October 27, 2023

                        October 27, 2023

            October 27, 2023

        October 27, 2023

If you're interested in embedded and hardware reverse engineering and security research, this is a very cool guide by @voidstarsec about putting together a hardware hacking testbedhttps://t.co/bBfXKuLo2B#infosec #hardware pic.twitter.com/zKhjcpM9GH
— 0xor0ne (@0xor0ne) October 25, 2023

https://x.com/switch_d/status/1717129377412989201

Last year I participated in a workshop in Spain to examine whether cyber espionage during peacetime should be considered an intelligence contest or military action, since some ops skirt threshold for military action. They've published paper from discussion https://t.co/YRFx1GoEUC pic.twitter.com/Ayfa2MMmXX
— Kim Zetter (@KimZetter) October 26, 2023

                  GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries
A censorship circumvention tool to evade detection by authoritarian state adversaries - GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries            

                  GitHub - hmgle/graftcp: A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy. - GitHub - hmgle/graftcp: A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or H...            

All of the domains.

                   Domains Project: Processing petabytes of data so you don’t have to | domains
World’s single largest Internet domains dataset            

                  GitHub - D00Movenok/BounceBack: ↕️🤫 Stealth redirector for your red team operation security
↕️🤫 Stealth redirector for your red team operation security - GitHub - D00Movenok/BounceBack: ↕️🤫 Stealth redirector for your red team operation security            

Russia's highest representative to the EU is said to be a spy

States of the European Union have expelled hundreds of diplomats for spying for Moscow. Research by SPIEGEL and partners now suggests: The head of the Russian EU embassy should also act as an agent.

(Difficulty setting: German + paywall)

                  EU: Höchster Vertreter Russlands bei der Europäischen Union soll Spion sein - DER SPIEGEL
Staaten der Europäischen Union haben Hunderte Diplomaten ausgewiesen, weil sie für Moskau spionierten. Recherchen des SPIEGEL und von Partnern legen nun nahe: Auch der Chef der russischen EU-Botschaft soll als Agent tätig sein.            

This report about how Kaspersky found and tracked down all of the elements of a persistent campaign to compromise to their Apple devices is a romp: https://t.co/QD4zFm9fZT
— Eva (@evacide) October 26, 2023

                  How Kaspersky obtained all stages of Operation Triangulation | Securelist
How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.            

Last week, the @WSJ published an article claiming about $90 million worth of crypto was used to fund Hamas — a serious claim that gained significant attention. 

In response to the article, anti-Bitcoin politicians directly linked the WSJ article as evidence in a letter to the…
— Sam Callahan (@samcallah) October 21, 2023

You can find the original sources below.👇

Original Fake WSJ article: https://t.co/sEjStsSgZu
Politicians' letter to the White House: https://t.co/ST3xxtUDM5
Chainalysis correction article: https://t.co/UEWpxxAGwt
— Sam Callahan (@samcallah) October 22, 2023

Honestly, wtf are you guys doing over there @1Password ? pic.twitter.com/m6R5jDtaNe
— J. A. Guerrero-Saade (@juanandres_gs) October 26, 2023

 pic.twitter.com/dczyR3geiZ
— Malwarebytes (@Malwarebytes) October 26, 2023

thou shalt not make a machine in the likeness of a social network
— qntm (@qntm) July 28, 2021

Short introduction to Linux raw sockets and port knocking technique by @Cooler_freenode
 https://t.co/kkM8ZsUTDE#Linux #network #learning #programming #infosec pic.twitter.com/jYzWAMryjq
— 0xor0ne (@0xor0ne) October 26, 2023

Thanks to Patrick Gray @riskydotbiz and Dmitri Alpertovich @DAlperovitch for the awesome time on the Risky Business podcast.  Recorded live in @NSACyber spaces with Morgan Adamski @adamski_morgan. What a great first! pic.twitter.com/encPmeVUUG
— Rob Joyce (@NSA_CSDirector) October 24, 2023

Episode is posted!   https://t.co/JOzDAfANVW
— Rob Joyce (@NSA_CSDirector) October 25, 2023

Our researcher @KolinaKoltai spoke to @InsiderNews recently about the misinformation circulating online around the current Israel-Hamas war and how our team at Bellingcat works to verify claims. https://t.co/Rr6Zjb5jEP
— Bellingcat (@bellingcat) October 25, 2023

"Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised."https://t.co/4hkM4PHcKx
— Eva (@evacide) October 27, 2023

NEW: Kaspersky releases full details on how they captured the “Triangulation” (suspected US Government) exploits and iPhone spyware targeting their employees. https://t.co/Krladw07eD
— Bill Marczak (@billmarczak) October 26, 2023

                  Thread by @billmarczak on Thread Reader App – Thread Reader App
@billmarczak: NEW: Kaspersky releases full details on how they captured the “Triangulation” (suspected US Government) exploits and iPhone spyware targeting their employees. securelist.com/operation-tria… The way Kas...…            

                  How Kaspersky obtained all stages of Operation Triangulation | Securelist
How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.            

                  Triangulation: validators, post-compromise activity and modules | Securelist
In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.            

Memory tagging is going to be a huge game changer and GrapheneOS will be on the leading edge deploying it. Stock Pixel OS has it as a developer option which isn't usable in practice since it breaks far too much. The implementation is also much less powerful than hardened_malloc.
— GrapheneOS (@GrapheneOS) October 26, 2023

UX experts rate the ability to download files without prompting the user *really* important, they say... https://t.co/ZNdas12v1Y pic.twitter.com/mm7FEXbV00
— Will Dormann (@wdormann) October 26, 2023

Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file. pic.twitter.com/xCSkaHD7zp
— Kev (@kevin_backhouse) October 9, 2023

More information here: https://t.co/kfeghVp3fi
— Kev (@kevin_backhouse) October 9, 2023

CitrixBleed.  Yep, that's it, the whole exploit.https://t.co/sZW0X65bcU pic.twitter.com/KZTKabkLYX
— IAMerica (@EricaZelic) October 26, 2023

pic.twitter.com/Yhas4106YA
— non aesthetic things (@PicturesFoIder) October 26, 2023

pic.twitter.com/qaw1nGL4jF
— Rob DenBleyker (@RobDenBleyker) October 26, 2023

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts