March 25, 2023

                            March 25, 2023

                March 25, 2023

raptor@infosec.exchange @0xdea
Currently catching up with some not-so-recent papers... I love this one from 2021 by @marcograss and @0xKira233!

Over The Air #Baseband #Exploit: Gaining Remote Code Execution on #5G Smartphones

2:10 PM ∙ Mar 24, 2023
18Likes5Retweets
-
Sam Bowman @sleepinyourhat
As a specialist in evaluating language models, I declare that this is the best way of evaluating language models: 
7:37 PM ∙ Mar 23, 2023
2,667Likes267Retweets
-
Will Oremus @WillOremus
My analysis from the TikTok hearing: The United States has failed to bequeath Americans most of the online privacy rights it accuses TikTok of threatening. washingtonpost.comAnalysis | America’s online privacy problems are much bigger than TikTokA hearing about the privacy threats posed by TikTok’s Chinese ownership obscured the reality that Americans have few online privacy rights to begin with.1:09 PM ∙ Mar 24, 2023
246Likes108Retweets
-
zaratustra (parody account) @zarawesome
*clutching a 90s desktop tower to my chest, hiding behind an office partition as gunfire rings out* it's okay, ELIZA. we're going to make it out of here

ELIZA: how do you feel about  make it out of here?9:13 AM ∙ Jun 16, 2022
3,822Likes712Retweets
-
emptywheel @emptywheelHilarious: One way FBI IDed Conor Fitzpatrick as owner of BreachForums was from a user complaint he submitted to Omnipotent that his own email was not in the @haveibeenpwned database. @troyhunt 

documentcloud.org/documents/2372… 
2:14 PM ∙ Mar 24, 2023
271Likes58Retweets
-
Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) @lukOlejnikChina and Russia collaborating in foreign information manipulation and interference? In overall, 100 incidents/operations identified. #digitaleuambassador eeas.europa.eu/sites/default/… 
12:27 PM ∙ Mar 24, 2023
8Likes5Retweets
-
Shaun Walker @shaunwalker7Spent this week in Ljubljana working on story of an arrested "Argentinian" couple. She ran an art gallery, he ran IT start-up, but it seems they are in fact deep-cover illegals working for Russia's SVR intel. Quiet negotiations now on over poss exchange

theguardian.comThe ‘ordinary’ family at No 35: suspected Russian spies await trial in SloveniaCouple arrested with huge amount of cash and history of extensive European travel now allegedly pawns in diplomatic game4:08 PM ∙ Mar 24, 2023
527Likes240Retweets-
Export Control is Not a Magic Bullet for Cyber Mercenaries

https://www.lawfareblog.com/export-control-not-magic-bullet-cyber-mercenaries

-
0xor0ne @0xor0ne
Analysis and PoC of CVE-2021–21974 (VMware ESXi OpenSLP heap-overflow)

Vulnerability overview by @_wmliang_: zerodayinitiative.com/blog/2021/3/1/…
PoC walkthrough by @straight_blast: straightblast.medium.com/my-poc-walkthr…

#cve #exploit #infosec #cybersecurity #vmware 
8:01 AM ∙ Mar 24, 2023
127Likes46Retweets
-
V2 @ZeroMemoryEx
x64 kernel-mode rootkit that can hide processes or elevate their privileges .
github.comGitHub - ZeroMemoryEx/Chaos-Rootkit: x64 ring0 Rootkit with Process Hiding and Privilege Escalation Capabilitiesx64 ring0 Rootkit with Process Hiding and Privilege Escalation Capabilities - GitHub - ZeroMemoryEx/Chaos-Rootkit: x64 ring0 Rootkit with Process Hiding and Privilege Escalation Capabilities6:23 PM ∙ Mar 24, 2023
123Likes34Retweets
-
Luna // nullptr::live @LunaFoxgirlVT
Graphics cards are *horribly* inefficient at rendering 2D games, yet we still use them for that, because uhhhhhhh-

Graphics Cards don't know how to render semi-transparent surfaces so we sort them on the CPU to render them properly 
gryphoneer @OneRadCheeYOU THERE. YES, YOU.

WHAT'S A LITTLE-KNOWN FACT ABOUT YOUR PROFESSION THAT WOULD MAKE OTHER PEOPLE LOSE THEIR SHIT? https://t.co/Avh7pLDqD81:05 AM ∙ Mar 24, 2023
1,660Likes189Retweets
-
pudding person @JUNlPER
honestly it’s incredible that they recognized that people who pay for this website will be blocked and bullied so relentlessly one of the main selling points of twitter blue will now be able to be hidden https://t.co/45qRxFumb4
Dexerto @Dexerto
Twitter is reportedly working on an option allowing Twitter Blue users to hide their checkmark https://t.co/3KUrjV3CI92:54 PM ∙ Mar 24, 2023
21,009Likes2,322Retweets
-
Parsa Sarrafian @XsarrafX
#redteam tip: @Fortinet self protection bypass
Fortinet is using minifilter to prevent copying or deleting files in the app's installed location.
If you Reverse engineer the responsible driver, You will notice that there are some exceptions 
10:48 PM ∙ Mar 23, 2023
265Likes77Retweets
-
vx-underground @vxunderground
LinusTechTips has posted a video explaining the recent compromise of his YouTube account.

tl;dr editor downloaded malicious attachment with data stealer malware

youtube.comMy Channel Was Deleted Last NightThanks to dbrand for sponsoring this video! Use code FIVEFOOTONE at http://shortlinus.com for 15% off everything site wide. Discuss on the forum: https://lin...1:42 AM ∙ Mar 25, 2023
265Likes46Retweets
-
sleeping @speginel
mathematician: 2 > 1

linux admin: 2 > &111:53 AM ∙ Mar 2, 2023
69Likes15Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: