August 23, 2024
August 23, 2024
Let's explore China’s 0-day vulnerability research capabilities.
— farmpoet (@f4rmpoet) August 22, 2024
I’ve long been intrigued by the prolific nature of Chinese teams in discovering vulnerabilities. Over the past months, I’ve gathered some data and analyzed reported vulnerabilities to gain a deeper understanding.🧵 pic.twitter.com/MeAxsOrNYL
Thread by @f4rmpoet on Thread Reader App – Thread Reader App
@f4rmpoet: Let's explore China’s 0-day vulnerability research capabilities. I’ve long been intrigued by the prolific nature of Chinese teams in discovering vulnerabilities. Over the past months, I’ve gathered some d...…
Russia tells citizens to switch off home surveillance because the Ukrainians are coming
"The enemy is massively identifying IP ranges in our territories and connecting to unprotected video surveillance cameras remotely, viewing everything from private yards to roads and highways of strategic importance," said the ministry, according to Russian newswire Interfax. "In this regard, if there is no urgent need, it is better not to use video surveillance cameras.
"It is highly discouraged to use online dating services. The enemy actively uses such resources for the covert collection of information."
There is probably a good study to be done on the use of remote IP surveillance cameras for espionage. Historically the only option was the use of CCTV cameras, which were and are hacked, but the proliferation of cheap IP cameras has greatly expanded the range, coverage, and ease of access to visual data for intelligence.
https://www.theregister.com/2024/08/21/russia_memo_ukraine_invasion/While sick in bed with fever I couldn't do too intellectually challenging things, so I decided to scrape the https://t.co/VlP5Wy0l0c DNS zones for well-known hostnames at all the mcc/mnc combinations: https://t.co/2JoWWkKqT4
— LaForge - @LaF0rge@chaos.social (@LaF0rge) August 22, 2024
what can we see from that? Only https://t.co/3Mdwne7Kz2 seems to have an ANDSF + N3IWF DNS record. And globally 251 unique ePDGs, 6 of those for emergency services.
— LaForge - @LaF0rge@chaos.social (@LaF0rge) August 22, 2024
what can we see from that? Only https://t.co/3Mdwne7Kz2 seems to have an ANDSF + N3IWF DNS record. And globally 251 unique ePDGs, 6 of those for emergency services.
— LaForge - @LaF0rge@chaos.social (@LaF0rge) August 22, 2024
OH what you thought we were taking this week off?? EC 35 out NOW 📰🏴☠️@vv474172261 proves your "DOS bugs" are skill issues
— exploits.club (@exploitsclub) August 22, 2024
An NPU N-Day exploit from @javierprtd @r0rt1z2 hacks an old Amazon tablet@nSinusR et al release SIMurai
+ jobs and more 👇https://t.co/LzQCOXkaWc
If you're into bug bounty hunting and looking for some new tricks, this web cache deception research from @tincho_508 is an absolute gold-minehttps://t.co/DyqGUEpPzX
— James Kettle (@albinowax) August 22, 2024
New blog entry: C++ Unwind Metadata: A Hidden Reverse Engineering Bonanza https://t.co/0of8NJdZm4 pic.twitter.com/9Ea0xYiEtW
— Rolf Rolles (@RolfRolles) August 22, 2024
HYPERPILL, a novel fuzzing tool, leverages hardware virtualization to identify vulnerabilities in arbitrary hypervisors without source-code access. It outperforms existing methods and discovered 26 new bugs. #CyberSecurity #USENIX2024https://t.co/vKsHhXb8bE
— Geeknik`s 🌻 Lab (@geeknik) August 23, 2024
I published a deep dive into TOCTOU (Time-Of-Check to Time-Of-Use) attacks, and I'd appreciate it if you'd give it a read :)
— Olivia Gallucci ✨ (@OliviaGalluccii) August 21, 2024
Covers manipulation of execution flows to exploit race conditions, symlinks, + other conditional checks: https://t.co/ZkHxGZW9rO#InfoSec #TOCTOU pic.twitter.com/0Rk8YwxK44
Before we announce the exciting keynotes for #FUZZING'24, we found some time to upload the recordings for the last two years by Abhishek Arya (@infernosec), @AndreasZeller, Cristian Cadar (@c_cadar), and Kostya Serebryany (@kayseesee).
— Marcel Böhme👨🔬 (@mboehme_) August 22, 2024
//@lszekeres, @baishakhir, @yannicnoller.
Thread by @mboehme_ on Thread Reader App – Thread Reader App
@mboehme_: Before we announce the exciting keynotes for #FUZZING'24, we found some time to upload the recordings for the last two years by Abhishek Arya (@infernosec), @AndreasZeller, Cristian Cadar (@c_cadar), and ...…
"Russia's Federal Security Service (FSB) has opened a criminal case against a scientist in Moscow suspected of carrying out distributed denial-of-service (DDoS) attacks on behalf of Ukraine’s intelligence agency".https://t.co/PXFuS1e5oj
— Dr. Dan Lomas (@Sandbagger_01) August 22, 2024
saw someone on here say that i make five figures a month off twitter. buddy, ELON MUSK doesn't even make five figures a month off twitter
— derek guy (@dieworkwear) August 23, 2024
Everyone is talking about the OP’s ethics, life choices, or genius, or whatever. Who cares?
— thaddeus e. grugq (@thegrugq) August 23, 2024
But the real story is: OPSEC FAIL!
- Google layoff
- Hired 18 months ago
- has ~8hrs a week of meetings
- 0 kingpin goals
- 7 tickets
- took “3m” to dev a dashboard
Easily identifiable. https://t.co/3AJ2REZj4q