September 16, 2023
September 16, 2023
Android 14 Still Allows Modification of System Certificates
Tim Perry recently claimed in an article that “Android 14 blocks all modification of system certificates, even as root”. This sparked significant discussion on Hacker News. Thankfully my tests show that it is still possible to adjust the system certificate store in Android 14.
Zero Effort Private Key Compromise: Abusing SSH-Agent For Lateral Movement
Intro The other day I was looking through some videos I had bookmarked and decided to throw on AASLR: Leveraging SSH Keys for Lateral Movement by Hal Pomeranz. About halfway though the video I had to start over and open up my notes to begin documenting what I was learning because there was some really interesting material that I hadn’t seen before. Using that training as a jumping off point, I began looking into other uses of the ssh-agent utility and decided to mock up a demo in my home lab.
“Very funny, Jesus. Give it back.” pic.twitter.com/k1JDDAuNCD
— Uncle Duke (@UncleDuke1969) October 18, 2021
*Shovel
— Marl (@Marlebean) September 14, 2022
*Lye
*Gloves
Cashier: "Gardening project?"
Me: "Nope"
*Bleach
*Duct tape
*Tarp
Today Lockbit ransomware group issued a poll to all of their affiliates.
— vx-underground (@vxunderground) September 16, 2023
Lockbit is considering implementing new rules for Lockbit affiliates due to their frustration with ransomware negotiators. Currently, Lockbit ransomware group has no rules in place for how much (or how… pic.twitter.com/Yx9VJ2W6jk
Exclusive: Estonia’s Outgoing Military Spymaster on Russia’s War
Col. Margo Grosberg, the chief of Estonia’s Defense Forces Intelligence Center, sits down with The Insider after five years on the job.
"I'm off to represent the entire Red Army at the buffet". pic.twitter.com/P4ngbDRnfx
— Dr. Dan Lomas (@Sandbagger_01) September 16, 2023
Innovations move fast!
Sudanese armed forces striking RSF vehicles crossing a bridge with "suicide drones" (FPV) pic.twitter.com/hulEtLTDcy
— Mupper2 (@Mupper41) September 14, 2023
i made a proper repo for funtime, my Objective-C runtime tracing tool https://t.co/EGIZ4Pg9xt . I added the -b option to show backtraces, -t to change the theme, hexdumps for NSData, and some other nice things. still slow as hell tho pic.twitter.com/O4ZwMAQ5h2
— 𝚊𝚕𝚔𝚊𝚕𝚒 (@alkalinesec) September 15, 2023
Today it was reported an unidentified Threat Actor(s) compromised Mark Cuban - an American Billionaire, Investor and owner of the Dallas Mavericks. The Threat Actors stole approx. $870,000 worth of cryptocurrency.
— vx-underground (@vxunderground) September 16, 2023
More information here: https://t.co/vo0vurrixi
NEW: A custom alert State Dept. IT analysts implanted into their networks two years ago enabled the agency to spot and unravel one of the highest profile hacks of the summer.
— John Sakellariadis (@johnnysaks130) September 15, 2023
From me and @magmill95 https://t.co/xdlWmKYWnG
“No, look, we can’t upgrade beyond Docker 20.10, okay? That’s the last version ChatGPT knows about and if we move past it, who knows what the devs will end up committing to prod”
— Matt Simmons 🚀 (@standaloneSA) September 15, 2023