“The National Crime Agency (NCA) is weighing up the possibility of taking retaliatory action against Qilin, the Russian-based ransomware gang who put into the public domain early on Friday a huge tranche of highly sensitive NHS records” https://t.co/XTbVQ3MmBm

— Shashank Joshi (@shashj) June 21, 2024

🧵 I wanted to provide some sources and readings on military AI which helped inform the cover story below. https://t.co/e4hO7o55Ij

— Shashank Joshi (@shashj) June 21, 2024

I wrote a blogpost about using LLMs to find bugs that some of you might find interesting/useful, in light of the P0 post (re: Naptime) from yesterday: https://t.co/7hR3Zy8lcD

— Dave Aitel (@daveaitel) June 21, 2024

Can LLMs find vulns? Here’s what Project Zero foundhttps://t.co/lH6lksfTwR

— Natalie Silvanovich (@natashenka) June 20, 2024

Sorry but this quote is insane https://t.co/77SL2aeB5i pic.twitter.com/ulXw6Ovsmk

— Alexander Luckmann (@A_Luckmann) June 21, 2024

WHOA @USTreasury just sanctioned leadership at 🇷🇺Russian antivirus company @kaspersky.

Comes on heels of yesterday's @CommerceGov ban on sales of their antivirus to the US.

Huge-but-somewhat-anticipated blow to #Kaspersky whose fortunes in the US have been falling since the… pic.twitter.com/uygOPwAPrI

— John Scott-Railton (@jsrailton) June 21, 2024

ICYMI CertiK lost control of a bug they found in Kraken, tried extorting Kraken over it, laundered stolen tokens through mixers and everyone is 😵😵‍💫

As per usual, @trailofblocks set to work and published @semgrep rules to address the underlying issuehttps://t.co/Cv37EjC5vU

— Dan Guido (@dguido) June 21, 2024

The most underappreciated story in state legislatures from yesterday is that apparently the Oklahoma Department of Education can't log in to its own website because the person who had the password left and didn't give it to anyone. They haven't been able to login for 2 years. https://t.co/xlfv314J3M

— Tim Hogan (@timjhogan) June 21, 2024

Respectfully, your proposal does break encryption.

I am happy to spend as much time as you need reviewing in as much detail as you are comfortable with exactly how it breaks encryption, and why this is so dangerous. https://t.co/uG3pUaYzOQ

— Meredith Whittaker (@mer__edith) June 20, 2024

Fuzzing NVMe-oF/TCP Linux kernel subsystem with Syzkaller
Great blog post by Alon Zahavi (@CyberArk)https://t.co/Sisk2oBeso#syzkaller pic.twitter.com/lyQMgLxZLP

— 0xor0ne (@0xor0ne) June 21, 2024

I'm gonna drop one of my favorite secrets for bypassing EDRs

If you have a binary that inspects memory and writes or injects into process memory and need to get it thru most EDRs - just rename to a game anti-cheat binary and create a folder with other anti cheat binaries.

— Greg Linares (Laughing Mantis) (@Laughing_Mantis) June 21, 2024

I have recently presented on how rootkits and credential dumping tools operate on Win10+ systems & how to detect them using memory forensics and event log analysis. If you missed these talks live then check them at the following
- https://t.co/spTbrSmssN
- https://t.co/5GScfTIhfg

— Andrew Case (@attrc) June 21, 2024