March 27, 2025
March 27, 2025
grugq on cyber in Europe
I spoke to Sven at Interface yesterday about some cyber issues with Europe.
The video is online already:

EXCLUSIVE: DOD has deployed Signal on government devices overriding their own policy
A high level source in DOD has confirmed that they were ordered to approve installation of Signal on government devices by Trump officials last month
My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp -https://t.co/H4m8MBwoWN
— Ian Beer (@i41nbeer) March 26, 2025
Privileged Access Workstations or 🐾 impose material cost and complexity on adversaries.
— Ollie Whitehouse (@ollieatnowhere) March 26, 2025
We have published a new set of principles for PAWs. https://t.co/hoAOX2t0FR

NCSC
Principles-based guidance for organisations setting up a PAW solution.
Teen Warned Not To Accept Group Chat Invites From National Security Advisors She Doesn’t Knowhttps://t.co/ZZwyZVX7B0
— The Onion (@TheOnion) March 26, 2025
looks like the AI + MCP-assisted reverse engineering hype train is gaining steam! 🚂✨
— blasty (@bl4sty) March 26, 2025
in just the past few days, we've seen:
• @itszn13 integrating MCP into @vector35’s Binary Ninja (https://t.co/4IgQQnjYQF)
• @JH_Pointer casually dropping his IDA MCP project, which I had to… https://t.co/PTnFmA3ugs
Our first keynote from @natashenka is live! Want to find fully-remote bugs? Learn more about her workflow and lessons learned from a true expert in the field. Bonus: during the Q&A you can learn that even just finding a single obscure file format can be what it takes to find a…
— RE//verse (@REverseConf) March 26, 2025
“DER SPIEGEL reporters were also able to find several passwords for Waltz’s email address in leaked databases.” https://t.co/OUcCE2xvuX pic.twitter.com/lFCG01xEnJ
— Michael Weiss (@michaeldweiss) March 26, 2025
Looking to write your own MCP for a popular decompiler? Check out our unified API that allows scripting in IDA, Ghidra, Binja, and angr. In the same few Python lines, you can make a struct, retype a function, and modify local vars. Check it out: https://t.co/Q1aqT9vBgN https://t.co/EW8ZVTZwlz
— Zion Leonahenahe Basque (@mahal0z) March 26, 2025
GitHub - binsync/libbs: A library for writing plugins in any decompiler: includes API lifting, common data formatting, and GUI abstraction!
A library for writing plugins in any decompiler: includes API lifting, common data formatting, and GUI abstraction! - binsync/libbs

Shelter: ROP-based sleep obfuscation to evade memory scanners
Shelter is a weaponized sleep obfuscation technique that allows you to fully encrypt your in-memory payload making extensive use of ROP
I've been hanging out with this Xitter spam campaign guy for like, 2 hours or so today.
— vx-underground (@vxunderground) March 26, 2025
He's just a chill guy trying to run a cybercrime operation.
He is aiming to target people from India, not the United States or Europe, but there isn't an easy way for him and his friends to… pic.twitter.com/jJtrZmw1PI
yeah chatted with that guy on Telegram, does not at all seem to know what he's doing.
— developing valhalla (@valhalla_dev) March 26, 2025
I got the message that they were looking for people to engineer implants, I told him I know how to write malware, he asked if I knew how to penetrate sites and I was like "no, you said implant…
He doesn't speak English well. He relies on a translator. You have to be extremely formal pic.twitter.com/3zmR11JZXS
— vx-underground (@vxunderground) March 26, 2025
yeah I guess tbf the entire CTI industry can't decide on the correct terminology for malware/offsec shit so it makes sense that ESL folks would struggle with it
— developing valhalla (@valhalla_dev) March 26, 2025
As I have maintained previously, if you pay attention to what's happening in exploit world, you'll quickly learn that there is much less completely original work done that one may suppose, & it means you may benefit from being original, & you should guard it if you succeed. https://t.co/I6q5dIVA5X
— dunadan (@udunadan) March 26, 2025
This ended up being a great applied research project with @d_tranman on weaponizing a technique for fileless DCOM lateral movement based on the original work of @tiraniddo. Excellent work, Dylan!
— bohops (@bohops) March 25, 2025
- Blog: https://t.co/4cXnRjhyK0
- PoC: https://t.co/3rR2CJYeG3 https://t.co/DLeYVKP5LZ
Free twitter API access?
— I am Jakoby (@I_Am_Jakoby) March 25, 2025
In case anyone was wondering more specifically what I meant
If you go into developers settings and refresh your page
click on the network tab and filter by fetch/XHR
on the left find the "UserByScreenName" response and you get everything about your… https://t.co/Afc5Mik325 pic.twitter.com/xi7t1o9F84
“The best-known member of Elon Musk's U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data and cyberstalking an FBI agent, according to digital records reviewed by Reuters.” https://t.co/6ENb6KsifY https://t.co/xlnzNHmKHB
— Shashank Joshi (@shashj) March 26, 2025
Amazing timing from John publishing this research on Secrets in Github Actions Workflow Logs, including a cool exploit of a 2s exposure window against CodeQLhttps://t.co/XfASOGZIT5 pic.twitter.com/NgKeZn7889
— Rami McCarthy (@ramimacisabird) March 26, 2025