September 24, 2022

                        September 24, 2022

            September 24, 2022

        Austrian military presentation on the cyber aspects of the Russo   Ukraine war. It is quite good, and the auto translated subtitles are perfectly serviceable. 

-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Rejoice! Perun O’clock

-
Bakhti Nishanov @b_nishanov
Commissariats responsible for draft are going up in flames in Russia. Reportedly at least 9 since the start of the mobilization. Most of draft records are in paper so if one of these goes up in flames, there is a good chance you are not getting a draft notice any time soon 
12:42 PM ∙ Sep 23, 2022
323Likes93Retweets
-
Lukasz Olejnik @lukOlejnikAssessment of U.S. NUCLEAR WEAPONS CYBERSECURITY: "plans to increasingly integrate digital systems into nuclear weapons, automate manufacturing processes and equipment, and rely on advanced computer processing capabilities". Let's hope it all ends well! gao.gov/assets/gao-22-…  
Lukasz Olejnik @lukOlejnik
My opinion article in @WIRED on cyber risk of weapons systems. Complex and computerised, with obvious capabilities. Systems fortunately (hopefully) isolated... What might be the consequences of loss of control? They do contain cybersecurity vulnerabilities https://t.co/FHuelrdWwU
2:20 PM ∙ Sep 23, 2022
24Likes8Retweets
-
CHA Minseok(Jacky) @mstoned7AhnLab released the Analysis Report on Lazarus Group’s Rootkit Attack Using BYOVD : asec.ahnlab.com/en/38993/ , 
6:00 AM ∙ Sep 22, 2022
213Likes95Retweets
-
Matthew Keys @MatthewKeysLive
#BREAKING: Police in the United Kingdom have arrested a 17-year-old suspected of hacking Rockstar Games and leaking data associated with Grand Theft Auto 6.1:02 PM ∙ Sep 23, 2022
7,993Likes933Retweets
-
SLF @slffishIt's here! A brand new digest of the coolest security research in Q3. Links, mirrors on slf.fish. 

Don't forget, if there's something we should consider for Q4... drop us a line! 
1:04 PM ∙ Sep 23, 2022
4Likes3Retweets
-
Sir Michael @Michael1979
Day 10 of being Everyone's Personal Assistant. Sometimes in this line of work, you find yourself in the middle of domestic disputes and you just have to remain professional 
2:00 PM ∙ Sep 23, 2022
5,672Likes540Retweets
-
DnD Sesame Tweet @DnDSesame
we had to see this, so now you do also 
12:43 AM ∙ Sep 23, 2022
220,180Likes30,185Retweets
-
And the full movie proposal 
Ben Nagy @rantyben
1:17 PM ∙ Sep 23, 2022
20Likes4Retweets
Ben Nagy @rantyben
1:24 PM ∙ Sep 23, 2022
24Likes5Retweets
Ben Nagy @rantyben
Miss Piggy (in Power Loader): Hiiiiiiiii YAH!
Kermit Alien: *waving arms* nooo! aaaaaaaaa!

CHORUS RUSHES IN

IT’S TIME TO BLOW THE AIRLOCK
IT’S TIME TO VENT THE GAS
IT’S TIME TO SEND THE CARGO
AND THE MONSTER INTO SPACE3:44 PM ∙ Sep 23, 2022
70Likes21Retweets
-
Greg Egan @gregeganSF
After dying, we strongly recommend that you do *not* disclose any personal information to superficially angelic-looking interlocutors, as this is likely to be a phishing attempt. Type the URL for paradise manually into your soul’s browser, and double-check for a padlock symbol.11:39 AM ∙ Sep 23, 2022
1,039Likes231Retweets
-
Trent Telenko @TrentTelenko
This is a "The World has changed" video.

The Iranian Shahed-136 drone in the Russian's hands is acting as a small propeller cruise missile several hundred kilometers from the nearest Russian position.

No USAF, USMC or US Army airbase or heliport is safe from such munitions
1/14 
Clash Report @clashreport
Ukrainian forces claim to have shot downed an Iranian loitering ammunition (kamikaze UAV) Shahed-136 aka “Geran-2” over Odessa. https://t.co/yTQecLseLy3:06 PM ∙ Sep 23, 2022
1,159Likes233Retweets
-
Ollie Whitehouse @ollieatnccgroupWeekly summary is out:

- ❓ops against middle eastern telcos/🎓.
- 🇷🇺 ops in 🇺🇦🇪🇺
- 🇨🇳 ops against Tibet/Uyghurs
- 🇰🇵 ops using vuln drivers
- OCG use cloud to crack private keys

plus
- Stopping driver attacks
- AD for Linux
- OAuth exploits

and more..

bluepurple.substack.com/p/bluepurple-p…
bluepurple.substack.comBluepurple Pulse: week ending September 25thI got the date right this week.. 🥇 to me...6:01 AM ∙ Sep 24, 2022
12Likes4Retweets
-
Happy Ten Year Anniversary! 
Mikko tweets from 2012 @mikko__2012
"OPSEC for hackers". Slides from @thegrugq's talk at Ekoparty 2012: slideshare.netOPSEC for hackersA gentle introduction to keeping your mouth shut. Video of the talk: https://www.youtube.com/watch?v=9XaYdCdwiWU8:06 AM ∙ Sep 24, 2022
27Likes5Retweets
-
Lorenzo Franceschi-Bicchierai @lorenzofb
NEW: Signal is asking people to set up proxy servers to help Iranians get around the government's block of the encrypted app. 

