November 9, 2024 redux

                November 9, 2024

            November 9, 2024 redux

            November 9, 2024
iOS 18.1 added an implementation of the auto-reboot timer for locked devices we've been using in GrapheneOS since June 2021:https://t.co/f0vq6yzGZh

This was one of our early generation protections against forensic data extraction. We added a lot more protections this year.
— GrapheneOS (@GrapheneOS) November 9, 2024

https://www.fbi.gov/history/famous-cases/machine-gun-kelly 

Apple indeed added a feature called "inactivity reboot" in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device.https://t.co/ONZuU9zVt2 https://t.co/4ORUqR6P6N pic.twitter.com/O3jijuqpN0
— Jiska (@naehrdine) November 8, 2024

Whoa, if a Republican president wins in the U.S., the plan would be to integrate "cyber and electronic warfare (EW) doctrine and capabilities, abiding by the time-tested norms of combined-arms warfare". https://t.co/pGNRUWOE0S
— Lukasz Olejnik (@lukOlejnik) January 19, 2024

"preliminary evidence from the war in Ukraine suggests that existing cyber doctrine and certain capability and target assumptions may be incorrect or misplaced" pic.twitter.com/SfEFjOfWTU
— Lukasz Olejnik (@lukOlejnik) January 19, 2024

BTW, the reason we are releasing a new version of ShellcodePack that soon is that since a few weeks Defender has launched a crackdown on  most AMSI bypass methods available in opensource tools. Including Donut, Sliver, etc. 
We are thus releasing our own custom method that is not… https://t.co/THl9L3B4HM
— Emeric Nasi (@EmericNasi) November 8, 2024

Patch diffing CVE-2024-20696 (integer overflow vulnerability in the Libarchive library)https://t.co/dextETvFy5

Credits @clearbluejar#windows #infosec pic.twitter.com/Np2uklt8JD
— 0xor0ne (@0xor0ne) November 8, 2024

Storing files on lichess.com as chess games. Kinda clever for a covert comms channel if the bandwidth requirement is small. https://www.youtube.com/watch?v=TUtafoC4-7k Code: https://github.com/WintrCat/chessencryption 

Kids need a better relationship with technology but the proposed ban is a perfect example of the politician's fallacy.

1. Something must be done.
2. This is something.
3. Therefore, we must do this.

The implementation challenges and 2nd order consequences are scary. (1/9) https://t.co/7pLghhHG6v
— Shane Huntley (@ShaneHuntley) November 9, 2024

https://threadreaderapp.com/thread/1855092418737324403.html 

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: