Last month @ASU I presented my work on formalizing automated bug discovery, developing a framework to characterize the full spectrum of approaches - from fuzzing to human analysis. I'm sharing my evolving perspective on the fundamental nature of the bug finding problem. Full…

— nedwill (@NedWilliamson) December 25, 2024

1998: rain.forest.puppy demonstrated SQL injection for the first time (though he didn't call the vulnerability that). His article in Phrack issue 54 was titled "NT Web Technology Vulnerabilities". pic.twitter.com/pF0LV8U0H2

— Today In Infosec (@todayininfosec) December 25, 2024

My maldev works and practices of 2024 (Part 1) :

+ DFC Encryption: https://t.co/Wvt4SnmjhB

+ Alternate Data Stream: https://t.co/uJJsVj7QFu

+ Cascade Injection: https://t.co/PFnFe7w3m2

+ NullXFigure: https://t.co/gBu3Yd2KJL

+ Lucifer Algorithm[Encryption Series]:…

— Smukx.E (@5mukx) December 25, 2024

CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor Discovered in Palo Alto Devices https://t.co/BUmhL3SeMA

— Nicolas Krassas (@Dinosn) December 25, 2024

Incoming NSA calls for the US to “go on the offensive” to counter cyber threats. To be clear, the US doesn’t just play defense in cyberspace right now (Cyber Com has said publicly that it has conducted offensive ops against China, for example), but Walz appears to want more https://t.co/JKxUVkBviR

— Sean Lyngaas (@snlyngaas) December 24, 2024

Security conferences:

* Windows 10 Mitigation Improvements:https://t.co/pJL4KVGYRM
* The Life & Death of Kernel Object Abuse:https://t.co/YO3vUBVhZp
* Taking Windows 10 Kernel Exploitation to the next level:https://t.co/wo11UFbgoe
* Kernel Mode Threats and Practical… pic.twitter.com/MqD8VR3P89

— Smukx.E (@5mukx) December 27, 2024

China Stuns With Heavy Stealth Tactical Jet’s Sudden Appearance

This is the most advanced flying machine we have seen out of China, lacking any tails and packing stealth and long range.

Story + prelim analysis: https://t.co/8EtGJy34s4

— Tyler Rogoway (@Aviation_Intel) December 26, 2024

Yes, China Just Flew Another Tailless Next-Generation Stealth Combat Aircraft

In less than 24hrs, two previously unseen Chinese advanced combat jet designs have broken cover & both are already undergoing flight testing.

What we know & a lot we don't: https://t.co/7rnIhXbU01

— Tyler Rogoway (@Aviation_Intel) December 26, 2024

TIL: Forensic accountants filter for people that “never take a day off work” as potential embezzlers. pic.twitter.com/HjGtisHbXy

— Trung Phan (@TrungTPhan) December 26, 2024

Understanding Page Spray in Linux Kernel Exploitationhttps://t.co/qhwcxPuxLQ#infosec #Linux pic.twitter.com/T9Lm2McvW0

— 0xor0ne (@0xor0ne) December 27, 2024

↺ Another unorthodox way to measure power consumption in software: On many Android phones high CPU load spins the magnetic sensor's compass needle. Other sensors also affected.
Nice paper by Oberhuber, Unterguggenberger, @0xhilbert and @StefanMangard, to appear in @NDSSSymposium pic.twitter.com/3GCpzCwPlG

— Yossi Oren יוסי אורן (@yossioren) December 26, 2024

EDRPrison - Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry https://t.co/MezBqlwceN

— Panos Gkatziroulis 🦄 (@netbiosX) December 26, 2024

Invoke-SMBRemoting - Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement https://t.co/aL3hnp3jQt

— Panos Gkatziroulis 🦄 (@netbiosX) December 26, 2024