I haven't tried but Signal says it's very easy to set up the proxies. 

vice.comSignal Is Asking People Around the World to Help Iranians Access the Encrypted AppThe encrypted chat app published “easy” detailed instructions to help anyone set up a proxy server to help Iranians.3:28 PM ∙ Sep 23, 2022
1,300Likes406Retweets
-
Crypto. Scam. Fraud. Shocked!
sarah emerson @SarahNEmerson
SCOOP: A Forbes investigation based on leaked documents, former employee testimonies, and blockchain data found that as @helium crypto execs touted the equality of the "People's Network," they quietly amassed the majority of its wealth at the start.
forbes.comCrypto Darling Helium Promised A ‘People’s Network.’ Instead, Its Executives Got Rich.Helium was touted as the best real-world use case of Web3 technology. But a Forbes investigation found that executives and their friends quietly hoarded the majority of wealth at the project’s inception.2:54 PM ∙ Sep 23, 2022
655Likes247Retweets
-
Zach Dorfman @zachsdorfman
NEW: Via the declassified Polish cold war intel archive, I obtained a KGB-era Russia-language document cataloging a massive U.S. bugging operation of Soviet diplomatic facilities in DC, NYC, & SF, as well as of the apartments and cars of Soviet personnel.

thebrushpass.projectbrazen.comUnearthed File Reveals Huge Cold War-Era U.S. Bugging Operation Against SovietsThere are a number of unwritten rules in the world of espionage. These practices of the profession — though quietly accepted universally as “fair game” — can engender haughty rhetorical denunciations when an offending state is caught engaging in them. Sometimes, countries will strategically disclos…4:33 PM ∙ Sep 22, 2022
181Likes77Retweets
-
John Hultquist🌻 @JohnHultquist

John Hultquist🌻 @JohnHultquist
We’ve further linked hacktivist leaks and GRU intrusions. I am concerned that they have established deniable personas they will use for mischief (like elections) and I’m concerned we are not taking hacktivists seriously when some are serious players. (1/2) https://t.co/Yzgzy1OgmM12:23 PM ∙ Sep 23, 2022
241Likes54Retweets
-
netspooky.lock @netspooky_Here's a PoC for a file format I've been dreaming about for a bit called "xx". It's a way to take all of the ASCII art I like to make to describe hex dumps, and turn it back into a valid file.

github.com/netspooky/xx 
12:27 AM ∙ Sep 24, 2022
420Likes87Retweets
-
Center for Security and Emerging Technology @CSETGeorgetown
✨New Issue Brief✨

China is rapidly building cyber ranges that allow cybersecurity teams to test new tools, practice attack / defense + evaluate the cybersecurity of products / services. @DakotaInDC examines 5 of these facilities, some w/ military ties. cset.georgetown.eduDownrange: A Survey of China’s Cyber Ranges - Center for Security and Emerging TechnologyChina is rapidly building cyber ranges that allow cybersecurity teams to test new tools, practice attack and defense, and evaluate the cybersecurity of a particular product or service. The presence of these facilities suggests a concerted effort on the part of the Chinese government, in partnership…2:02 PM ∙ Sep 23, 2022
17Likes8Retweets
-
The coolest mystery right now, Max Leg-room.  (Credi @jonoberheide)
Emerson Collins @ActuallyEmerson
The weirdest flight ever.
These sounds started over the intercom before takeoff and continued throughout the flight.
They couldn’t stop it, and after landing still had no idea what it was. 
12:28 AM ∙ Sep 23, 2022
19,505Likes2,233Retweets
🇺🇦 JonNYC 🇺🇦 @xJonNYC
10:52 PM ∙ Sep 20, 2022
37Likes5Retweets
https://news.ycombinator.com/item?id=32958319
Count down til we learn it’s a teenager from Lapsus$ who paid someone $100 for VPN creds and somehow found the “remote access PA system” powershell script.
-
H I Sutton @CovertShores#Ukraine’s new explosive drone boat compared to other Explosive boats -> hisutton.com/Ukraines-New-E…

It’s different in a few ways…. 
6:11 AM ∙ Sep 23, 2022
908Likes193Retweets
-
Jack Watling @Jack_Watling
Time is the Hidden Flank in Assessing Russia’s Mobilisation | I write for ⁦@RUSI_org⁩ rusi.orgTime is the Hidden Flank in Assessing Russia’s MobilisationVladimir Putin made a mistake by delaying the decision to mobilise, but it is vital that the West avoids similarly squandering advantage through procrastination and complacency.6:19 PM ∙ Sep 23, 2022
220Likes78Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts