December 13, 2024
December 13, 2024
Happy Friday the 13th to all who celebrate.
For personal reasons km afraid the next few days will be a light newsletter.
The Paranoids @ Yahoo was one of the oldest, largest, and highest reputation internal security teams in the industry.
— Matt Johansen (@mattjay) December 12, 2024
A lot of good talent was built and trained there. https://t.co/WMs1YUO6w7
Two letters from @RonWyden’s office
— chrisrohlf (@chrisrohlf) December 13, 2024
The first was sent to the DoD Inspector General last week & asks some good questions around why telecom contracts were pursued in the face of known vulnerabilities & foreign surveillance risks. I recommend reading each appendix.… https://t.co/e3JBYkGSN8
The second, from October, is addressed to the FCC and states the agency has had the authority to mandate cyber security regulations at telecoms subject to CALEA for the last 2+ decades. It further states USG shares the blame for Salt Typhoon for failing to listen experts who have…
— chrisrohlf (@chrisrohlf) December 13, 2024
There is no such thing as a secure backdoor. The only long lasting mitigation to Salt Typhoon is e2ee of all communications regardless of data classification. Equities have shifted since the 1990’s and these insecure systems now represent more national security risk than they…
— chrisrohlf (@chrisrohlf) December 13, 2024
Another approach to disable EDRs (with anti-tampering). Credit goes to @sixtyvividtails for the idea🧙♂️
— Rad (@rad9800) December 13, 2024
PendingFileRenameOperations and an NTFS junction, we can ask Windows to delete EDR binaries on reboot (with Admin privs)
A link to a complete GitHub PoC follows in replies pic.twitter.com/ZYjjGW7qCu
— Rad (@rad9800) December 13, 2024
So basically, companies pay Youtube to show ads and we pay Youtube to not show ads https://t.co/B0VLDW5n8r
— KACHI 🎎 (@Kachidey4you) December 12, 2024