August 27, 2022

                August 27, 2022

            August 27, 2022

            This seems very important. The Belarus cyber partisans provided Bellingcat with a database that led to the exposure of a GRU Illegal. 
Christo Grozev @christogrozev
We first noticed her thanks to a super useful database shared with us by @cpartisans: the border crossing records of Belarus. We knew the passport ranges of GRU and FSB spies, so we decided to search in that data-set by partial matches, leaving the last 3 digits out as wildcards.3:19 PM ∙ Aug 26, 2022
1,020Likes87Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

rootsecdev @rootsecdev
Current state of C2 infrastructure 
11:07 PM ∙ Aug 25, 2022
191Likes36Retweets
-
raptor @0xdeaImpressive work 👏 

IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit

srcincite.io/blog/2022/08/1…srcincite.ioIAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click ExploitOn March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...12:44 PM ∙ Aug 27, 2022
3Likes1RetweetBrian Alvey @brianalvey
The most popular software for writing fiction isn't Word. It's Excel.12:25 AM ∙ Jun 22, 2011
3,444Likes3,706Retweets
-
The Glasshouse Centre discuss the Mudge whistleblower event, along with a number of other events of the last week. 
-
Ukraine translated the IRA green book for resistance fighters. 

https://www.sundayworld.com/news/irish-news/ukrainian-soldiers-use-iras-green-book-in-preparation-for-guerrilla-warfare-against-russia/41474758.html

The library which the Ukrainians make available for underground resistance work includes the popular “Total Resistance” Swiss manual. 

https://sprotyv.mod.gov.ua/portfolio/download/

-
vx-underground @vxunderground
.@ddd1ms has published an interview with the infamous 'Wazawaka', alternatively known as BorisElcin, Babuk, or UNC1756.

This individual takes credit for the ransoming of Costa Rica, Capcom, the D.C. Metropolitan Police Department and more.

Article: 
therecord.mediaAn interview with initial access broker Wazawaka: ‘There is no such money anywhere as there is in ransomware’Wazawaka talked to Recorded Future analyst and product manager Dmitry Smilyanets about his interaction with other hackers, details about ransomware attacks he’s been involved in, and how he settled on the name Babuk.4:27 PM ∙ Aug 26, 2022
87Likes24Retweets
-
Andrew Prokop @awprokopWith the headlines about classified docs at Mar-a-Lago containing info on "human sources," I can't help but think of this old article 

nytimes.com/2019/09/09/us/… 
5:55 PM ∙ Aug 26, 2022
430Likes190Retweets
-
mdowd @mdowd
The movie Sneakers came out 30 years ago today. It was this movie that made me want to get in to hacking. They didn't really mention all the fucking heap grooming though.3:11 AM ∙ Aug 27, 2022
464Likes52Retweets
-
raptor @0xdeaA veritable treasure trove of FreeBSD kernel exploitation techniques and possibilities…

FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug, by @accessvector

accessvector.net/2022/freebsd-a… 
1:05 PM ∙ Aug 27, 2022
7Likes3Retweets
-
Battle Programmer Yuu @netspookyThis is one of the most in depth blog series I've ever read about networking on Linux. A bit old now but still 🔥

Everything from physical NIC registration to how data moves from userland<->kernel and beyond.

Sending: blog.packagecloud.io/monitoring-tun…

Receiving: blog.packagecloud.io/monitoring-tun… 
5:14 PM ∙ Aug 26, 2022
608Likes140Retweets
Battle Programmer Yuu @netspooky
Also if you are interested in low level Linux and you hadn't had the opportunity to read this wonderful text, Linux Insides by @0xAX is a must-read. You can read it linear, or use as a reference to how certain things work. And it's in multiple languages!

0xax.gitbooks.ioIntroduction · Linux Inside5:25 PM ∙ Aug 26, 2022
163Likes42Retweets
-
London & UK Street News @CrimeLdn
Ashland, Milton Keynes ATM robbery 😯😯 
10:47 AM ∙ Aug 26, 2022
997Likes230Retweets
-
Shayan Sardarizadeh @Shayan86
On this @BBCtrending episode we've examined the latest and most extreme incarnation of Japan's QAnon movement. 

Members of the anti-vax group Yamato Q believe they have different genes from the rest of the population and accuse police of being reptiles.
bbc.co.ukBBC World Service - Trending, The strange story of QAnon in JapanHow did a bizarre US-based conspiracy theory lead to street protests around Japan?5:10 AM ∙ Aug 27, 2022
118Likes58Retweets
-
Sardonicus @RealSardonicus
8:27 AM ∙ Aug 27, 2022
126Likes31Retweets
-
Robᵉʳᵗ Graham @ErrataRob
I always find it weird how companies have hijacked the "full disclosure" movement into a "payments to keep quiet" movement. 
Sean Melia @seanmeals
Wow, what a moment to receive a bounty like this on @Hacker0x01 https://t.co/wqKDZZlpYb4:49 AM ∙ Aug 27, 2022
88Likes28Retweets
-
They know how to sell it… of course, the Army isn’t really a top tier threat actor.
U.S. Army Chief of Cyber @ArmyChiefCyberInterested in becoming a nation state hacker? We will develop your skills in offensive and defensive cyber operations. Defend. Attack. Exploit. goarmy.com/careers-and-jo… 
10:41 PM ∙ Aug 26, 2022
2,466Likes547Retweets
-
Anthropic @AnthropicAI
We examine which safety techniques for LMs are more robust to human-written, adversarial inputs (“red teaming”) and find that RL from Human Feedback scales the best out of the methods we studied. We also release our red team data so others can also use it to build safer models. 
3:43 PM ∙ Aug 25, 2022
295Likes50Retweets
suzuha X 🏴⚡🌙 @dystopiabreaker
reminder that creating models for automated censorship also creates the ability to automatically generate the censored content in concentrated form 
Anthropic @AnthropicAI
We analyze the red team attacks and find diverse harms, which range from soliciting offensive language, to soliciting subtly harmful, non-violent unethical outputs, and more (see UMAP visualization below). A brighter point means a more successful attack. https://t.co/pkJWSwQjM46:36 AM ∙ Aug 27, 2022
98Likes19Retweets
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                Don't miss what's next. Subscribe to the grugq's newsletter: