October 18, 2022

                October 18, 2022

            October 18, 2022

-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Tom Uren @tomatospyThe latest 'Between Two Nerds' is up:
risky.biz/BTN9/

@thegrugq and I talked about whether destructive cyber operation can be integrated with tactical military operations and...

We have doubts.
risky.bizBetween Two Nerds: Cyber Operations on the Battlefield - Risky BusinessBetween Two Nerds: Cyber Operations on the Battlefield10:40 PM ∙ Oct 17, 2022
7Likes5Retweets
-
Dmitry Grozoubinski @DmitryOpines
Russian intelligence can't unduly influence a UK Prime Minister if they can't work out who it is. 

Check and mate, Putin.11:04 AM ∙ Oct 17, 2022
15,829Likes1,877Retweets
-
Mikko Rautalahti @MikkiHEL
There's a trial here in Finland right now involving a rich dude and a bunch of scammers, and the whole thing is just the right kind of bizarre. A friend of mine described it as a Coen Brothers type of scenario, and I gotta agree. Just some incredibly bad judgment on display here.10:59 AM ∙ Oct 17, 2022
783Likes172Retweets
Mikko Rautalahti @MikkiHEL
(Incidentally, here's a photo of the MAFIA CONTRACT. You can tell it's pretty legit. I know you can't read it if you don't know Finnish, but let me assure you both grammar and spelling are pretty fucky.) 
11:55 AM ∙ Oct 17, 2022
153Likes9Retweets
-
Alice Hunt Friend @ahfdcNEW from me: What responsibilities do civilians have in the civil-military relationship, especially in our hyper-partisan present? 🧵 1/

warontherocks.com/2022/10/the-ci…
warontherocks.comThe Civilian and the State: Politics at the Heart of Civil-Military Relations - War on the RocksIn September 2022, a remarkable thing happened: War on the Rocks published an open letter about American civil-military relations signed by almost every1:49 PM ∙ Oct 17, 2022
104Likes44Retweets
-
Michael Warburton @MichaelWarbur17
Possibly the funniest 30 seconds you’ll see today.

#HardyBucks

7:42 PM ∙ Oct 16, 2022
13,729Likes1,446Retweets
-
Mondo Mascots @mondomascots
Hogo-chan and Sara-chan are reformed criminal penguins who cheer on ex-prisoners trying to reintegrate into Japanese society. 
3:01 PM ∙ Oct 17, 2022
2,689Likes560Retweets
-
Will Dormann @wdormann
Also, the latest URL Rewrite filter from Microsoft STILL isn't good enough.
Why? The IIS URL Rewrite filter has a universal bypass for ALL (not just Exchange) ASPX targets where the request uses the x-up-devcap-post-charset bypass, as described by @irsdl 
Will Dormann @wdormann@irsdl @GossiTheDog @testanull This x-up-devcap-post-charset URL Rewrite bypass for IIS DOES indeed work! If you wish to test it:
1) The target page must be ASPX. Not just ASP.
2) The request must have the binary encoded values. URLEscaped results in a 500 Error in URL Rewrite.
3) The '=' must NOT be encoded. https://t.co/a0cvMN3egD1:03 PM ∙ Oct 16, 2022
32Likes11Retweets
-
OSINTtechnical @Osinttechnical
Zaporizhia Oblast, a Ukrainian quadcopter spots a Russian grenade-carrying hexacopter, a Ukrainian MANPADS team proceeds to engage it. 
2:37 AM ∙ Oct 18, 2022
5,980Likes631Retweets
-
Tadeusz Giczan @TadeuszGiczan
And last but not least. The Belarusian-Ukrainian border is almost entirely covered by the impassable Polesie marshes, the largest wetlands in Europe. The few sections along the roads where the Russians attacked in February have been turned by Ukrainians into the Maginot Line. 15/ 
4:23 PM ∙ Oct 17, 2022
3,719Likes319Retweets
-
Jordan Schneider @jordanschnyc
Every American executive and engineer working in China’s semiconductor manufacturing industry resigned yesterday, paralyzing Chinese manufacturing overnight.

One round of sanctions from Biden did more damage than all four years of performative sanctioning under Trump.11:52 AM ∙ Oct 14, 2022
19,874Likes5,351Retweets
-
Daniel Kelley @danielmakelley
30 cybersecurity search engines for researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.10:31 PM ∙ Oct 16, 2022
5,912Likes1,550Retweets
Daniel Kelley @danielmakelley
Here's 23 free ways to learn about API security testing:

1. Video: Traceable AI, API Hacking 101.
2. Video: Katie Paxton-Fear, API Hacking.
3. Video: Bugcrowd, Bad API, hAPI Hackers.
4. Video: OWASP API Security Top 10 Webinar.
5. Blog: Detectify, How To Hack API's in 2021.10:44 AM ∙ Oct 17, 2022
656Likes202Retweets
-
Matthijs R. Koot @mrkootNew U.S. DOD reads on counter-insider threat (C-InT):

PERSEREC-PA-21-14: Fundamental Skills for the C-InT Analyst (.pdf, 40pp) dhra.mil/Portals/52/Doc…

PERSEREC-PA-21-13 C-InT Analyst Professionalization Road Map (.pdf, 10pp) dhra.mil/Portals/52/Doc…

Src: dhra.mil/PERSEREC/Selec… 
7:10 AM ∙ Oct 18, 2022
4Likes5Retweets
-
Silent Movie GIFs @silentmoviegifs
While doing publicity for Robin Hood in New York, Douglas Fairbanks accidentally shot a man with an arrow 
5:11 AM ∙ Oct 18, 2022
227Likes68Retweets
-
Brendan Dolan-Gavitt @moyix
Proposal: PhD-level course in "how to get stuff to build and run". The final exam assigns you a random GitHub repo for a paper from no less than five years ago and asks you to get it running within 24 hours4:26 AM ∙ Oct 18, 2022
2,003Likes205Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: