October 24, 2024
October 24, 2024
My talk on finding security vulnerabilities by combining classical symbolic reasoners with modern-day LLMs:
— Mayur Naik (@AI4Code) October 23, 2024
Recording: https://t.co/XlmTnixZJd
Slides: https://t.co/Qk8Qj0aVys
I gave this talk yesterday at the 2024 Static Analysis Symposium in Pasadena, California.
Finding… pic.twitter.com/bP5PxAopVR
Very clever phish.
— Tim Medin 🇺🇦 (@TimMedin) October 23, 2024
Attacker sends a Docusign (actually from Docusign). On the signing page, the only thing is a link and “tap here to view document”, which takes you to an MS phishing page. pic.twitter.com/FJC8Sr6PwQ
The soft nylon carrying bag for a W54 nuclear warhead with a yield varied from 0.1 to 1 kiloton. pic.twitter.com/jP1Mtwp5Xp
— NUKES (@atomicarchive) October 23, 2024
Our talk from @defcon is now available! In the presented research, we document every EDR bypass technique used in the wild along with how to detect it using new memory forensics techniques and @volatility plugins. Feedback appreciated!https://t.co/fWD57fzchj#DFIR
— Andrew Case (@attrc) October 23, 2024
New: inside the US government-bought tool that can track phones at abortion clinics. Called Locate X, it tracks phones around the world without a warrant. Leakers showed it in action, we watched a phone go from Alabama, to an abortion clinic, back again https://t.co/r0HBBRn3aL
— Joseph Cox (@josephfcox) October 23, 2024
If you want to (likely) opt-out of this surveillance, there are two things to do. MAID and location.
— Joseph Cox (@josephfcox) October 23, 2024
MAID Apple: https://t.co/pQLW3J11eS
MAID Google: https://t.co/Zilm9m7YUZ
Location Apple: https://t.co/w8ZuzC4oQJ
Location Google: https://t.co/xIYdc660v3
Please don’t touch that,
— rekdt (@rekdt) October 23, 2024
It’s my emotional support Any Any Any Allow rule
Detect WFP filters blocking EDR communications
The aim of this tool is to detect potential silencers of an EDR (or the process you choose). Based on the attack against EDR developed by EDRSilencer and FireBlock, EDRNoiseMaker trys to detect them by checking a list of executables that have been silenced using the Windows Filtering Platform (WFP). REF:
GitHub - amjcyber/EDRNoiseMaker: Detect WFP filters blocking EDR communications
The game is afoot! Haha
I have so much fun while developing the EDRmetry - Effective Linux EDR/SIEM Evaluation Testing Playbook.
— cr0 @ Defensive-Security.com / PurpleLabs (@cr0nym) October 23, 2024
The FAQ section has been added recently. Join the waitlist! ✌️https://t.co/OfZpyCKH81https://t.co/3IljbZsmQ9
jesus fucking christ https://t.co/MyOmpBECgy pic.twitter.com/yKV9aUmf0x
— wukko (@uwukko) October 23, 2024
This will doubtless be an entire genre of articles going forward.
Never tell your electrical engineer parent you want to be a transformer for Halloween. pic.twitter.com/Hzw8g89fUV
— Timothy Imholt (@TimothyImholt) October 23, 2024
'Reflections on Trusting Trust', but completely by accident this time
‘Reflections on Trusting Trust’, but completely by accident this time | secret club
Compilers are complicated. You just won’t believe how vastly, hugely, mind-bogglingly complicated they are. I mean, you may think C build systems are painful, but they’re just peanuts to compilers. - Douglas Adams, probably This blog post assumes you have some knowledge of LLVM internals - I’ll try to fill in some of the lesser-known gaps but there are likely some other, better resources out there for learning about that. I have only one other post on this blog at the time of writing. It describ...
SELinux bypasses
SELinux bypasses | Klecko Blog
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.
— Posts By Feds (@SuspectFed) October 23, 2024
What are they a CNA??
— Joshua J. Drake (@jduck) October 23, 2024