November 23, 2023

                        November 23, 2023

            November 23, 2023

        November 23, 2023

                  Skyview

To be very clear. I believe Ilya Lichtenstein took the blame. I believe his Father, Eugene, was a Russian Asset. I believe Eugene responsible for the Bitfinex Theft.  And there isca WHOLE lot more https://t.co/6M1pGdBZ11
— Brett Johnson (@GOllumfun) November 23, 2023

Don’t ever let anyone Jedi mind trick you out of the fact that the “Disclosure” in “Vulnerability Disclosure” stands for Disclosure to parties at risk so they can protect themselves, NOT disclosure to a vendor so they can sit on it & call you irresponsible if you warn the public.
— Katie🌻Moussouris (she/her) (@k8em0) November 23, 2023

Not to brag, but I've been crying in the car since way before the high gas prices
— Jason Not Evil (@JasonNotEvil) March 10, 2022

🚨 cool vehicle alert 🚨 pic.twitter.com/786bMJpcrl
— america's lounge singer (@KrangTNelson) November 22, 2023

Annual P&L for a very large cybercrime org. Customer acquisition is the expensive bit (70% of revenue just for affiliate fees) but EBITDA still ends up at ~28%.

It’s hypothetical but indicative & pieced together by @TrendMicro from leaked data & estimates https://t.co/PIl8Cil1Y8 pic.twitter.com/HatWGymnzg
— Artturi Lehtiö (@lehtior2) April 10, 2023

Excellent analysis on the (reportedly) #CIA hardware implant (bug) discovered in #Germany in 2018 to spy on a #WikiLeaks activist. Also used to spy on Julian Assange.

It was installed in a #CryptoPhone IP19.https://t.co/1TLWNrWzAF#Tradecraft #BlackBagOp
— Spy Collection (@SpyCollection1) March 24, 2023

Can we emulate Arm64 #PinePhone with @Unicorn_Engine ... To automate the testing of Apache #NuttX Real-Time Operating System with #RustLang? Let's find out!

Article: https://t.co/OFJLhbGaO7 pic.twitter.com/tIWu4y98um
— Lup Yuen Lee 李立源 (@MisterTechBlog) February 25, 2023

infosec interview tip: it's okay to say "i don't know", for example your interviewer also doesn't know how to pronounce "@thegrugq"
— “Alex” (@mangopdf) March 1, 2022

I get this all the time. “How do you pronounce grugq?” Simple, just like it’s spelled.

New idea: Airdropping these into the parking lot of the Iranian nuclear program https://t.co/J5h8ShhZ1d
— SwiftOnSecurity (@SwiftOnSecurity) November 23, 2023

20 8TB external harddrives.

These will be cloned with 5.22TB of malware and mailed to nerds.

Please pray for any inspector who decides to mount these on a Windows machine to inspect them 🙏 pic.twitter.com/IeEAyBJHLL
— vx-underground (@vxunderground) November 22, 2023

This is kinda a good point actually. People know not to plug in USB sticks they find in the parking lot… but what about external hard drives they win are sent as part of a survey to solicit “honest reviews” from “real users”? “We want bias free reviews which is why regardless of your feedback, the drive is yours to keep!” 
Next month… free home wifi routers…

                   lcamtuf :verified: :verified: :verified:: ""AI safety" is such an interesting but nebulous c…" - Infosec Exchange
"AI safety" is such an interesting but nebulous concept. If you're thinking about building a career in this space, I think it can be broadly divided into several subcategories:

1) Traditional infrastructure security & IP protection for AI platforms. We know this, we kinda suck at it. Boring. There are some novel bits here about extracting some knowledge about the model or the underlying training data via prompting, but the bulk of it is just traditional infosec.

2) Brand safety: making sure th...            

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts