October 27, 2022
DRAGONBRIDGE is behind the strange APT41 attribution denialism and doing election related activity too. They are aggressive, well-resourced, but ultimately failing to get engagement. Election interference is no longer just Russia and Iran.
-
-
My latest post for Comment is Freed, on how the coming of winter is shaping the strategy of both sides. Includes discussion of 'dirty bombs' issue, and nuclear deterrence.
-
Analysis of TCP IP RCE CVE.
TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis | by Numen Cyber Labs | Numen Cyber Labs | Medium
An Analysis of Remote Code Execution Vulnerability CVE-2022–34718
-
First person story of a man who fell 15,000 feet and survived.
https://uss-la-ca135.org/60/1960Judkins-Knott.html-
Daniel Kaye aka “Popopret,” “Bestbuy,” “TheRealDeal,” “Logger,” “David Cohen,” “Marc Chapon,” “UserL0ser,” “Spdrman,” “Dlinch Kravitz,” “Fora Ward,” and “Ibrahim Sahil,” operator of The Real Deal marketplace, arraigned on federal charges: justice.gov/usao-ndga/pr/h…
This is the best researched cybersecurity story I’ve read all year. The utterly bonkers story of Daniel Kaye, Liberia’s internet and corporate espionage, well worth a read.
-
-
How to properly utilize git-sites for OSINT Investigations and research - My guide with tips and tricks (a 🧵) 🔎
-
Great little bits of espionage advice from the DGSI.
https://www.dgsi.interieur.gouv.fr/la-dgsi-a-vos-cotes/contre-espionnage/sinformer/lofficier-de-renseignement-et-ses-methodes-
-
Here is a thread of cats destroying our stuff throughout history, because they've always done it and they always will and for some reason we will keep loving them for it.
Two Young Women Wrapped in Yukata After a Bath. Kitagawa Utamaro, ca. 1796. ukiyo-e.org/image/met/DP13…
-
Nobody has written a good piece on the cyber and intel contest that is going to result from the new BIS export controls vs China. For example, the US wants to send the message that "if you try to cheat on them, you will get caught and added to the entity list immediately"
-
+16 kernel bugs I reported to Apple have been fixed in iOS 16/16.1. I'll give a talk on how I chained some bugs to achieve kernel r/w at #POC2022 next month, and the kernel exploit for iOS 15 will be released along with a some other high impact vulns after the conference.
-
-
Sixty years ago tonight, as the Cuban Missile Crisis escalated toward confrontation, a sentry on patrol at Duluth AFB, Minnesota, thought he saw someone climbing the perimeter fence. He shot at the intruder and activated the base sabotage alarm, which by design automatically ...
-
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri | Rambo Codes
An incredibly complicated vulnerability scenario that results in access to Siri. Complex interactions resulting in bugs is always inter
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
-
Ever wanted to use the symbols you've reversed using Ghidra in gdb on-the-fly? Wanted decompilation too? decomp2dbg v3 is out with Ghidra support! Get symbols and a source-like panel, that updates, in gdb.
Demo: youtu.be/MK7N7uQTUNY (90s)
Code:
-
Hang on, WTF?
@PostOffInquiry witness Terence Austin (Sys Prog Dir) created a task force report to deal with the bugs on Horizon in 2001, and this is what an internal ICL/@fujitsu_uk report on the status of team was:
"Whoever wrote this code clearly has no..."
#PostOfficeScandal
-
Don't miss what's next. Subscribe to the grugq's newsletter: