July 16, 2022

                        July 16, 2022

            July 16, 2022

        Heather Adkins - Ꜻ - r00t folding team #258829 @argvee
Excited to announce the inaugural DHS CISA Cyber Safety Review Board’s findings on the Log4j event of 2021. There are important lessons here for the government, and the cybersecurity/software community as we come together to solve the big issues. 1/x 1:19 PM ∙ Jul 14, 2022
127Likes44Retweets
patrick wardle @patrickwardlemacOS malware often (ab)uses APIs such as NSCreateObjectFileImageFromMemory, NSLinkModule etc) to execute in-memory payloads.

Apple has recently updated dyld3 (+these APIs), such that the in-memory payload is now first/always written out to disk 💾

See: github.com/apple-oss-dist… 
3:32 PM ∙ Jul 15, 2022
187Likes63RetweetsThe longer write up is here:

https://hackd.net/posts/macos-reflective-code-loading-analysis/

-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Allan “Ransomware Sommelier🍷” Liska @uuallan
This is how I have spent the last 6 months of my life. I am really excited with the results. Wine fraud is a much more pervasive problem than most people realize, and it is affects all types of wine drinkers. I'd love to hear your thoughts on the research. share.postbeyond.comCounterfeit Wine, Spirits, and Cheese | Recorded FutureIs what you’re consuming genuine? Explore the evolving trillion-dollar criminal landscape of Counterfeit Wine, Spirits, and Cheese products – that pass as real.1:51 PM ∙ Jul 15, 2022
62Likes18Retweets
-
Military Pigeons @MilitaryPigeons
Pigeons in the Iraq War pigeonsofwar.wordpress.comPigeons in the Iraq WarWhen people think of military pigeons, they usually associate them with a bygone era. It may come as a shock to many to learn that pigeons were actually used by the United States military in …10:31 AM ∙ Jul 15, 2022
21Likes6Retweets
-
Cat Damon @CornOnTheGoblin
[stopping the tattoo artist 15 seconds into my "feel no pain" tattoo] ok so you're gonna laugh7:45 PM ∙ Nov 8, 2021
4,039Likes291Retweets
The Glasshouse Center @GlasshouseCtr
Recording of today's call featuring the Belarusian Cyber-Partisans (@cpartisans) and Yuliana Shemetovets (@yuliana_shem)

youtu.beOpenCall: Friday Hangout 2022/07/15 featuring the Belarusian Cyber-Partisans and Yuliana ShemetovetsGlasshouse Session - 2022-07-01Broadcasted live on Twitch -- https://www.twitch.tv/theglasshousectrNotes Doc: https://docs.google.com/document/d/1B29Ijd0j10G...4:04 PM ∙ Jul 15, 2022
9Likes8Retweets-
SC Media @SCMagazineUkraine’s cyber agency tracks ‘significant increase’ in malware-directed attacks bit.ly/3c9CO17 #cybersecurity #infosec 
1:00 AM ∙ Jul 15, 2022
24Likes12Retweets
-
David Weston (DWIZZZLE) @dwizzzleMSFTI'm late on learning about Firebloom but it's really cool - saaramar.github.io/iBoot_firebloo… Yes, Rust and memory safe systems languages are the hotness but you can do a lot to make an existing C-based measurably safer @AmarSaar @radian
saaramar.github.ioIntroduction to Firebloom (iBoot)9:19 PM ∙ Jul 15, 2022
38Likes16Retweets
-
Brad Arkin @bradarkinI wanted to read the new Council for Foreign Relations report about the fragmented Internet (cfr.org/report/confron…). For reasons that are too annoying to get into, I was using a proxy in Amsterdam. This is what got served up. A bit on the nose, eh? 
4:20 PM ∙ Jul 15, 2022
50Likes18Retweets
-
Alex Gantman @againsthimself
Worth a read for the methodology and a sobering example of an AF1 threat model.
- Encrypted Comms are LoA3 (extremely grave consequences; existential risk to the USG)
- Flight Controls are LoA2 (grave consequences; redundant capabilities available for continuity of operations)😬  
NSA Cyber @NSACyber
We created guidance to clearly characterize threats and risks to custom microelectronic components used in Department of Defense systems. Read more on how to apply three levels of hardware assurance to protect applicable DoD systems. https://t.co/q7wmf8bUZG https://t.co/9BcOGjeQRI8:29 PM ∙ Jul 15, 2022
20Likes6Retweets
-
Jimmer Cork-Bottle @JimmerThatisAll
I would walk barefoot over hot koalas for you.10:03 AM ∙ Sep 22, 2013
1,368Likes1,068Retweets
-
Dave Barry: Fellow Floridians, beware of toilet lizards and rising iguana aggression

https://www.miamiherald.com/living/liv-columns-blogs/dave-barry/article263508388.html

-
Ukrainian Memes Forces @uamemesforces
5:56 PM ∙ Jul 15, 2022
14,285Likes1,300Retweets
-
OPSEC 
shoshana wodinsky (she/her) @swodinsky
well i guess i'm pinning this gizmodo.comHow to Get an Abortion in the Age of SurveillanceWith a burner phone and some awareness of geofencing, you can conceal yourself from for-profit data brokers who would spy on your health.4:28 PM ∙ Jun 24, 2022
501Likes313Retweets
-
Lúcás Meier @cronokirby
This week I wrote a basic explainer on a few fundamental topics in cryptography. While this might be useful to people staring out, I think that even advanced cryptographers might also notice something very interesting with this post. Let me know if see it.
cronokirby.comBasic Cryptography Without Fluff - Cronokirby- Read more: https://cronokirby.com/posts/2022/07/basic-cryptography-without-fluff/9:27 AM ∙ Jul 16, 2022
36Likes5Retweets
-
FLUNKING THE NEW YORK TIMES TEST: MAKING SENSE OF RUSSIAN “COVERT” ACTION

https://mwi.usma.edu/flunking-the-new-york-times-test-making-sense-of-russian-covert-action/

-
DanBardak @DanBardak
I love🥰 german humor😂👍
GASPUTIN summer hitsong❗ 
8:48 AM ∙ Jul 14, 2022
352Likes180Retweets
-
Aristotle Tzafalias @Aristot73
cool overview
"Decade Retrospective: The State of Vulnerabilities - Trustwave" h/t @campuscodi's news letter

the conclusion... 🤔
"Cybersecurity solutions have seen major progress over the years and are in great shape to face what is yet to come."  trustwave.com/en-us/resource…
trustwave.comDecade Retrospective: The State of VulnerabilitiesTrustwave team believed this was a suitable time to take a minute and review some of the watershed moments that had a major impact on cybersecurity between 2011 and 2021.8:16 AM ∙ Jul 16, 2022
5Likes1Retweet
-
Rob Joyce, director of cybersecurity at NSA, used his official account to tweet a formula joke about Ghidra. This is what community outreach looks like and it is weird.
Rob Joyce @NSA_CSDirector
She’s a 10 **because** she uses Ghidra! 
chompie @chompie1337
she’s a 10 but she uses Ghidra10:26 AM ∙ Jul 16, 2022
64Likes10Retweets

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts