Yes EvilEmpire ASN (hosting c2) aka TNSECURITY aka Russian propaganda networks are now openly buying 0days using a front company registered in the UK with an address corresponding to a dead end. Yes this is a clown show that has been allowed for months and they not even hiding… https://t.co/oY0hNpXgqT

— taha (@lordx64) August 14, 2024

The fact that in the wake of Solarwinds the U.S. gov has issued more reports about Zero Trust than you can shake a stick at but (as far as I can recollect) nothing whatsoever about proper outbound firewall for traffic from critical assets tells you so much.

None of it good. https://t.co/tgzFP85CHp

— Brian in Pittsburgh (@arekfurt) August 14, 2024

MSRC fixed a RCE bug in TCPIP module.
I found the bug several months ago.
Its score is 9.8 and exploitation is more likely. Please apply the patch immediately. pic.twitter.com/bdjBLgoaYv

— wei (@XiaoWei___) August 14, 2024

If you download the latest full factory image for the Pixel 8 (today!), you'll find Showcase.apk (a dormant backdoor with unverified configs sent over HTTP) here:https://t.co/3uhcxEWpWt pic.twitter.com/Yd0BhoFu3A

— Dan Guido (@dguido) August 15, 2024

Referring to a vulnerability in a normally disabled app included for demonstrations as a dormant backdoor is ridiculous. There are tons of vulnerabilities in code that's actually used which don't require an attacker having physical control over the device with the lock method.

— GrapheneOS (@GrapheneOS) August 15, 2024

Looking to get started with hardware hacking after DefCon? Here are a few blogs to get you started! 🧵

— wrongbaud (@wrongbaud) August 13, 2024

Looks like your Windows systems are safe from the TCP/IP RCE vulnerability (CVE-2024-38063) when you and your team decided to say "not today" and disabled IPv6 on your systems https://t.co/sNdCpm2PRb

— Florian Roth (@cyb3rops) August 15, 2024

Scraping with cyberchef + Virustotal Guide in order to find as much malicious urls/files/c2's

Step 1 find a suspected malicious ip through https://t.co/JuPOb0W3Is , honeypot , web crawlers , twitter posts

Chuck the ip in Virustotal as such and click graph pic.twitter.com/GU5WFDEsAm

— Fox_threatintel (@banthisguy9349) August 16, 2024

“They have your social security number!!!!” And? Who cares. So does every job I’ve ever worked and they’ve stolen far more from me than any hacker ever could.

— chunky fila (@chunkyfila) August 14, 2024

Iranian state-affiliated cyber groups often don't get a whole lot of respect for technical ability. (And kind of understandably so, based on reporting on most of their campaigns.😄) But this is a good reminder, if you needed it, they can sometimes be quite competent. https://t.co/w28dZo8COC pic.twitter.com/dagikvqyvO

— Brian in Pittsburgh (@arekfurt) August 16, 2024