Aha, hadn't considered this: Humint/Sigint services need not only rely on agents with malicious USB drives, but can leverage agents popping in malicious printer cartridges to pop an IT environment via the printer.#SupplyChainAttack

cc: @thegrugq https://t.co/X7O585Tr4C

— Ravi Nayyar (@ravirockks) November 12, 2023

TIL that printer cartridges may come with a printer firmware update pic.twitter.com/DEIANG253G

— Łukasz (@maldr0id) November 11, 2023

My ultimate goal in learning Chinese is to give people the same amount of whiplash that English speakers get from this video pic.twitter.com/hlxoUrF48j

— punished giorgio (@GMomurder) November 11, 2023

Came across a story that illustrates the tension in the USSR between smuggling computers & maintaining security. Translation in ALT, short summary below

In 1984, Lithuania was planning to import a Siemens 7536 computer — apparently, in some shady way — to be used at Gosplan pic.twitter.com/w5e2sjRL3z

— Oleg Shakirov (@shakirov2036) November 11, 2023

The video and slides of my talk "A 3-Year Tale of Hacking a Pwn2Own Target..." are out. Hope this presentation somehow could be another reference to your next research!

➡️ Video: https://t.co/A1bYtCT5dl
➡️ Slides: https://t.co/wMydKH0251

— Orange Tsai 🍊 (@orange_8361) November 11, 2023

Orange Tsai is especially talented and has rare wisdom to offer in this talk about targeting Sonos for three years in a row. I wish more researchers would talk about research processes / methods that work in long term targeting campaigns. https://t.co/GVRPimtP0u

— Richard Johnson (@richinseattle) November 12, 2023

This is my semi-regular encouragement to read the docs straight through. No one does it and it'll give you a massive advantage.

You don't even have to remember everything! Having a broad understanding will help you dive deep on specifics as needed. https://t.co/KA22Tolw7V

— Aaron Francis (@aarondfrancis) November 11, 2023

The problem isn’t that security isn’t effective of isn’t working heard enough. The issue is that IT ops doesn’t have appropriate levels of governance to support secure environments and processes. The fight is stakeholders against governance and accountability. Solve for that.

— Nega CISO 🏁 (@NegaCISO) November 11, 2023

Video walkthrough of Mandiant's #Flareon10 Yoda challenge: https://t.co/MVhwKpatNX

- Full CTF logic explained
- Dealing with instruction shuffling and chunked functions
- Dealing with obfuscated API calls
- Reverse engineering and decompiling ROP chains into regular functions
-…

— allthingsida (@allthingsida) November 11, 2023

Biden and Xi set to pledge a ban on use of AI in autonomous weaponry, such as drones, and in the control and deployment of nuclear warheads, sources confirmed to the Post.

Important scoop by colleagues @ipatrickbr @markmagnier, Amber Wang in DC https://t.co/4BAfLH0PxO

— Finbarr Bermingham (@fbermingham) November 12, 2023

Sure it’s pretty bad that some guy tried to hire day labourers to dispose of a corpse, but what’s arguably worse is the labourers told the police about a guy with trash bags of body parts and the police told them to piss off and stop bothering them. https://t.co/VVKX9Uehfa pic.twitter.com/TGW74r5vsH

— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) November 12, 2023

For those trying to divine planning horizons from dwell time: the activity observed within a preparatory window is never continuous.

Threat actors balance multiple targets and priorities in parallel. Time lapsed is thus not indicative of actual time spent in the environment.

— Dan Black (@DanWBlack) November 11, 2023