Security Phd: run fuzzers for days and get an unexploitable bug 🤡

Game console players: look at the fbsd kernel for 15 minutes and find a race-condition based UAF 😎https://t.co/RXr5dhoxbL

— itewqq (@lyq_sqsp) September 14, 2024

read another paper: An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors

Took some time, since I'm not that familiar with Windows internals,

Four different attack vectors were used: (CPL) a DLL (.cpl) file which can be executed… pic.twitter.com/U4oQovdQmH

— ajdin (@ajdinre) September 14, 2024

Bytecode Reuse Attack (Part 4) : https://t.co/5p9cvo3NI1

Bytecode Injection (Part 3) : https://t.co/KGASPPibhr

Fundamentals for Bytecode Exploitation (Part 2) : https://t.co/5gTSkE7QGD

Introduction to Android Bytecode Exploitation (Part 1) : https://t.co/D82tu0Vd2Z pic.twitter.com/QsiotxMsKv

— Binni Shah (@binitamshah) September 14, 2024

No need for sci-fi cyberpunk dystopias anymore, these are all real photos from the last few years pic.twitter.com/KiCyiDm0jP

— Sebastiaan de With (@sdw) September 14, 2024

By popular request here is the link to my @BlueTeamCon slide deck on Adventures in Cloud Hacking. Refresh tokens have been revoked to protect the innocent.

There is no recorded video but be on the lookout for one in the future. https://t.co/0RhH59k07Y

— rootsecdev (@rootsecdev) September 14, 2024

New #TradecraftSunday episode! This time we look into how nation-states take advantage of browser extensions/plugins for SIGINT operations.https://t.co/JaWDhq8RN3#SIGINT #cyberespionage #CNE

— Spy Collection (@SpyCollection1) September 15, 2024

Looking for some real-deal spy thrillers? Here’s a list of movies praised by the CIA for their accuracy! 🕵️‍♂️ Get ready for suspense that hits close to home. #SpyThrillers #CIA #RealisticEspionage #MustWatch #USA #spymovieshttps://t.co/ESJyoQIqTp pic.twitter.com/H47JSPxXhj

— Robert Morton (@Robert4787) September 14, 2024

The Way to Android Root: Exploiting Your GPU on Smartphone by Xiling Gong, Xuan Xing, Eugene Rodionov. Slides available at:https://t.co/wyrpO3myhz pic.twitter.com/MiW1sw13Wb

— 8kSec (@8kSec) September 13, 2024

Well, this was a stupid insomnia project, but... 😂

Playground code is here: https://t.co/GQsVFrYsvy https://t.co/KhdbhTJKxN pic.twitter.com/CQxvTUMuZP

— John Hammond (@_JohnHammond) September 13, 2024

#SpyNews - week 37 (September 8-14):
A summary of 62 espionage-related stories from week 37 coming from 🇺🇸🇮🇹🇱🇾🇮🇱🇬🇧🇩🇪🇷🇺🇨🇳🇹🇼🇾🇪🇫🇷🇳🇱🇮🇷🇸🇦🇱🇧🇳🇴🇰🇵🇰🇷🇵🇱🇧🇾🇸🇪🇧🇩🇦🇱🇹🇷🇬🇪🇨🇿🇳🇬🇰🇿🇰🇬🇹🇯🇺🇿 https://t.co/DdwSCrkLXp#espionage #OSINT #SIGINT #HUMINT #spy

— Spy Collection (@SpyCollection1) September 15, 2024

>Microsoft paves the way for Linux gaming success with plan that would kill kernel-level anti-cheat

>Microsoft has officially announced its intent to move security measures out of the kernel, following the Crowdstrike disaster a few short months ago.
The removal of kernel… pic.twitter.com/RW0NAbHvg9

— Pirat_Nation 🔴 (@Pirat_Nation) September 14, 2024

Oof, AWS had a bug that allowed Transit Gateway peering requests to be accepted by the requestor, so an attacker could accept their own requests and peer to any gateway. The prevention logic for this was only in the web console UI, not the API. 😞 https://t.co/DZLcWSaROh

— Scott Piper (@0xdabbad00) September 15, 2024

https://t.co/TjJhsc5bfyhttps://t.co/h6PBuJbwcM

Great job @0x10n https://t.co/lAf5EjmZ72 pic.twitter.com/xIOpSLSHeQ

— xvonfers (@xvonfers) September 14, 2024

PS5's umtx exploit for Lua?https://t.co/Xtt73vtDZW

— Aleksei Kulaev (@flat_z) September 14, 2024