September 22, 2024

                            September 22, 2024

                September 22, 2024

                        September 22, 2024

"Kyrylo Budanov, Chief of the Defence Intelligence of Ukraine, provided substantiated evidence that Russian special services have access to personal correspondence of Telegram users, even deleted messages, as well as their personal data."https://t.co/PURBng7Okj
— Dan Black (@DanWBlack) September 21, 2024

A reminder iPhone still supports ethernet! pic.twitter.com/ZZ1893QEfF
— shane on the net (@looknowires) September 20, 2024

Reading about early NSA history it's kinda amusing that they had to be extremely secretive, keeping even their existence quiet for fear of ... the state department learning about them and shutting them down. It wasn't external adversaries they feared.
— Halvar Flake (@halvarflake) September 21, 2024

Huge shoutouts to https://t.co/326BXI9Ier by @nickvourd (I finally tried it mate!) which just helped me evade $commercialEDR on a job 🔥
— Leo Tsaousis (@LAripping) September 20, 2024

C is Latin, the root of all modern languages, the whole universe used to speak it.

C++ is French, it’s Latin with fancy rules, used by the elite around the world & in specific circles.

JavaScript is English, everybody speaks it, most speakers speak it poorly and others don’t…
— Magdalena (@_RustyRooster) September 20, 2024

#SpyNews - week 38 (September 15-21):

A summary of 79 espionage-related stories from week 38 coming from 🇨🇿🇨🇳🇱🇧🇮🇱🇹🇭🇰🇿🇹🇷🇪🇸🇻🇪🇺🇸🇬🇧🇩🇪🇨🇦🇦🇺🇳🇿🇫🇷🇧🇪🇳🇱🇮🇷🇺🇦🇷🇺🇳🇴🇲🇩🇬🇷🇮🇹🇻🇬🇲🇰🇨🇾🇧🇾🇯🇵🇦🇿🇫🇯🇸🇾🇰🇵🇦🇲🇹🇼🇱🇾🇺🇿🇾🇪🇫🇮🇱🇹🇭🇺🇧🇬🇨🇺🇵🇱🇦🇪🇵🇭🇲🇽 https://t.co/e97x7y6Ptm#Espionage #OSINT #HUMINT #SIGINT #spy
— Spy Collection (@SpyCollection1) September 22, 2024

Love a good client-side exploit chain! This crazy cross-product chain targeting Google by @rebane2001 is a great example of the type of exploit that gets easier the longer you spend targeting a single company https://t.co/mxhH2N7teW
— James Kettle (@albinowax) September 19, 2024

Halloween comin lawd 👻 get prepared #infosec pic.twitter.com/Tg0IkhVZZU
— оɹʇǝⱭ Jones - (╯°□°）╯︵ ┻━┻ (@DetroJones) September 20, 2024

Blog about my @PwnieAwards nominated Exchange RCE gadget chain dropped:

1) File Write to drop DLL to unknown directory and leak this path to log file.

2) File Read to leak write location from the log file.

3) Local DLL loading gadget -> RCE 

It was a fun process 🥲 https://t.co/hs7vNBtOJZ
— Piotr Bazydło (@chudyPB) September 19, 2024

   Marco Ivaldi: "Continuing the tour of my @github projects, the #…" - Infosec Exchange
Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

https://github.com/0xdea/tactical-exploitation

"The Other Way to Pen-Test" -- @hdm & @Valsmith@mastodon.social 

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationG...

                            Don't miss what's next. Subscribe to the grugq's newsletter: