gamedev, and why we're leaving Rusthttps://t.co/oA8u7ehLuf#rustgamedev #rustlang
โ LogLog Games (@LogLogGames) April 26, 2024
I worked on MS-DOS, but not this one! Microsoft has open-sourced MS-DOS 4.00 on Github, but it might not be what you think it is.
โ Dave W Plummer (@davepl1968) April 27, 2024
MS-DOS 4.00 was an attempt at a multitasking MS-DOS, but OEMs weren't really interested, and it was only ever in limited release. So it's almostโฆ pic.twitter.com/vVeDgf57mO
As someone who worked in retail for almost 20 years, yes.
โ Kelli โซ The Opera Geek โซ (@TheOperaGeek) April 27, 2024
All of these are correct. pic.twitter.com/fFPmb9dTSt
From a one byte out-of-bounds write to a complete ROP chain
โ 0xor0ne (@0xor0ne) April 27, 2024
Writeup by @pepsipuhttps://t.co/q24vIRvdOR #cybersecurity #exploit pic.twitter.com/rM5sQU6cVH
We are proud to finally share some great research by Arnau Ortega on a 1-click #Azure tenant takeover attack. You can read all about it in our latest blog post. It explains how we could take over any Azure tenant; just by clicking one legitimate linkย ๐จhttps://t.co/WHMNJpPC7B pic.twitter.com/z4Q6eEPObb
โ FalconForce Official (@falconforceteam) April 26, 2024
I didn't want to write this, but I felt like I had to. Put this in your .bash_profile and get notifications whenever someone impersonates you, hijacks your credentials, or nefariously attaches to your forwarded ssh-agent to gain access to machines they cannot without your user pic.twitter.com/Ars98v4ztt
โ FreeBSD Frau (@freebsdfrau) April 26, 2024