October 25, 2022

                October 25, 2022

            October 25, 2022

Santiago @svpino
A question on every machine learning interview:

Bias, variance, and their tradeoff.

Here is the explanation I wish I had when I started:

1 of 1712:00 PM ∙ Oct 24, 2022
3,026Likes575Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Cerbersec @cerbersec
Reading stuff from @33y0re always blows my mind
connormcgarr.github.ioExploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFGDealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).12:03 PM ∙ Oct 24, 2022
77Likes20Retweets
-
reverseame @reverseame
AST Injection, Prototype Pollution to RCE blog.p6.isAST Injection, Prototype Pollution to RCEThis article describes how to trigger RCEin two well-known template engines,using a new technique called AST Injection. AST InjectionWhat is AST? https://en.wikipedia.org/wiki/Abstract_syntax_tree8:13 AM ∙ Oct 24, 2022
74Likes44Retweets
-
FatMan @FatManTerra
Two hours ago, Freeway halted all platform withdrawals. They also wiped the names of all team members from their website. It looks like it's over. Another $100m+ rug.  
FatMan @FatManTerra
If anyone has funds in crypto yield platform Freeway, I would suggest withdrawing right away. I believe they are operating a Ponzi scheme. In my opinion, it's likely that Freeway will collapse within the next few months and that all depositors will lose everything.6:16 PM ∙ Oct 23, 2022
1,797Likes427Retweets
-
No Context Brits @NoContextBrits
Not again. 
9:13 AM ∙ Oct 24, 2022
68,127Likes4,637Retweets
-
Donncha Ó Cearbhaill @DonnchaC
NEW RESEARCH: Watch how NSO Group's zero-click attacks have evolved over recent years. Joint research by @AmnestyTech and @billmarczak (@citizenlab)  presented at @virusbtn. 

Exploit archaeology: A forensic history of in-the-wild NSO Group exploits
youtu.beExploit archaeology a forensic history of in the wild NSO Group exploits Donncha Ó Cearbhaill AmnestPresented at the VB2022 conference in Prague, 28 - 30 September, 2022.↓ Slides: N/A↓ Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2022/paper...2:53 PM ∙ Oct 24, 2022
262Likes107Retweets
Donncha Ó Cearbhaill @DonnchaC
Our analysis identifies at least SIX distinct zero-click exploit chains used to install Pegasus on iPhones and Android devices around the world since 2017.

Full technical information in our forensic paper: 2:53 PM ∙ Oct 24, 2022
50Likes20Retweets
-
Nat @0xDISRELThe code and blogpost for getting Ring 0 using VBA Macro Office Doc is finally up! - disrel.com/posts/Ring0VBA…

Sorry for the delay, been dealing with life! 
Nat @0xDISRELUsing Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NT AUTHORITY\SYSTEM

TL;DR - Ring 0 using Office Doc}

Blogpost incoming soon lol

Thanks to @Coldzer0x0 @kasua02 for the encouragement and help. https://t.co/psplpgvNuU
2:04 PM ∙ Oct 24, 2022
374Likes153Retweets
-
Jeff Stone @jeffstone500
New: US unseals charges against two Chinese intelligence officers for allegedly  obstructing an investigation into "a global telecommunications company." 

Firm is unnamed in the indictment, but is consistent with Huawei, per @business reporting. 

bloomberg.comBloomberg - Are you a robot?3:53 PM ∙ Oct 24, 2022
55Likes31Retweets
-
esjay @esj4yHere a auth'd RCE on the Aukey WR-R01 SOHO Router 0day:

github.com/3sjay/sploits/…

Vendor doesn't respond and also doesn't seem to produce/sell them anymore...
github.comsploits/aukey-wr-01-RCE-0day.py at main · 3sjay/sploitssome sploits. Contribute to 3sjay/sploits development by creating an account on GitHub.6:04 PM ∙ Oct 23, 2022
72Likes24Retweets
-
reverseame @reverseame
Interesting paper from ACM CCS'22 » "Jit-Picking: Differential Fuzzing of JavaScript Engines" 4:14 PM ∙ Oct 24, 2022
40Likes19Retweets
-
Rob Joyce @NSA_CSDirector
1:49 PM ∙ Oct 24, 2022
1,072Likes171Retweets
-
Samperson (Crime Arc) @SamNChiet
ancient code comments are tomes containing the last screams from lost souls 
7:38 AM ∙ Oct 24, 2022
34,871Likes5,220Retweets
-
Kevin Collier @kevincollier
Here's an OCR'd version of the unsealed charges that allege two Chinese intelligence officers tried to bribe a US official into impeding the investigation into a company that sounds an awful lot like Huawei.
4:38 PM ∙ Oct 24, 2022
587Likes260Retweets
-
Aric Toler @AricTolerNew on @bellingcat: we (mostly @christogrozev) identified the team of Russian programmers who guide the rockets attacking Ukraine. Christo even identified who was working on which missile type.

Thanks to investigative partners @the_ins_ru and @derspiegel 
bellingcat.com/news/uk-and-eu… 
6:09 PM ∙ Oct 24, 2022
4,342Likes1,482Retweets
-
_MG_ @_MG_But does it come in black? And with more storage? And tons of extra features like covert HID exfil?
Yes. Yes it does. 

OMG Plug - Elite
o.mg.lol 
3:30 PM ∙ Oct 24, 2022
230Likes53Retweets-
Dutch defense lawyers are complaining about the use of secret techniques to collect and decrypt encrypted data from “secure phones.” 

https://nos.nl/l/2449687

-
Matthijs R. Koot @mrkootDOJ: Chinese Intelligence Officers Charged with Using Academic Cover to Target Individuals in the U.S. (Oct 24) justice.gov/usao-nj/pr/chi…

Re: 3 MSS officers + 1 person who "acted for & on behalf of" PRC & MSS, active in 2008-2018.

Indictment (.pdf, 18pp) justice.gov/usao-nj/press-…
10:15 AM ∙ Oct 25, 2022
7Likes4Retweets
-
Centrist Panera Mom @mountainherder
This suit is meant to break up Taylor’s shape against the background, making it difficult for German battleships to ascertain her speed and direction. https://t.co/0EI2LUgbGJ
Pop Crave @PopCrave
Taylor Swift looks incredible for ‘The Tonight Show Starring Jimmy Fallon.’ #TaylorOnFallon https://t.co/2uWt89F0cb2:51 AM ∙ Oct 25, 2022
7,306Likes995Retweets
Pop Crave @PopCrave
Taylor Swift looks incredible for ‘The Tonight Show Starring Jimmy Fallon.’ #TaylorOnFallon 
1:13 AM ∙ Oct 25, 2022
10,689Likes980Retweets
-
Lethal aid respector @SecretNofun
The OSINT system. 
12:29 PM ∙ Oct 25, 2022
116Likes25Retweets
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: