Very detailed analysis of attack chain (0day path traversal & command injection, same as it ever was) => Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA - https://t.co/jC8HRIJoTw pic.twitter.com/vr3IJcem3w

— b33f | 🇺🇦✊ (@FuzzySec) October 13, 2024

Been a while setting up my new environment. im back nerds ... ;)

PPID Spoofing: https://t.co/njwuTpIvcS#maldev #development #letsgoo #rust #pwn pic.twitter.com/IiiZBd81Cz

— Smukx.E (@5mukx) October 13, 2024

Big statement by Canadian police. “An extraordinary situation is compelling us to speak about what we have discovered in our multiple ongoing investigations into the involvement of agents of the Government of India in serious criminal activity in Canada” https://t.co/TMaGMyiOo0

— Shashank Joshi (@shashj) October 14, 2024

The underlying paper on clickjacking has the wonderful name:

All Your Clicks Belong to Me:
Investigating Click Interception on the Webhttps://t.co/CBcSNnOe1F pic.twitter.com/pGhZgACedX

— Eileen Clancy (@clancynewyork) August 26, 2019

Be careful everyone, this happened in greystones. The lady's daughter was scammed out of €1000, using a QR code that she scanned to pay for parking. pic.twitter.com/oGlb4Zk2Xl

— lozzyloz (@lozzylozboz) October 13, 2024

New Blog Alert! 🚨

Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs.

Learn how it combines Early Bird APC Injection & EDR-Preloading: https://t.co/oWreVHNKyL pic.twitter.com/QrvDyJwGHP

— Outflank (@OutflankNL) October 15, 2024

I really would love to know which EDRs you tested this against cause your "novel" technique involves everything an EDR is looking for:
- Creating a handle to remote process
- remote memory allocation
- remote memory reprotection and writing
- Resume thread

Would test myself but…

— SOC FI (@SOC5444) October 15, 2024