December 3, 2022

                December 3, 2022

            December 3, 2022

frycos @frycos
My blog post "Pre-Auth RCE with CodeQL in Under 20 Minutes"

frycos.github.ioPre-Auth RCE with CodeQL in Under 20 MinutesThis write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.2:10 PM ∙ Dec 2, 2022
165Likes64Retweets
-
Subscribe now
-
Max Smeets @Maxwsmeets
I so enjoyed engaging with the inaugural @EuropeanCyber fellows. I also learned so much.

The launch of the fellowship would not have been possible without the support of @Hewlett_Found, @Mandiant, and @MaltaGov.

Apply by Jan 15 if you'd like to be part of the 2023-24 cohort! 
European Cyber Conflict Research Initiative @EuropeanCyber🚨🚨APPLICATIONS OPEN: European Cybersecurity Fellowship 2023-2024🚨🚨

The European Cyber Conflict Research Initiative is delighted to announce it is now opening applications for the European Cybersecurity Fellowship. 

https://t.co/265TL0KYk71:48 PM ∙ Dec 2, 2022
22Likes6Retweets
-
Seamus Hughes @SeamusHughes
My long form ⁦@politico⁩ interview⁩ on the Jan6 prosecution, the oath keepers, and future of domestic extremism

“Nor should we put the pressure of solving the country’s domestic extremism problem on the shoulders of four attorneys in Washington.” politico.comThe Oath Keepers Got Convicted. Now What?Prosecutors may have taken down the group’s leaders, but there could be an anti-government backlash.1:24 PM ∙ Dec 2, 2022
44Likes18Retweets
-
Ivan Kwiatkowski @JusticeRage
Step 1: open a binary in IDA and press F5
Step 2: paste the decompiled code into OpenAI's chatbot

Someone's job just got way easier. 
12:06 PM ∙ Dec 2, 2022
3,852Likes689Retweets
-
Bret Devereaux @BretDevereauxAnd we're back from hiatus on ACOUP!

This week's post answering a question posed by the ACOUP Senate: Why was Egypt such an unusual part of the Roman World?

acoup.blogCollections: Why Roman Egypt Was Such a Strange ProvinceWelcome back! We are back from our November hiatus and thus back to regular weekly posts! This week we’re going to answer the runner-up question in the last ACOUP Senate poll (polls in which …4:24 PM ∙ Dec 2, 2022
90Likes13RetweetsCollections: Why Roman Egypt Was Such a Strange Province

https://acoup.blog/2022/12/02/collections-why-roman-egypt-was-such-a-strange-province/

-
TVAyyyy ✶ ✶ ✶ ✶ @TVAyyyy
For those who celebrate 
4:25 PM ∙ Dec 1, 2022
184,936Likes18,390Retweets
-
Ollie Whitehouse - @ollie_whitehouse@infosec @ollieatnccgroup
Weekly analysis is out:
-🇷🇺 ops in 🇺🇦 using wipers
-🇨🇳 ops using USB in 🇵🇭
-🇰🇵 ops in 🇰🇷
-🇰🇵 ops using pretend IBM security products
-🇮🇷 🎣 ops against 🇦🇪
-🇪🇸 commercial exploit provider outed

plus policy analysis and offensive & defensive tradecraft.. 

bluepurple.substack.com/p/bluepurple-p…bluepurple.substack.comBluepurple Pulse: week ending December 4thIf you needed proof cyber is complex.5:09 PM ∙ Dec 2, 2022
7Likes1Retweet-
I think about this, from a long list of evidence seized from an Inner Circle hacking group member's house by the FBI in 1983, a lot.

https://chaos.social/@realhackhistory/109428989004653822

-
Thread on hacking on airplane wifi
𝚛𝚎𝚣𝟶 @rez0__
Before paying for full wifi access, planes give you limited access to a portal where you can pay. Most people don't realize this, but there's actually a bunch of allow-listed domains. The aircraft company's site, the 3rd party wifi provider, lots of CDNs hosting JS, etc.2:21 AM ∙ Dec 3, 2022
119Likes5Retweets
-
beetle moses @beetlemoses
4:37 PM ∙ Dec 2, 2022
199,488Likes19,753Retweets
-
Forget Cocaine Bear, here’s Snake Dick
-
Byron Wan @Byron_Wan
In the US:

🚨 9 confirmed or suspected 🇨🇳 proxy police stations and courts in NYC, San Fran and LA

🚨 a further 9 "Chinese Support Centers" — part of the United Front, CCP's global influence apparatus — that offer unspecified support to overseas Chinese newsweek.com/2022/12/23/xi-…newsweek.comXi Jinping ramps up China’s surveillance, harassment deep in AmericaAmid COVID protests, the totalitarian state is trying to choke dissent on U.S. soil through surveillance, intimidation and even violence, a Newsweek investigation reveals10:11 AM ∙ Dec 3, 2022
35Likes17Retweets-
Soviet Visuals @sovietvisuals
Soviet office phone, 1971. 
8:15 AM ∙ Dec 3, 2022
581Likes78Retweets
-
Here are some slides about the V8 Sandboxing project that I prepared for an internal talk but figured I could also share more widely: https://docs.google.com/presentation/d/1iDWDHuAZ8ee-dRF5Lkf0nwO2mkLdZG_YJEP1yPvJ09E/edit?usp=sharing

https://chaos.social/@saelo/109445092246518394h

-

Don't miss what's next. Subscribe to the grugq's newsletter: