December 8, 2024
December 8, 2024
The lack of end-to-end encryption through the telco infra *is* the vulnerability.
— Dino A. Dai Zovi (@dinodaizovi) December 7, 2024
We improved Internet infra security by largely de-privileging the intermediate hops through widespread use of TLS. Now attackers go for VPN boxes because that's where traffic exists in plaintext. https://t.co/tM87qBUvmc
Strongly agree with @dinodaizovi. USG understands this vulnerability, they’re just still under the illusion they’re the only ones who can exploit it. https://t.co/Op2aGBmi8S
— chrisrohlf (@chrisrohlf) December 7, 2024
I would clarify that attackers go after VPNs because they are accessible and provide privileged access to the target network. Getting into a VPN is easy given their poor security and once there attackers are both hard to detect and well positioned to target the rest of the network. They’re just really good devices to hack.
And also, most attackers don’t care about encrypted traffic vs plaintext because they’re typically not positioned to sniff the wire anyway. VPNs are valuable for pragmatic reasons, as stated above.
None of which is to detract from either Dino or Chris. I agree with both of them.
A collection of GPT system prompts and various prompt injection/leaking knowledge.https://t.co/qjiFBQzbhC
— Nicolas Krassas (@Dinosn) December 6, 2024
https://bsky.app/profile/zachsdorfman.bsky.social/post/
Pham Xuan An - by Runa Sandvik - Journalist and Spy
Pham Xuan An was a spy for the Viet Cong during the Vietnam war. Trained in the U.S., he returned to Vietnam to work for Time, Reuters and the New York Herald Tribune.
superdeye: Indirect Syscall with TartarusGate Approach in Go. Scan hooked NTDLL and retrieve the Syscall number to then do an indirect Syscall with it, thus allowing the bypass of AV/EDR that put hooks on functions https://t.co/Xv9k5KRja8
— Panos Gkatziroulis 🦄 (@netbiosX) December 6, 2024
Has anyone heard of malware using eBPF in any way? Are there hashes??
— Mari0n (@pinkflawd) December 7, 2024
I've found modified versions of a few PoC rootkits I described here: https://t.co/FDjjQOE77m
— mer0x36 (@mer0x36) December 7, 2024
https://t.co/BGUzRWLoclhttps://t.co/JqVmBcotco
— Alex Plaskett (@alexjplaskett) December 7, 2024
There was BPFDoor from Red Menshen 2-3 years ago, might be outdated.https://t.co/MaNLPT5PNGhttps://t.co/kkGqYQFDxH
— batcain (@batcain_) December 7, 2024
With Salt Typhoon, it's hard to reconcile "follow best practices"-style advisories from @NSACyber @CISAgov etc, with reports of bespoke implants for telco backbone infrastructure and penetrations of hardened lawful interception systems.
— Alexei Bulazel (@0xAlexei) December 7, 2024
Failure by all involved - but mostly .gov https://t.co/P6pqijDjfO
Given the decade and a half since AURORA PANDA intrusions against warranted access systems across Silicon Valley, & the dozens of cases of other BRONZE / TYPHOON hits against telecoms throughout East Asia & South Asia, is the real practice “blame industry for not being able to…
— JD Work (@HostileSpectrum) December 7, 2024
A curated list of resources to analyse and study malware techniques https://t.co/5pdwtuiz6p
— Panos Gkatziroulis 🦄 (@netbiosX) December 7, 2024
#SpyNews - week 49 (December 1-7):
— Spy Collection (@SpyCollection1) December 8, 2024
A summary of 83 espionage-related stories from week 49 coming from 🇨🇳🇺🇸🇺🇦🇷🇺🇮🇷🇮🇱🇯🇵🇵🇱🇫🇷🇩🇪🇨🇦🇸🇩🇧🇾🇬🇧🇹🇷🇷🇴🇫🇮🇮🇹🇧🇬🇪🇬🇰🇼🇲🇱🇳🇿🇦🇿🇦🇲🇳🇱🇱🇧🇦🇪🇸🇪🇸🇾🇱🇾🇮🇶🇷🇼🇧🇪🇵🇰🇦🇫🇮🇳🇳🇴🇪🇸🇨🇿🇨🇭🇰🇵🇰🇷🇧🇩🇰🇭🇹🇼🇿🇼🇿🇦🇰🇪🇨🇾🇭🇺🇪🇪 https://t.co/9g2GigAmSF#OSINT #HUMINT #SIGINT #espionage #spy