August 19, 2024
August 19, 2024
Are Geofence Warrants Headed for Extinction?
https://www.americanbar.org/groups/criminal_justice/publications/criminal-justice-magazine/2024/summer/geofence-warrants-headed-extinction/Vulnerability research and exploitation of Chromium Embedded Framework (CEF)https://t.co/vkDWQXzJJw
โ 0xor0ne (@0xor0ne) August 18, 2024
Credits @DarkNavyOrg#infosec #chrome pic.twitter.com/XmdLjV8PNW
Publishing some of the notes I've amassed over my years in #macOS security. There's lots, so I'm publishing them as I collate them into something structured and readable. My first few are available, and the rest will be as I finish them.https://t.co/HSjmlGVH5i
โ Stuart Ashenbrenner ๐บ๐ธ ๐จ๐ฆ (@stuartjash) August 18, 2024
The entire archive of the The Onion front pages
The Onion's Front Page Archive - The Onion
1900โ1909 1910โ1919 1920โ1929 1930โ1939 1940โ1949 1950โ1959 1960โ1969 1970โ1979 1980โ1989 1990โ1999 2000โ2024 1900โ1909 1910โ1919 1920โ1929 Advertising Advertising 1930โ1939 1940โ1949 1950โ1959 Advertising Advertising 1960โ1969 1970โ1979 1980โ1989 Advertising Advertising 1990โ1999 Read More
A reimplementation of cobalt strike beacon
GitHub - kyxiaxiang/Beacon_Source: not a reverse-engineered version of the Cobalt Strike Beacon
not a reverse-engineered version of the Cobalt Strike Beacon - kyxiaxiang/Beacon_Source
I went through "final" FIPS 203 and FIPS 204 documents again, and wrote fresh Python "models" (implementations) while doing it. Compared against NIST's test json vectors. I think the vectors match with the spec now (for the functions that have them.) https://t.co/7glpqQygq0
โ mjos\dwez (@mjos_crypto) August 18, 2024
My colleague @nickmalcolm made a pretty cool vuln explainer video https://t.co/qReF7IivpV
โ joernchen (@joernchen) August 18, 2024
One reason Iran might be recalculating their retaliationโjust look how penetrated they and their most valued proxies are. https://t.co/TdTPflLiBL pic.twitter.com/eAWmsXUfok
โ Michael Weiss (@michaeldweiss) August 19, 2024
New blog up: "What a Cluster! How Industry Groups and Names Threat Activity Clusters". I decided there was a need for it since we are more regularly talking about UNCs and STACs these days and it can be confusing for those just getting into #cti. https://t.co/aTuYeER2su
โ InfoSecProf (@_John_Doyle) August 19, 2024
https://x.com/mrkoot/status/1825499552390013363
When some orgs are allowed to implment their own ideas of how auth should work:https://t.co/HQ0VBVh9R5
โ Daniel Cuthbert (@dcuthbert) August 19, 2024
this thread is golden, a lesson in how not to do it
Mentioned before, but hereโs the paper
MIFARE Classic (FM11RF08S) cards have been found to be backdoored by the manufacturer, allowing all user-defined keys to be dumped with physical access. https://t.co/74EPJQiTYj pic.twitter.com/RUJzwI1JBe
โ Denis Laskov ๐ฎ๐ฑ (@it4sec) August 17, 2024
It's time to take a closer look at CVE-2024-38063 (Windows TCPIP RCE).
โ farmpoet (@f4rmpoet) August 19, 2024
I usually don't post partial analysis but since most available info is unreliable I'll do my best to try and shed some light.
This time I'll focus on my workflow and thought process as we go. ๐งต
Thread by @f4rmpoet on Thread Reader App โ Thread Reader App
@f4rmpoet: It's time to take a closer look at CVE-2024-38063 (Windows TCPIP RCE). I usually don't post partial analysis but since most available info is unreliable I'll do my best to try and shed some light. This...โฆ
Exploiting an object corruption bug in v8 Javascript engine (CVE-2024-3833)https://t.co/wyJGIFK3Tp
โ 0xor0ne (@0xor0ne) August 19, 2024
Credits @mmolgtm#chrome #cybersecurity pic.twitter.com/XTZqnTHtkX