May 1, 2024
May 1, 2024
Happy May Day!
LABScon23 Replay | From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec, by @hatr https://t.co/lLr0c4x0QZ
— SentinelLabs (@LabsSentinel) April 30, 2024
Video: https://t.co/AbXKGVNERt
TIL of the https://t.co/zVJDPNh4w3 traceroute pic.twitter.com/Gl2AgisXrD
— April King 🌀 (@CubicleApril) April 30, 2024
420 Byte Self-Replicating UEFI App (Binary Golf Grand Prix)
— 0xor0ne (@0xor0ne) April 30, 2024
Interesting reading!https://t.co/8zh2evi8qM#uefi #infosec pic.twitter.com/ztci1E0sQB
So apparently if someone knows / guesses the name of your S3 bucket - even if it's private (!) - they can just bankrupt you by sending infinite PUT requests and there is nothing you can do about it.
— Laura Wendel (@Lauramaywendel) April 29, 2024
> requests get rejected
> but AWS still counts it as a write operation against… pic.twitter.com/oFavRPau2N
'U' is a handy character because its hex code is 0x55, which is 01010101 in binary.
— Rue Mohr (@RueNahcMohr) May 1, 2024
This makes it really easy to test baud rates for serial cause the electrons go:
----
I expect everyone following me already knows this (if you didn't, you can just lie) pic.twitter.com/ZlnPrKg6TE
NEW: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access company systems.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) April 30, 2024
These systems were not protected by MFA, according to the CEO of its parent company UnitedHealth.https://t.co/9XaBJO7n6R
Nobody is talking about James Mickens' (https://t.co/YaPf2RYmov) one-man metal band. https://t.co/iVgw2cKT8b
— Steve Weis (@sweis) April 30, 2024
Thank you to everyone who brought this article to our attention. We agree that customers should not have to pay for unauthorized requests that they did not initiate. We’ll have more to share on exactly how we’ll help prevent these charges shortly.#AWS #S3
— Jeff Barr ☁️ (@jeffbarr) April 30, 2024
How an empty S3…
https://t.co/xsI8cFmVWx Little experiment about reusing Windows Defender built-in unpackers, mostly for fun (based on the very useful @taviso's loadlibrary) pic.twitter.com/VcSAAqoRiL
— Ajax (@commial) April 30, 2024
Even if it works for some (old) commercial packers, it seems that nowadays malware authors prefer one-time & custom packers... So likely not that useful, but still fun to make 🤷
— Ajax (@commial) April 30, 2024
I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. https://t.co/9a3l56dDJo #DFIR Hope it's useful! pic.twitter.com/kbqIBFsrli
— Will Harris (@parityzero) April 30, 2024
"If services are used through pseudonyms, VPNs, encryption or without an account, they'll score worse on the risk scale, and will be more likely to be served a detection order mandating scanning of all communications content. Same applies if a service allows users to use crypto" https://t.co/RgFSNU059M
— RainDogDance (@RainDogDance) April 30, 2024
The EU is demonizing essential privacy tools like VPNs, Signal, TOR, & encrypted email services like Tutanota & ProtonMail. They also plan to monitor cryptocurrency use, so public chain users should be aware! pic.twitter.com/kCNCfj70ku
— Csilla Brimer ❤️🔥🗽🆙 (@CryptoTweetie) April 29, 2024
Leak: EU governments double down on penalising privacy-friendly and encrypted messaging services with chat control bulk scanning orders – Patrick Breyer
An updated version of the methodology to be used in the Child Sexual Abuse Regulation, leaked by the news portal Contexte, reveals more details on the approach pursued by the Belgian Council Presidency: The text doubles-down on services that allow people to protect themselves. If services are used t
Lennart Poettering intends to replace "sudo" with systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process. pic.twitter.com/yS2lB7wrE0
— hackerfantastic.x (@hackerfantastic) May 1, 2024
Just unveiled today at the Beijing auto show by Dongfeng Motors.
— Christopher David (@Tazerface16) April 30, 2024
Wouldn't it be hilarious if they sell more of their knockoffs than Tesla does of the real thing? 🤣 pic.twitter.com/aZCK1SJfMT
Policy people: should we make it illegal to pay ransoms?
Hospitals: you should blow up Russia.
I want to emphasize something here:
— Brian in Pittsburgh (@arekfurt) April 30, 2024
Yes, this is the industry group that represents U.S. hospitals actually advocating for the U.S. gov to use kinetic action against ransomware criminals in Russia/etc.
No real doubt.
This is how you say that in U.S. policymaking language: https://t.co/dSJrG8bAK0 pic.twitter.com/3BOktUeI2A
ICYMI: On Monday the American Hospitals Association yet again came out against imposition of any cybersecurity regs that might affect hospitals.
— Brian in Pittsburgh (@arekfurt) April 30, 2024
However, it is 100% in favor of the US gov making liberal use of the IC and military vs groups in RU/CN/NK.😄https://t.co/CR9IXSDV6W pic.twitter.com/FGbfwXWn2E
Why I'm resigning from The Intercepthttps://t.co/LwKc7OTC7U
— Ken Klippenstein (@kenklippenstein) April 30, 2024
Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00.https://t.co/INayQSp8fL pic.twitter.com/xhj2jepsY7
— Andy Nguyen (@theflow0) April 30, 2024
Android greybox fuzzing with AFL++ Frida mode https://t.co/dJrBrJB3sy
— b33f | 🇺🇦✊ (@FuzzySec) April 30, 2024