January 23, 2024
January 23, 2024
The third article (62 pages) of the Exploiting Reversing Series (ERS) is available on:https://t.co/UuOt1aLcNX
— Alexandre Borges (@ale_sp_brazil) January 22, 2025
I would like to thank Ilfak Guilfanov @ilfak and Hex-Rays SA @HexRaysSA for their constant and uninterrupted support, which have helped me write these articles.
The… pic.twitter.com/4D9iyy9zDt
you want me to attend a work meeting? the thing that killed Julius Caesar?
— Neil Renic (@NC_Renic) January 22, 2025
I just noticed the PoC for this fresh critical Outlook/RTF bug (https://t.co/7ngXecGY7D) was shared at https://t.co/AfJSnWDiVL, so I uploaded it to EXPMON and EXPMON successfully detected it as potential zero-day!
— EXPMON (@EXPMON_) January 22, 2025
Check it out: https://t.co/5OMC1JAfXZ pic.twitter.com/E00LkEbaBU
New flavor of CFAA violation just dropped. Bypassing AI content filters to create "illicit" contenthttps://t.co/mRZfzVaOmZ
— Chris Wysopal (@WeldPond) January 22, 2025
very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled:
— zhero; (@zhero___) January 21, 2025
Next.js, cache, and chains: the stale elixirhttps://t.co/UFndJxNYLI
note: does not cover the latest findings shared in my recent posts
enjoy reading; pic.twitter.com/raKdFmv3Yb
Introducing the Cookie Sandwich, a tasty technique to steal HttpOnly cookies using legacy RFC features: https://t.co/kellcWkFoL
— d4d (@d4d89704243) January 22, 2025
An NFC research toolkit application for Androidhttps://t.co/Xl97o5S4eS
— Nicolas Krassas (@Dinosn) January 22, 2025
#ESETresearch discovered and named 🇨🇳 China-aligned #APT group #PlushDaemon. It carried out a supply-chain compromise of a 🇰🇷South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper. @0xfmz https://t.co/hzahSinMMK 1/6
— ESET Research (@ESETresearch) January 22, 2025
New blog from me on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that I identified in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan. https://t.co/SkiuwSxVfI
— Josh (@passthehashbrwn) January 17, 2025
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR. https://t.co/hdiiWB9sCQ
— Josh (@passthehashbrwn) January 17, 2025
NEW: @Europol chief: to 'enforce' democracy, police need encryption backdoors.
— John Scott-Railton (@jsrailton) January 22, 2025
Says anonymity "not a fundamental right"
I disagree. Demanding total access to private communications lays the technical groundwork for undermining democracy.
Story by @journosooz & @lauramdubois pic.twitter.com/BINdQHcGcC
Kevin published the email addresses in the #Fortigate config dumphttps://t.co/AfSatNKgBv pic.twitter.com/esA1xmD7pE
— Florian Roth ⚡️ (@cyb3rops) January 23, 2025
BAHAHAHAHAHAHAHAHAHAHAHAHAHA pic.twitter.com/DQyqGM7sTU
— mRr3b00t (@UK_Daniel_Card) January 22, 2025
Wow...
— xvonfers (@xvonfers) January 23, 2025
"We discover 119 vulnerabilities in LTE/5G core infrastructure...and some of which can be used to remotely compromise and access the cellular core..."https://t.co/hldx4UwsSYhttps://t.co/rEOuxR6Jal pic.twitter.com/RtNPIZgywy