August 22, 2022
The Offensive Cyber Working Group has released a new journal issue. I have opinions on some of these papers.
🚨 Summer 2022 Special Issue in the Cyber Defense Review
We are pleased to announce a special issue on 'An Offensive Future?' published by @cyberdefreview in their Summer 2022 edition, curated by the Offensive Cyber Working Group.
A 🧵of the papers 🔽
offensivecyber.org/2022/08/22/an-…
The in-depth analysis of the Zerodium brochures is on par with other papers in this space. The findings always suggest their methodology involves a lot of monkeys and dartboards: 🙈 🎯
Credit for predictive tweeting
Does somebody have a copy of "Advanced Threat Modeling: Zerodium Charts Querying And Beyond"?
Asking for a friend.
-
Kenneth Geers has published a paper via DEFCON on the Russian Ukraine cyberwar. It looks promising.
https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Kenneth%20Geers%20-%20Computer%20Hacks%20in%20the%20Russia-Ukraine%20War%20-%20paper.pdf-
risky.biz/BTN2
-
-
Updated my Gitbook for aWardriving guide with @KismetWireless. Check it out.
th4ntis.gitbook.io/th4ntis-cybers…
#wardriving #kismetwireless #cybersec #cybersecurity
-
-
I am surprised to learn there are drones manufactured to drop bombs. Taiwan has a drone, the Revolver, that can carry and drop 8 mortar rounds in sequence.
-
-
Clop have now posted the data dump of South Staffordshire Water.
It includes a significant amount of PII of staff - e.g. passports etc - and lots of corporate data. Passwords are stored in Excel.
Alarmingly, it appears they did indeed get on the SCADA/ICS network for water.
-
1/3 The POINT of end-to-end #encryption is to open up new frontiers in secure communication: to be able to safely & privately share intimacy, be that for telemedicine, for family stuff, or for simply partners.
This *obsession* with stopping one bad thing, is disproportionate. 
A dad in San Francisco took photos of his toddler’s groin for the doctor. When his Android backed the photos up to the cloud, Google flagged them as child sexual abuse material. He lost his Google account and was investigated by the police. https://t.co/OO4ipXJPsO
Kashmir Hill @kashhill
-
This is a hilarious scam. The person pretends to be a clueless crypto users asking for help withdrawing money and sends you their private key. Wallet has over $1k in it, but no gas. If someone deposits the gas fee needed to steal the money, it just gets forwarded to the scammer.
-
-
I made a very very simple tool that makes some noise every time your computer sends data to Google. Here a demo on the official Dutch government jobs site. The noise starts while typing the domain name already. Code, currently Linux only: github.com/berthubert/goo…
-
Essays on espionage from Hew Strachan, Elizabeth Braw, Richard Aldrich, Chrostopher Moran, @RoryCormac, and me:
"Above all, war is more than battles and operations. Regardless of the technology, it is, as Thucydides reminds us, the human aspects that matter most." I love this piece from @RJohnsonCCW1 at @EngelsbergIdeas
-
Can't believe my @BlackHatEvents talk was a week ago!
In case you can't wait for the recording, here are the highlights & announcements I made including:
- Metrics to improve VDPs & bug bounties
- Hybrid labor models bounty-to-contract
- Referral bounties!
lutasecurity.com/post/bug-bount…
-
The misconception that there is no sound in space originates because most space is a ~vacuum, providing no way for sound waves to travel. A galaxy cluster has so much gas that we've picked up actual sound. Here it's amplified, and mixed with other data, to hear a black hole!
-
-
https://nelsonfigueroa.dev/using-python-to-flood-scammers-with-fake-passwords/-
Don't miss what's next. Subscribe to the grugq's newsletter: