November 12, 2023
November 12, 2023
Aha, hadn't considered this: Humint/Sigint services need not only rely on agents with malicious USB drives, but can leverage agents popping in malicious printer cartridges to pop an IT environment via the printer.#SupplyChainAttack
— Ravi Nayyar (@ravirockks) November 12, 2023
cc: @thegrugq https://t.co/X7O585Tr4C
TIL that printer cartridges may come with a printer firmware update pic.twitter.com/DEIANG253G
— Łukasz (@maldr0id) November 11, 2023
My ultimate goal in learning Chinese is to give people the same amount of whiplash that English speakers get from this video pic.twitter.com/hlxoUrF48j
— punished giorgio (@GMomurder) November 11, 2023
Came across a story that illustrates the tension in the USSR between smuggling computers & maintaining security. Translation in ALT, short summary below
— Oleg Shakirov (@shakirov2036) November 11, 2023
In 1984, Lithuania was planning to import a Siemens 7536 computer — apparently, in some shady way — to be used at Gosplan pic.twitter.com/w5e2sjRL3z
The video and slides of my talk "A 3-Year Tale of Hacking a Pwn2Own Target..." are out. Hope this presentation somehow could be another reference to your next research!
— Orange Tsai 🍊 (@orange_8361) November 11, 2023
➡️ Video: https://t.co/A1bYtCT5dl
➡️ Slides: https://t.co/wMydKH0251
Orange Tsai is especially talented and has rare wisdom to offer in this talk about targeting Sonos for three years in a row. I wish more researchers would talk about research processes / methods that work in long term targeting campaigns. https://t.co/GVRPimtP0u
— Richard Johnson (@richinseattle) November 12, 2023
This is my semi-regular encouragement to read the docs straight through. No one does it and it'll give you a massive advantage.
— Aaron Francis (@aarondfrancis) November 11, 2023
You don't even have to remember everything! Having a broad understanding will help you dive deep on specifics as needed. https://t.co/KA22Tolw7V
Strong endorse.
The problem isn’t that security isn’t effective of isn’t working heard enough. The issue is that IT ops doesn’t have appropriate levels of governance to support secure environments and processes. The fight is stakeholders against governance and accountability. Solve for that.
— Nega CISO 🏁 (@NegaCISO) November 11, 2023
Video walkthrough of Mandiant's #Flareon10 Yoda challenge: https://t.co/MVhwKpatNX
— allthingsida (@allthingsida) November 11, 2023
- Full CTF logic explained
- Dealing with instruction shuffling and chunked functions
- Dealing with obfuscated API calls
- Reverse engineering and decompiling ROP chains into regular functions
-…
Debunking the Myth of “Anonymous” Data | Electronic Frontier Foundation
Today, almost everything about our lives is digitally recorded and stored somewhere. Each credit card purchase, personal medical diagnosis, and preference about music and books is recorded and then used to predict what we like and dislike, and—ultimately—who we are. This often happens without our...
Biden and Xi set to pledge a ban on use of AI in autonomous weaponry, such as drones, and in the control and deployment of nuclear warheads, sources confirmed to the Post.
— Finbarr Bermingham (@fbermingham) November 12, 2023
Important scoop by colleagues @ipatrickbr @markmagnier, Amber Wang in DC https://t.co/4BAfLH0PxO
Seems like this will just lead to a lot of lawyering about what is AI and what is a weapon anyway. After all, there is no essence of weapon. Weapon is from the use. Like the “fire trucks” that China sells to DPRK which are just mobile icbm launchers but with a ladder in place of the missile. It’s a civilian vehicle. Until someone replaces the ladder…
Or a brick. A brick is not a weapon unless it is used as one.
Maybe China will be selling autonomous ground vehicles that have AI guided cameras on a gimbal that could theoretically have a gun or missile attached. Though that would no doubt violate the warranty and you’d never be able to get it serviced again. 🙄
Sure it’s pretty bad that some guy tried to hire day labourers to dispose of a corpse, but what’s arguably worse is the labourers told the police about a guy with trash bags of body parts and the police told them to piss off and stop bothering them. https://t.co/VVKX9Uehfa pic.twitter.com/TGW74r5vsH
— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) November 12, 2023
For those trying to divine planning horizons from dwell time: the activity observed within a preparatory window is never continuous.
— Dan Black (@DanWBlack) November 11, 2023
Threat actors balance multiple targets and priorities in parallel. Time lapsed is thus not indicative of actual time spent in the environment.