October 26 2022

                        October 26, 2022

            October 26 2022

SEKTOR7 Institute @SEKTOR7netA primer to EDR evasion for Red Teamers, by Jorge Gimenez & Karsten Nohl.

Main takeaway: "EDRs are mostly Cobalt Strike detecting tools [these days]" 😆

youtube.com/watch?v=CKfjLn…youtube.com#HITB2022SIN EDR Evasion Primer For Red Teamers - Jorge Gimenez & Karsten NohlEDRs are everywhere, but relatively little is known about how the tools work and how to effectively circumvent them. We are effectively trusting black boxes ...12:34 PM ∙ Oct 25, 2022
321Likes94Retweets-
How to detect an online approach by Russian intelligence

https://www.dgsi.interieur.gouv.fr/la-dgsi-a-vos-cotes/contre-espionnage/sinformer/espionnage-et-petites-annonces-sur-internet

-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Shutterstock will start selling AI-generated stock imagery with help from OpenAI

https://www.theverge.com/2022/10/25/23422359/shutterstock-ai-generated-art-openai-dall-e-partnership-contributors-fund-reimbursement

-
**Stranger Strings: An exploitable flaw in SQLite**

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

Trail of Bits @trailofbits
Earlier this year, one of our interns found a vulnerability that affects applications using the SQLite library API. We are publicly disclosing that vuln today. blog.trailofbits.comStranger Strings: An exploitable flaw in SQLiteBy Andreas Kellas Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released o…11:30 AM ∙ Oct 25, 2022
279Likes100Retweets
-
The Bulwark @BulwarkOnline
"No astute Greek would have any problem identifying the events of January 6 as a step in the path by which self-government falls into tyranny." @BretDevereaux from the archives: thebulwark.comAncient Insurrections—and OursWould-be tyrants keep trying until they succeed.3:30 PM ∙ Oct 25, 2022
58Likes19Retweets
-
Electrospaces @electrospaces
Many more books about Signals Intelligence, the #NSA and the #Snowden revelations can be found here: electrospaces.net<hr style=“height:1px;border-width:0;color:gray;background-color:gray;”>BooksThe most interesting books about the NSA, the Snowden Revelations, Signals Intelligence and related topics6:43 PM ∙ Oct 25, 2022
3Likes1Retweet
-
BleepingComputer @BleepinComputer
Ukrainian charged for operating Raccoon Stealer malware service - @serghei
bleepingcomputer.comUkrainian charged for operating Raccoon Stealer malware service26-year-old Ukrainian national Mark Sokolovsky has been charged for his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.7:02 PM ∙ Oct 25, 2022
88Likes47Retweets
Colin Cowie👨🏼‍💻 @th3_protoCOLjustice.gov/usao-wdtx/page…

USA v. Mark Sokolovsky; aka Photix aka racoonstealer aka b1ack21jack7777

Originally filed on November 2nd 2021 
5:53 PM ∙ Oct 25, 2022
26Likes7Retweets-
Matt Levine @matt_levine
what is crypto bloomberg.comBloomberg - Are you a robot?10:26 AM ∙ Oct 25, 2022
5,396Likes1,107Retweets
-
Andy Greenberg’s new book is on the AlphaBay darknet market and how it was rolled up. Excerpts are ruining in WIRED.

https://www.wired.com/story/alphabay-series-part-1-the-shadow/

-
Source Incite @sourceinciteEat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager: srcincite.io/blog/2022/10/2….

This post was presented by past #FSWA student @SinSinology and meme courtesy of @lystena :) 
11:44 PM ∙ Oct 25, 2022
87Likes47Retweets-
OffensiveVNA
This repo covers some code execution and AV Evasion methods for Macros in Office documents

https://github.com/S3cur3Th1sSh1t/OffensiveVBA

-
Tyler Rogoway @Aviation_Intel
Bizarre Theft Wave Targeted Same Rotax Engines Used In Iranian Drones
thedrive.comSame Type Of Rotax Engines Used In Iranian Drones Targeted In Bizarre Theft WaveAfter Ukraine displayed an Iranian drone with a Rotax 912 motor, the global targeting of those engines by criminals is even more intriguing.10:26 PM ∙ Oct 25, 2022
253Likes86Retweets
-
Darsam 🥖🌹 @Darsam12_
Cyberpunk but French and from the 70s: it's called "Giscardpunk", it's an actual thing 
9:28 PM ∙ Oct 24, 2022
5,462Likes1,034Retweets
-
Adamned Cerious @Browtweaten
[police academy]

instructor: you failed the psych exam

me: that sucks

instructor: *handing me a badge* why10:39 PM ∙ Oct 25, 2022
20,097Likes1,559Retweets-
Tony "Abolish ICE" Arcieri 🦀🌹 @bascule
Signal usernames are coming, for real this time
community.signalusers.orgSignal Blog: Technology Deep Dive: Building a Faster ORAM Layer for EnclavesUsernames and hiding phone numbers publicly confirmed: Our new method is faster and more efficient. It lays the groundwork for the introduction of usernames and phone number privacy which will offer new privacy controls around your phone number’s visibility on Signal. @u32i64 thanks for changing…3:31 AM ∙ Oct 26, 2022
43Likes15Retweets
-
Woodrow Peel @WoodyLuvsCoffee
People don’t understand bird watchers. I do it because I don’t trust birds.9:49 AM ∙ Oct 19, 2022
818Likes210Retweets
-
Build a Passive Radar With Software-Defined Radio

https://spectrum.ieee.org/passive-radar-with-sdr

-
Matt Suiche @msuiche
Windows ARM64 Kernel Exploitation github.comGitHub - msuiche/smbalooContribute to msuiche/smbaloo development by creating an account on GitHub.5:08 PM ∙ Oct 25, 2022
59Likes24Retweets
-
bobby wasabi @bobbyteriyaki
“I can’t believe twitter is free” it isn’t, there is an inconceivable toll10:31 PM ∙ Oct 24, 2022
67,163Likes8,688Retweets
-
Inside the elaborate set-up of a scam HQ, staffed by people forced to scam

https://www.channelnewsasia.com/cna-insider/inside-elaborate-set-scam-hq-staffed-people-forced-scam-3018966

-
Frank Endrullat 🌻 @FrankEndrullat@thegrugq bsi.bund.de/DE/Service-Nav…

There’s also link to download the PDF version of the report, 
4:56 PM ∙ Oct 25, 2022
The Record by Recorded Future @TheRecord_Media
Germany’s federal cybersecurity office warned in its annual report that the threat from ransomware, political hacking, and other cybersecurity issues is at an all-time high (@AlexMartin) therecord.mediaGerman cyber agency warns threat situation is ‘higher than ever’Germany’s federal cybersecurity office warned on Tuesday that ransomware, political hacking, and other cybersecurity threats facing the country are “higher than ever.”1:56 PM ∙ Oct 25, 2022
48Likes26Retweets
-
Lukasz Olejnik @lukOlejnikNegative Pressure Room is a technical-legal-sanity requirement for biolabs or infectious-control hospitals to prevent pathogens being leaked out. Now an attack is demonstrated to fool the sensors into turning it off ... with specially crafted sound. Scary! arxiv.org/pdf/2210.03688… 
9:42 AM ∙ Oct 26, 2022
28Likes10Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts