December 10, 2022

On war and cybers, some thoughts

The first reports are now coming out about the offensive cyber operations of the Ukrainian intelligence services. Apparently they’re very interested in the Russian government. I’m as shocked as you are.

Please like and subscribe.

Subscribe now

The more important lesson to learn here is that espionage is more useful than effects operations conducted without context. What I mean by that is, effects operations are most effective when employed within a strategy that takes advantage of them. Effects operations executed at random are generally speaking of negative value — they train the opposition and burn access.

Intelligence is almost always useful. Effects are useful inside a strategic context. Information operations are orthogonal because they typically don’t involve the same resources.

This focus on espionage demonstrates that Ukraine is focussed on getting the most value from their limited resources. They don’t have the same sort of cyber forces available as the Russians.

Ukraine has limited resources and must get maximum value from what they have. That means espionage.

APT Cloud Atlas: Unbroken Threat

APT Cloud Atlas: Unbroken Threat

-

Thomas H. Ptacek @tqbf

This is the biggest, most impactful cryptographic result in years, and nobody is talking about it. You can have a whole successful career and not discover something half as important as this.

sofía celi @claucece

Tomorrow (Wednesday 6th) at @BlackHatEvents, we are presenting with @martinralbrecht, @DowlingBJ and @djwj_ our work on finding practically exploitable vulnerabilities in Matrix. Join us!! https://t.co/9nOQrZGsOu (and check our paper: https://t.co/qi7boelou3)

6:49 AM ∙ Dec 10, 2022

---

69Likes13Retweets

-

Using openAI chat for phishing

-

Sad day for pre Pwn2Own bugs.

The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 | STAR Labs

Background Some time ago, we were playing with some Netgear routers and we learned so much from this target. However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface for the LAN side and one remote code execution vulnerability on the WAN side which we prepared for Pwn2Own Toronto 2022. This blog post focuses on the vulnerabilities found in version 1.0.7.78You can download the firmware from this link, and easily extract the firmware by using binwalk.

Cool vulns don't live long - Netgear and Pwn2Own

Pwn2own is a competition where hackers try to execute arbitrary code on selected devices.

-

This is absolutely hilarious.

A researcher created a bunch of research reports about vulnerabilities that weren’t actually vulnerabilities. And for an alleged RCE they included a broken PoC (it even hits the wrong web page). The developers off the Moobot malware (some sort of Mirai-alike) used the PoC to add support for this fake vulnerability!!

Moobot Uses a Fake Vulnerability - Blog - VulnCheck

An investigation into CVE-2022-28958 finds the vulnerability doesn't actually exist.

-

apenwarr @apenwarr

Delegating is hard because you have to intentionally not do stuff that you want to do because you delegated it.

That only leaves the stuff you didn't want to do that you couldn't delegate.