December 20, 2022

                            December 20, 2022

                December 20, 2022

Jameson Lopp @lopp
This video of cops in Nevada searching a suspect and finding a seed phrase is pretty wild. Imagine having your seed phrase become part of public record due to it being captured by an officer's body camera! 
10:10 PM ∙ Dec 18, 2022
4,397Likes799Retweets
-
Meagan Visage 🧅 @themeagan
@muntazer_zaidi happy belated! 
8:58 PM ∙ Dec 18, 2022
8,672Likes1,073Retweets
-
POC for the new injection technique, abusing windows fork API to evade EDRs. 

https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

https://github.com/deepinstinct/Dirty-Vanity

            Astra Kernel :verified:: "POC for the new injection technique, abusing wind…" - Infosec Exchange
            POC for the new injection technique, abusing windows fork API to evade EDRs. 

https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

https://github.com/deepinstinct/Dirty-Vanity

#infosec #threatintel #threathunting #edr #redteam

-
GreyNoise has released a "Year of Mass Exploits" retrospective report for 2022 highlighting four of the most significant vulnerabilities of the year.
The list includes the Log4Shell (CVE-2021-44228) vulnerability, targeted in nearly one million exploitation attempts within the first week after its discovery.

            2022: A Look Back On A Year Of Mass Exploitation
            Researchers at GreyNoise Intelligence have added over 230 tags since January 1, 2022, which include detections for over 160 CVEs. In todayâs release of the GreyNoise Intelligence 2022 "Year of Mass Exploits" retrospective report, we showcase four of 2022's most pernicious and pwnable vulnerabilities.

            Sergiu Gatlan: "GreyNoise has released a "Year of Mass Exploits" …" - Mastodon
            Attached: 1 image

GreyNoise has released a "Year of Mass Exploits" retrospective report for 2022 highlighting four of the most significant vulnerabilities of the year.

The list includes the Log4Shell (CVE-2021-44228) vulnerability, targeted in nearly one million exploitation attempts within the first week after its discovery.

https://www.greynoise.io/blog/2022-a-look-back-on-a-year-of-mass-exploitation

-
Kevin Collier @kevincollier
New Mandiant report today assesses with moderate confidence that the GRU directed the pro-Russian "hacktivist" DDoS attack on Mississippi's Secretary of State, keeping it offline most of election day. I expect this to be a huge concern come 2024.
mandiant.comInformation Operations Targeting 2022 U.S. Midterm Elections Include Trolling, Narratives Surrounding Specific Races, Politicians | MandiantMandiant identified information operations activity from various foreign state-aligned campaigns during the 2022 U.S. midterm elections.3:15 PM ∙ Dec 19, 2022
84Likes50Retweets
-
NASA InSight @NASAInSight
My power’s really low, so this may be the last image I can send. Don’t worry about me though: my time here has been both productive and serene. If I can keep talking to my mission team, I will – but I’ll be signing off here soon. Thanks for staying with me. 
9:43 PM ∙ Dec 19, 2022
463,417Likes49,811Retweets
-
Cryogenic horror stories

            Horror stories of cryonics: The gruesome fates of frozen bodies - Big Think
            Cryonics is the practice of freezing your body in the hope of resurrection by future medicine. Some pioneers met a fate grislier than death.

-
Rick Aaron @RickAaron
This holiday season I will be in good spirits as long as good spirits are in me.1:26 PM ∙ Dec 19, 2022
61Likes25Retweets
-
Ciaran Martin @ciaranmartinoxf
"It is often impossible to work out exactly where private risk ends and public risk starts" - why Govts are getting increasingly involved in cyber security

Pt 2 of my series of articles on the two data breaches in Australia is now available on Substack!
ciaranmartin.substack.comLessons from Down Under’s Data Disasters, Pt 2Many of the problems in cyber security are economic and social, not technical. And digitisation privatises public risk like never before. That’s why Governments are increasingly required to step in8:59 AM ∙ Dec 20, 2022
13Likes6Retweets

Wizards guide to debugging

The Pocket Guide to Debugging

December 20, 2022

Astra Kernel :verified:: "POC for the new injection technique, abusing wind…" - Infosec Exchange

POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417 https://github.com/deepinstinct/Dirty-Vanity #infosec #threatintel #threathunting #edr #redteam

2022: A Look Back On A Year Of Mass Exploitation

Sergiu Gatlan: "GreyNoise has released a "Year of Mass Exploits" …" - Mastodon

Cryogenic horror stories

Horror stories of cryonics: The gruesome fates of frozen bodies - Big Think

Cryonics is the practice of freezing your body in the hope of resurrection by future medicine. Some pioneers met a fate grislier than death.