October 4, 2024
October 4, 2024
A tour de force of modern exploit dev. Would love to know how they found the bug in the first place? Just code auditing ? https://t.co/mNcUGuCwi9
β Dave Aitel (@daveaitel) October 3, 2024
Exploiting a remote heap overflow with a custom TCP stack
In November 2021 our team took part in the ZDI Pwn2Own Austin 2021 competition [1] with multiple entries.
Justice Department Disrupts Russian Intelligence Spear-Phishing Efforts https://t.co/bGjhzE821H #starblizzard #protect2024
β cje (@caseyjohnellis) October 3, 2024
π° SYSTEM PROMPT LEAK π°
β Pliny the Liberator π (@elder_plinius) October 3, 2024
here's the sys prompt for OpenAI's new "canvas" feature π enjoy!
"""
You are ChatGPT, a large language model trained by OpenAI.
Knowledge cutoff: 2023-10
Current date: 2024-10-03
Image input capabilities: Enabled
Personality: v2
# Tools
## bio
Theβ¦
This presentation at @virusbtn included some of the most accessible and direct explanations of direct and indirect syscall use for EDR evasion. Well put together material from Emre GΓΌller at @vmrayhttps://t.co/80raqkvMoe
β Joe SΕowik π» (@jfslowik) October 4, 2024
β¨ excited to open source *Venator*, a flexible threat detection platform that simplifies rule execution and management with k8s cronJobs and helm. flexible enough to run standalone or with other schedulers like nomadβand yes, it also has LLM integration. https://t.co/avqyQKLoLi pic.twitter.com/OiIclQnH0q
β Adel Ka (@0x4D31) September 30, 2024
The humble US Dollar cannot hope to compete with the mighty Pakistani Tangerine. Western hegemony is finished https://t.co/PoIl96GHqQ
β the prince with a thousand enemies βοΈ (@jaketropolis) October 3, 2024
U.S. and Microsoft seize over 100 websites allegedly used by Russian spies https://t.co/CVERLzoCve via @nbcnews
β Dr. Dan Lomas (@Sandbagger_01) October 4, 2024
Tough talk from UK regulator @Ofcom around surveillance actors' access to phone networks - notable because it highlights the UK as one of world's most dangerous conduits for global location tracking and account cracking https://t.co/JjkLLurBBz
β Crofton Black (@cr0ft0n) October 4, 2024
Thread by @cr0ft0n on Thread Reader App β Thread Reader App
@cr0ft0n: Tough talk from UK regulator @Ofcom around surveillance actors' access to phone networks - notable because it highlights the UK as one of world's most dangerous conduits for global location tracking and acc...β¦
Consultation: Global Titles and Mobile Network Security - Ofcom
We are proposing to strengthen our existing rules and introduce new rules to tackle misuse of Global Titles.
Introduction to Chrome exploitation (architecture, v8 pipeline, CVE-2023-4069)https://t.co/pS6WgfabP1
β 0xor0ne (@0xor0ne) October 4, 2024
Credits @matteomalvica#chrome #cybersecurity pic.twitter.com/7DJGy8JWYC
This whole hype around "perfctl" is really funny. This supposedly advaced malware uses LD_PRELOAD, xor encryption and supposedly "20k exploits" (which is 10x the number of exploits in metasploit, and not remotely plausible). In the end a "20K directory traversal fuzzing list" π€£
β Jonathan Brossard (@endrazine) October 4, 2024
And of course a "very clever trick" : user agents when downloading over HTTP πππππ
β Jonathan Brossard (@endrazine) October 4, 2024
Reversing 'France IdentitΓ©' : the new French digital ID : https://t.co/8Y6SrZrSMR pic.twitter.com/oDJsFjNHL2
β Binni Shah (@binitamshah) October 3, 2024
Data security hardware, extreme edition: "In an evacuation, shoot at the server room" https://t.co/pYpsVIPK4r
β David Hambling (@David_Hambling) October 4, 2024
reverse shell? do u mean hollaback curl?
β hermit (@ackmage) October 20, 2022
Full footage of Cryptex and UAPS raids today from the Russian Federation's Bureau of State Technical Surveillance & Russian Ministry of Internal Affairs.
β vx-underground (@vxunderground) October 2, 2024
Footage via @BratvaCorp and Irina Volk pic.twitter.com/TIRPkUG0pb