June 2, 2022

                        June 2, 2022

            June 2, 2022

        Huge but very confusing  news. This raises more questions than it answers. What did they do? When? Where? Who else knew about it? Very very interesting but not very illuminating. 
Andrew Dwyer @DrAndrewDwyer
Important note here about US conducting offensive operations (as I’m sure other states supported) occurred only prior to the invasion of Ukraine.

However, this is very significant disclosure. https://t.co/OQ2OB83xNh
Alexander Martin @AlexMartin🚨 

Scoop: In an exclusive interview with Sky News, General Paul Nakasone confirmed that Cyber Command has conducted offensive operations in support of Ukraine.

https://t.co/HdLmwM17Uq11:56 AM ∙ Jun 1, 2022
21Likes12Retweets
Andrew Dwyer @DrAndrewDwyer
@thegrugq @ciaranmartinoxf Of course - there are many but also just builds on what type of support was being offered in that build up. Although it’s also a pattern also seen recently on integration, such as with Lithuania.

cybercom.milU.S. conducts first Hunt Forward Operation in LithuaniaAt the invitation of the Lithuanian government, U.S. Cyber Command’s Cyber National Mission Force deployed a hunt forward team to conduct defensive cyber operations alongside partner cyber forces,12:32 PM ∙ Jun 1, 2022
(We’ll definitely be discussing this on Friday’s Glasshouse Session: https://www.twitch.tv/theglasshousectr)
-
Not really sure this is wrong.
fluffy/pony @fluffypony
@matthew_d_green Might as well say “most instant messaging products are a disaster for communications privacy; the exceptions are a handful of emerging privacy-focused instant messaging alternatives, and these are a gift to terrorists”11:41 AM ∙ Jun 1, 2022
165Likes26Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-
Terrible news. 
Benjamin Hilton @benjamin_hilton
No, DALL-E doesn’t have a secret language.

(or at least, we haven't found one yet)

This viral DALL-E thread has some pretty astounding claims. But maybe the reason they’re so astounding is that, for the most part, they're not true. 

Thread 👇🧵 (1/15)

Giannis Daras @giannis_darasDALLE-2 has a secret language. 
"Apoploe vesrreaitais" means birds. 
"Contarra ccetnxniams luryca tanniounons" means bugs or pests. 

The prompt: "Apoploe vesrreaitais eating Contarra ccetnxniams luryca tanniounons" gives images of birds eating bugs. 

A thread (1/n)🧵 https://t.co/VzWfsCFnZo11:33 PM ∙ May 31, 2022
1,783Likes447Retweets
-
Vulnerability 
TheZDIBugs @TheZDIBugs
[ZDI-22-806|CVE-2022-23088] FreeBSD 802.11 Network Subsystem Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.3) zerodayinitiative.comZDI-22-806FreeBSD 802.11 Network Subsystem Heap-based Buffer Overflow Remote Code Execution Vulnerability2:45 PM ∙ Jun 1, 2022
32Likes16Retweets
-
Colm MacCárthaigh @colmmacc
A quick rage-thread about credentials. When security auditors just say things like "Critical credentials need to be rotated every 90 days" you need to fire them into the sun with urgency. Here's what you actually need ...5:57 PM ∙ Jun 1, 2022
2,656Likes501Retweets
-
Is this a strategic benefit to controlling games that hasn’t been explored?
eigenrobot @eigenrobot
ok so for those who arent familiar warthunder is a video game and this is like the fifth time a person with access to classified military information has leaked that information there. to win a video game forum argument 
OSINTtechnical @Osinttechnical
A Chinese MBT crew member may have just leaked (a lot of) classified shell information on the Warthunder forum. Article soon.9:53 PM ∙ Jun 1, 2022
1,186Likes271Retweets
-
Adriana Porter Felt @__apf__
yesterday my husband tried to explain genes to our son. today he went to school and said, "my dad says there's a 50% chance he's my father" 💀3:29 AM ∙ Jun 2, 2022
1,168Likes58Retweets
-
HeavensLastAngel @HvnsLstAngel
“A still of Kermit The Frog in Blade Runner 2049 (2017)” #dalle 
5:22 AM ∙ May 31, 2022
2,629Likes610Retweets
-
Thomas Roccia 🤘 @fr0gger_In February, the #ContiLeaks was revealed. I wrote an in-depth blog post that shows a methodology for analyzing Conti Jabber logs using Python. Have a look as the code can be applied to multiple data sources. #threatIntelligence #infosec @MsftSecIntel 👇

microsoft.com/security/blog/…
microsoft.comUsing Python to unearth a goldmine of threat intelligence from leaked chat logs - Microsoft Security BlogDealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICpy, for example, is a Python tool dedicated to threat intelligence. It a…4:33 AM ∙ Jun 2, 2022
128Likes49Retweets
-
Labman @Amarjit_LabuWrote a blog on using the socks module in Mythic to abuse the AD CS vulnerability CVE-2022-26923 to go from a normal user to Domain Admin.

bit.ly/3zbGmcK

Shout-out to @ly4k_ for the research behind the exploit and the awesome certipy tool used to perform the attack.
bit.lyAbusing CVE-2022-26923 through SOCKS5 on a Mythic C2 agent — MacroSECCVE-2022-29623 is a vulnerability where an attacker/user that has the ability to create a machine account and tamper with the dNSHostName attribute to mimic any machine on the domain can abuse Active Directory Certificate Services to request for a certificate as that machine that has been mimicked.…9:48 AM ∙ Jun 1, 2022
177Likes80Retweets
-
Daniel P. Aldrich @DanielPAldrich
Plane delayed for hard to understand reasons 
1:12 PM ∙ May 31, 2022
237,076Likes31,681Retweets
-
GCHQ @GCHQ
This is the BRENT - a phone used in the '90s to hold top secret calls, including by Her Majesty The Queen. 

The encryption key ensured secret conversations stayed secret.

The Queen had her own BRENT with encryption key number 1, of course...

@RoyalFamily #PlatinumJubilee #HM70 
7:02 AM ∙ Jun 2, 2022
157Likes34Retweets
Tony Comer @TCHisTree
@RoryCormac I think it's a bit more complicated than that. GCHQ has a secure telephone directory from 1943 (+ or - 1) that lists Buckingham Palace and Windsor Castle a d the Queen spoke of her father's impatience waiting for Secraphone valves to warm up. From then there was always (1/)9:22 AM ∙ Jun 2, 2022
21Likes7Retweets
More information here
Electrospaces @electrospacesMore details about the British secure telephone BRENT, which was eventually manufactured by Finmeccanica subsidiary Selex Communications, can be found in this fact sheet: jproc.ca/crypto/brent2.… 
9:14 AM ∙ Jun 2, 2022
10Likes3Retweets
-
JP Aumasson @veorq
2003, preface of Ferguson & Schneier's Practical Cryptography 
10:15 AM ∙ Jun 2, 2022
25Likes10Retweets
-
Adam Segal @adschinaChina's draft cybersecurity rules pose risks for financial firms, lobby group warns reuters.com/world/china/ch… 
rules would make it mandatory for investment banks, asset managers, and others to share data w/ CSRC, allow regulator-led testing, set up a centralized data backup center
reuters.comChina’s draft cybersecurity rules pose risks for financial firms, lobby group warnsChina’s proposed cybersecurity rules for financial firms could pose risks to operations of western companies by making their data vulnerable to hacking, among other things, a leading lobby group has said in a letter seen by Reuters.1:47 PM ∙ Jun 2, 2022
2Likes2Retweets

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts