the grugq's newsletter

Subscribe
Archives
March 10, 2025

March 10, 2025

March 10, 2025

Here's RepoMan, a proof of concept surrounding git commit poisoning. The blog post dives a little deeper into how it all works and the rationale behind it.https://t.co/5S396N26vYhttps://t.co/5F8ymULzxB

โ€” @zephrfish.yxz.red (@ZephrFish) March 9, 2025


Post is now live https://t.co/Z2cgi8v0ne

โ€” Xeno Kovah (@XenoKovah) March 9, 2025


Beginners introduction to Fault Injection (voltage glitching) attacks (esp32)https://t.co/sA2gp8L50K#hardware #cybersecurity pic.twitter.com/FbPrv0AgPd

โ€” 0xor0ne (@0xor0ne) March 9, 2025


Using RDP without leaving traces: the MSTSC public mode https://t.co/JXm7RxO1N2

โ€” Panos Gkatziroulis ๐Ÿฆ„ (@netbiosX) March 9, 2025


Five Eyes is not just a sharing arrangement; it is a joint signals-intelligence *collection* and sharing arrangement, built around complex & interdependent physical & virtual infrastructure. You canโ€™t just unplug a country, let alone America, which provides 75-80% of product. https://t.co/4QtxABAX49

โ€” Shashank Joshi (@shashj) March 9, 2025


Sending russian troops though gas pipelines is the biggest allegory for Europe

โ€” Andrew (@sranysovok) March 9, 2025


Me to the new Cyber Director I just hired: pic.twitter.com/6HtYjjLKd6

โ€” rekdt (@rekdt) March 9, 2025


๐Ÿฅฐ Finally my @binarygolf 2024 entries are validated, quite happy with my x64 shellcode, Java and bash/shellcode polyglot submissions. Thank you @netspooky for running those!
Writeups exist here: https://t.co/cHCEYlAFGj

โ€” Jonathan Bar Or (JBO) ๐Ÿ‡ฎ๐Ÿ‡ฑ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‡บ๐Ÿ‡ฆ๐ŸŽ—๏ธ (@yo_yo_yo_jbo) March 9, 2025


๐Ÿš€ I'm thrilled to announce the v1.0.0 release of the Nerve ADK (Agent Development Kit). A complete Python rewrite that makes it even easier to use both as a command line tool and as a framework for developing your own agents. The doc has been updated, will blog about it soon!โ€ฆ pic.twitter.com/ILzmvPFz6M

โ€” Simone Margaritelli (@evilsocket) March 9, 2025


This @sensepost blog post is really useful for debugging AD CS attacks ๐ŸŽ‰ https://t.co/cyNQNN24eo

We also encountered some additional causes for these errors:
โ€ข Inaccessible/expired revocation lists (CLIENT_NOT_TRUSTED)
โ€ข Failed autoenrollment on DC (PADATA_TYPE_NOSUPP)

โ€” RedTeam Pentesting (@RedTeamPT) March 10, 2025

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesnโ€™t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains whatโ€™s happening under the hood in this post https://t.co/eF5nhHfPuS pic.twitter.com/ckbKljBDAX

โ€” Orange Cyberdefense's SensePost Team (@sensepost) March 7, 2025


Lazarus is too lazy to keep typing passwords all the damn time. https://t.co/XZdDhgVMen

โ€” thaddeus e. grugq (@thegrugq) March 10, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
X