April 29, 2022

                April 29, 2022

            April 29, 2022

            Great lecture. Totally recommended.

raptor @0xdeaNimbuspwn Linux privilege escalation 

microsoft.comMicrosoft finds new elevation of privilege Linux vulnerability, Nimbuspwn - Microsoft Security BlogMicrosoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impac…6:32 AM ∙ Apr 28, 2022
15Likes6Retweets
C'thulhu, No Country for Old Gods @CthuhluRisen
Jupiter, strung out on caffeine, sleep deprived, struggling to care for 79 moons, at it's breaking point. 
7:24 AM ∙ Apr 27, 2022
24,712Likes4,444Retweets
Fair warning.
Kenn White @kennwhite
One major theme evident in the security world this conference season: the quality & sophistication of offensive research coming out of top teams in China is just *staggering*.9:54 PM ∙ Apr 28, 2022
52Likes21Retweets

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Chinese propaganda posters repurposed.
Minmin Low @minminlowCNA
How community organising looks like under lockdown. Received this from neighbor. Not my estate. The poster invites people to clang pots from balconies 7pm-7.30pm tonight to demand govt aid. 
9:46 AM ∙ Apr 28, 2022
261Likes106Retweets
This is just cool
Virtual Colossus @VirtualColossusWant to program & run a 1960s 2nd generation computer, but don't have room at home? Now you can, with Virtual Flossie! A fully working simulation of the ICT 1301. Use the console dials & switches just like the real thing! tnmoc.org/virtual-flossie @tnmoc @kenshirriff @Grady_Booch 
9:06 PM ∙ Apr 28, 2022
441Likes143Retweets
PwC has published their year in review for cyber threats of 2021.

https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect.html

Some war on the rocks excellence

https://warontherocks.com/2022/04/start-with-the-political-explaining-russias-bungled-invasion-of-ukraine/

Sticking with a theme, here’s a great look at military occupations in practice.

https://mwi.usma.edu/miscalculation-and-myopia-in-moscow-understanding-russias-regime-change-folly/

Future war. One thing I’ve not seen in discussions on future war is coverage of logistics and supply chains. That seems like an oversight, given what we’ve seen demonstrated recently.
Drones, from killer UAVs to hobbyist toys have created a very different operational environment. Similarly, the OSINT community has made operations far less secret. The proliferation of smartphones and internet changes alters the operational environment as well.
So what about 3D printers? Surely they must change the parameters of a conflict. One example, sabotage of complex machinery generally seeks to damage the most critical and difficult to replace parts. To keep the machine out of service for the longest time possible. How does that change if any part can be reprinted in the same time.
Chris Wysopal @WeldPond
“We have maybe 1,000 printers, and now we are waiting for specific directions from Ukrainian defense which parts we need to print. . . . With 1,000 machines we can print 10,000 parts a day, to be honest. It’s that kind of possibility for the future.” forbes.comPutting 3D Printers To Work In Ukraine’s War ZoneEntrepreneurs in Poland rush printers to the stricken neighboring country for use creating protective gear, tourniquets, periscopes—and even drones—for the Ukrainian defense.10:53 AM ∙ Apr 29, 2022
27Likes12Retweets
This thread is a cool list of clever reverse engineering tricks.
Battle Programmer Yuu @netspooky
What's a handy reverse engineering trick that you think more people should know about?10:32 PM ∙ Apr 28, 2022
462Likes89Retweets
More on drones. 
Chris Wysopal @WeldPond
"DJI’s Lisberg says it’s his fault but also tells us that his R&D contacts in China repeatedly told him it was encrypted and that it took senior managers to step in and admit it wasn’t true."
theverge.comDJI insisted drone-tracking AeroScope signals were encrypted — now it admits they aren’tIt took a hacker to reveal DJI told us the wrong thing.3:00 PM ∙ Apr 29, 2022
9Likes6Retweets

Monta Elkins @montaelkins
All of industrial control systems. 
2:13 PM ∙ Apr 29, 2022
558Likes120Retweets
Adam Segal @adschina
Beijing's Jiankang bao app (Health Kit) was hacked by an overseas network 

caixin.com/2022-04-29/101…  

app, jointly created by Beijing Bureau of Economy and IT, Foreign Affairs office of Beijing for foreigners to display their health status and COVID-19 testing/vaccine status
caixin.com北京健康宝遭境外网络攻击，黑客通常有哪些伎俩？｜解释DDoS攻击是使用最普遍的网络攻击方式之一，此外常用的还有勒索软件攻击、擦除器攻击等3:10 PM ∙ Apr 29, 2022

Thank you for reading The Info Op. This post is public so feel free to share it.
Share

Don't miss what's next. Subscribe to the grugq's newsletter: