January 15, 2024

                        January 15, 2024

            January 15, 2024

        January 15, 2024

Nervous about heading thru the Bab?

Just punch in "ALL CHINESE CREW" and enjoy the ride. pic.twitter.com/C4uCFTG0iI
— TankerTrackers.com, Inc. (@TankerTrackers) January 14, 2024

MS open sourcing ThreadX could be quite nice for embedded vuln discovery and exploit dev– IIRC there are a ton of WiFi/BT chipsets that use ThreadX for their firmware https://t.co/B79qJ69r6X
— Brendan Dolan-Gavitt (@moyix) November 28, 2023

Reverse Engineering Smart Meters, Now With More Fuming Nitric Acid via @hackaday https://t.co/Ny0un64wHJ
— Hash (@BitBangingBytes) January 14, 2024

it has Begun pic.twitter.com/2AHb5PrWKd
— ghost denier (@coronarycommie) January 13, 2024

The Bald Eagle has never been more American than this https://t.co/1UXDYMUX3F
— Cher Scarlett (@cherthedev) January 14, 2024

Hope the pilot had the composure to ask “WHAT YEAR IS THIS?!” when the swimmers came to help him out. https://t.co/lMvFTOAFvz
— Duncan Jones (@ManMadeMoon) January 14, 2024

A WWII era aircraft 'Grumman TBM Avenger' successfully crash lands on a Florida beach. pic.twitter.com/VbGJoH8je5
— Historic Vids (@historyinmemes) January 14, 2024

FTR:
- https://t.co/ZpOimHWxY0 AIDS, a "Dos Scrambler" in 1989
- https://t.co/3hxGskWnnp "Cryptovirology: Extortion-Based Security Threats and Countermeasures" by Adam Young and Moti Yung in 1996

Thanks a lot for the feedback! https://t.co/Aieettl48v
— Ange (@angealbertini) January 14, 2024

First mention of ransomware in 2005 ?

"Future malware: [...]
the concept of information-stealing worms could some day become a reality, allowing malware developers to steal their victim’s valuable information and hold it for ransom!" pic.twitter.com/oMYTdSGrZB
— Ange (@angealbertini) January 12, 2024

#Crypto Gotchas!

A collection of common (interesting) cryptographic mistakes and learning resources.https://t.co/3YO9sDNjHWhttps://t.co/MJ8e9rA50Y
— raptor@infosec.exchange (@0xdea) January 14, 2024

🎥 Talk Recording: Triple Exploit Chain With Laser Fault Injection On A Secure Element - Olivier Heriveaux https://t.co/UpWuxjEQTy
— hardwear.io (@hardwear_io) January 14, 2024

                  Jason Leopold: "Actual document from a slide deck released to me …" - Journa.host
Attached: 1 image

Actual document from a slide deck released to me via #FOIA by FBI

Will use for my future FOIA art installation            

                  The m68k Church
@JasonLeopold            

                   Building a Faraday cage with data passthrough for ESP32 reverse engineering · ESP32 open MAC
Instructions for building an affordable Faraday cage            

Nice blog post, used the same gadget as we did in https://t.co/QREaI5cF5k https://t.co/MXBup2RBAe
— ϻг_ϻε (@steventseeley) January 15, 2024

I discovered several RCE vulnerabilities within Inductive Automation Ignition, such as ZDI-CAN-21801, ZDI-CAN-21624, ZDI-CAN-21625, ZDI-CAN-21926. 
You can access my blog post covering CVE-2023-50220 at this link :Dhttps://t.co/ZZjNU7m1Ml
— Petrus Viet (@VietPetrus) January 10, 2024

The latest vulnerability in GitLab, CVE-2023-7028, is a classic example of vulnerabilities impacting Ruby-on-Rails applications.

This vulnerability affects the feature that allows users to reset their passwords. If an attacker gains access to the token sent in the email, they…
— PentesterLab (@PentesterLab) January 15, 2024

I was interested to learn more about Vectored Exception Handling and how it can be used in malware development. Hence my first blog post of the year entitled "Syscalls via Vectored Exception Handling".https://t.co/VGE7ZQnwGz#redteam
— Daniel Feichter (@VirtualAllocEx) January 13, 2024

Neat work here.

As a reminder blueteam friends - spotting anomalous VEH is possible:https://t.co/GdaA0fruQa

Code:https://t.co/O57NBKxnRc https://t.co/NwCK5uzxaI
— Ollie Whitehouse (@ollieatnowhere) January 14, 2024

January 18th - Yaroslav Vasinskyi, responsible for the REvil Kaseya supply chain attack, will be sentenced. He has plead guilty

January 19th - Conor Fitzpatrick, ex-administrator of the infamous BreachedForum, will be sentenced. He has plead guilty

2 massive cases next week
— vx-underground (@vxunderground) January 15, 2024

                  Escaping from isolated networks using Broadcast DNS | by lvj | SensorFu | Jan, 2024 | Medium
One of our latest escape methods is the capability send Domain Name System (DNS) queries via a broadcast ethernet packet. We call this the…            

One of the most common tools that I need regularly that doesn't exist is a Linux command line tool to approximately port symbols from one ELF to a very related one.

A sort of command-line-bindiff-with-sym-porting.
— Halvar Flake (@halvarflake) January 14, 2024

Ghidra FunctionID works alright and can be scripted. I use it for porting symbols from one analyzed DDoS bot to another, it's wrong often enough, yet saves a lot of time
— Mari0n (@pinkflawd) January 15, 2024

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts

the grugq's newsletter

January 15, 2024

January 15, 2024

Jason Leopold: "Actual document from a slide deck released to me …" - Journa.host

Attached: 1 image Actual document from a slide deck released to me via #FOIA by FBI Will use for my future FOIA art installation

The m68k Church

@JasonLeopold

Building a Faraday cage with data passthrough for ESP32 reverse engineering · ESP32 open MAC

Instructions for building an affordable Faraday cage

Escaping from isolated networks using Broadcast DNS | by lvj | SensorFu | Jan, 2024 | Medium

One of our latest escape methods is the capability send Domain Name System (DNS) queries via a broadcast ethernet packet. We call this the…