January 17, 2025

                January 17, 2025

            January 17, 2025

            January 17, 2025

Today brings us the Biden administrations last Executive Order on cyber. It contains some improvements to policy surrounding emerging technologies such as AI and Post Quantum Cryptography, additional authorities to go after threat actors, and some good signal that USG is watching…
— chrisrohlf (@chrisrohlf) January 16, 2025

                  Thread by @chrisrohlf on Thread Reader App – Thread Reader App
@chrisrohlf: Today brings us the Biden administrations last Executive Order on cyber. It contains some improvements to policy surrounding emerging technologies such as AI and Post Quantum Cryptography, additional au...…            

121 days ago I reported something to Apple, no fixes and no follow ups after my ping yesterday, so here it goes the full disclosure.

Apple CUPS does not verify TLS allowing an attacker on the same network to impersonate any previously used IPPS printer (or any device really) via… pic.twitter.com/wC8fhkK48x
— Simone Margaritelli (@evilsocket) January 16, 2025

If you use openssl to check your printer TLS certificate on port 631, you'll probably find that the device is using a self-signed certificate, like pretty much all printers I had a chance to test. I have no idea how they're going to fix this without breaking backwards… pic.twitter.com/qMhFGjplu1
— Simone Margaritelli (@evilsocket) January 16, 2025

OpenAI whistleblower case reopened from suicide to active investigation

                  From Suicide' To 'Active Investigation': Open AI Whistleblower Suchir Balaji's Case Reopened - Details | Republic Business
Initially labelled a suicide by authorities, Balaji’s death has come under scrutiny following allegations by his family. 

Today, my book Infantry in Battle, 1733-1783, released. 

Why should you care?

It changes the story of 18th century battles by telling the experiences of enlisted and NCOs, not just the officers. Battle looks different when you are enlisted.

A thread for the infantrymen. 1/20 pic.twitter.com/GaElBcBlhr
— Dr. Alexander Burns (@KKriegeBlog) January 16, 2025

Thread:

                  Thread by @KKriegeBlog on Thread Reader App – Thread Reader App
@KKriegeBlog: Today, my book Infantry in Battle, 1733-1783, released. Why should you care? It changes the story of 18th century battles by telling the experiences of enlisted and NCOs, not just the officers. Battle ...…            

CobaltStrike BOF template to make a synthetic stack frame with a randomly chosen gadget for each call.

Additionally, a project for remote shellcode injection is included, providing an example of how to use ithttps://t.co/9pWckvorBi
— Rtl Dallas (@RtlDallas) January 16, 2025

                  GitHub - NtDallas/Draugr: BOF with Synthetic Stackframe
BOF with Synthetic Stackframe. Contribute to NtDallas/Draugr development by creating an account on GitHub.            

Page-Oriented Programming exploitation technique (USENIX Security)https://t.co/whuT8QKo4V#infosec #usenix pic.twitter.com/lBcj0CjEa9
— 0xor0ne (@0xor0ne) January 16, 2025

"Write Your Own Virtual Machine" 

The perfect starter project to combine C & Assembly for novices.

Build a VM from scratch, bridging high-level abstraction with low-level control.

A deep dive into how software interacts w/ hardware + learning about the intersection of C & ASM. pic.twitter.com/yF8IBUFJVK
— katzz (@0xkatzz) January 16, 2025

https://zadzmo.org/code/nepenthes/

https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/

Don't miss what's next. Subscribe to the grugq's newsletter: