March 27, 2025

                March 27, 2025

            March 27, 2025

            March 27, 2025
grugq on cyber in Europe
I spoke to Sven at Interface yesterday about some cyber issues with Europe. 
The video is online already:

                  EXCLUSIVE: DOD has deployed Signal on government devices overriding their own policy
A high level source in DOD has confirmed that they were ordered to approve installation of Signal on government devices by Trump officials last month            

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp -https://t.co/H4m8MBwoWN
— Ian Beer (@i41nbeer) March 26, 2025

Privileged Access Workstations or 🐾 impose material cost and complexity on adversaries.

We have published a new set of principles for PAWs. https://t.co/hoAOX2t0FR
— Ollie Whitehouse (@ollieatnowhere) March 26, 2025

                  NCSC
Principles-based guidance for organisations setting up a PAW solution.            

Teen Warned Not To Accept Group Chat Invites From National Security Advisors She Doesn’t Knowhttps://t.co/ZZwyZVX7B0
— The Onion (@TheOnion) March 26, 2025

looks like the AI + MCP-assisted reverse engineering hype train is gaining steam! 🚂✨

in just the past few days, we've seen:
• @itszn13 integrating MCP into @vector35’s Binary Ninja (https://t.co/4IgQQnjYQF)
• @JH_Pointer casually dropping his IDA MCP project, which I had to… https://t.co/PTnFmA3ugs
— blasty (@bl4sty) March 26, 2025

Our first keynote from @natashenka is live! Want to find fully-remote bugs? Learn more about her workflow and lessons learned from a true expert in the field. Bonus: during the Q&A you can learn that even just finding a single obscure file format can be what it takes to find a…
— RE//verse (@REverseConf) March 26, 2025

“DER SPIEGEL reporters were also able to find several passwords for Waltz’s email address in leaked databases.” https://t.co/OUcCE2xvuX pic.twitter.com/lFCG01xEnJ
— Michael Weiss (@michaeldweiss) March 26, 2025

Looking to write your own MCP for a popular decompiler? Check out our unified API that allows scripting in IDA, Ghidra, Binja, and angr. In the same few Python lines, you can make a struct, retype a function, and modify local vars. Check it out: https://t.co/Q1aqT9vBgN https://t.co/EW8ZVTZwlz
— Zion Leonahenahe Basque (@mahal0z) March 26, 2025

                  GitHub - binsync/libbs: A library for writing plugins in any decompiler: includes API lifting, common data formatting, and GUI abstraction!
A library for writing plugins in any decompiler: includes API lifting, common data formatting, and GUI abstraction! - binsync/libbs            

                  Shelter: ROP-based sleep obfuscation to evade memory scanners
Shelter is a weaponized sleep obfuscation technique that allows you to fully encrypt your in-memory payload making extensive use of ROP            

I've been hanging out with this Xitter spam campaign guy for like, 2 hours or so today.

He's just a chill guy trying to run a cybercrime operation.

He is aiming to target people from India, not the United States or Europe, but there isn't an easy way for him and his friends to… pic.twitter.com/jJtrZmw1PI
— vx-underground (@vxunderground) March 26, 2025

yeah chatted with that guy on Telegram, does not at all seem to know what he's doing.

I got the message that they were looking for people to engineer implants, I told him I know how to write malware, he asked if I knew how to penetrate sites and I was like "no, you said implant…
— developing valhalla (@valhalla_dev) March 26, 2025

He doesn't speak English well. He relies on a translator. You have to be extremely formal pic.twitter.com/3zmR11JZXS
— vx-underground (@vxunderground) March 26, 2025

yeah I guess tbf the entire CTI industry can't decide on the correct terminology for malware/offsec shit so it makes sense that ESL folks would struggle with it
— developing valhalla (@valhalla_dev) March 26, 2025

As I have maintained previously, if you pay attention to what's happening in exploit world, you'll quickly learn that there is much less completely original work done that one may suppose, & it means you may benefit from being original, & you should guard it if you succeed. https://t.co/I6q5dIVA5X
— dunadan (@udunadan) March 26, 2025

This ended up being a great applied research project with @d_tranman on weaponizing a technique for fileless DCOM lateral movement based on the original work of @tiraniddo.  Excellent work, Dylan!

- Blog: https://t.co/4cXnRjhyK0
- PoC: https://t.co/3rR2CJYeG3 https://t.co/DLeYVKP5LZ
— bohops (@bohops) March 25, 2025

Free twitter API access?
In case anyone was wondering more specifically what I meant 
If you go into developers settings and refresh your page
click on the network tab and filter by fetch/XHR 
on the left find the "UserByScreenName" response and you get everything about your… https://t.co/Afc5Mik325 pic.twitter.com/xi7t1o9F84
— I am Jakoby (@I_Am_Jakoby) March 25, 2025

“The best-known member of Elon Musk's U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data and cyberstalking an FBI agent, according to digital records reviewed by Reuters.” https://t.co/6ENb6KsifY https://t.co/xlnzNHmKHB
— Shashank Joshi (@shashj) March 26, 2025

Amazing timing from John publishing this research on Secrets in Github Actions Workflow Logs, including a cool exploit of a 2s exposure window against CodeQLhttps://t.co/XfASOGZIT5 pic.twitter.com/NgKeZn7889
— Rami McCarthy (@ramimacisabird) March 26, 2025

Don't miss what's next. Subscribe to the grugq's newsletter: