the grugq's newsletter
Subscribe
RSS
Archive
June 7, 2024
June 7, 2024
June 7, 2024 🚨NEW: Last Christmas Eve, @newsbreakApp, a free app with roots in China that is the most downloaded news app in the U.S. published an alarming...
June 6, 2024
June 6, 2024
June 6, 2024 Study shows banning false information traffickers online can improve public discourse Post-January 6th deplatforming reduced the reach of...
June 5, 2024
June 5, 2024
June 5, 2024 Russian citizens have lost $2.8 billion to phone scammers in 2023. Deputy Board Chairman of Russia Sberbank Stanislav Kuznetsov says the...
June 4, 2024
June 4, 2024
June 4, 2024 I recently found an exploitable timing leak in the reference implementation of Kyber (ML-KEM), the soon-to-be NIST standard for post-quantum key...
June 3, 2024
June 3, 2024
June 3, 2024 We are happy to share our slides for TyphoonCon 2024 and the exploit code for v8ctf. We hope this will be helpful for those who study browser...
June 1, 2024
June 1, 2024
June 1, 2024 I’m not freaking out that the year is half over, you’re freaking out! Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall...
May 31, 2024
May 31, 2024
May 31, 2024 SIREN 1: you absolutely cannot make them do it again SIREN 2: I really can i'll do it right now SIREN 3: is this a nice thing to be doing SIREN...
May 30, 2024
May 30, 2024
May 30, 2024 May 22nd security research @GossiTheDog was able to get Microsoft Recall. His wrote a long thread on Mastodon regarding it. The full thread is...
May 29, 2024
May 29, 2024
May 29, 2024 Given the recent data released from the publishing industry, I estimate there are ~500 non-celebrity book authors making a living. Meanwhile,...
May 28, 2024
May 28, 2024
May 28, 2024 it's so cool that they fed every reddit shitpost into this thing and there's probably no way to fix it now pic.twitter.com/W0I0wjbeAx— lauren...
May 27, 2024
May 27, 2024
May 27, 2024 just finished a new blogpost on how i exploited the V8 javascript engine at a CTF! it's a beginner friendly journey from a memory corruption to...
May 26, 2024
May 26, 2024
May 26, 2024 "Spy" is also interchangeable with "idiot".https://t.co/buyTvjpoQ5 via @MailOnline— Dr. Dan Lomas (@Sandbagger_01) May 23, 2024 Great free book...
May 25, 2024
May 25, 2024
May 25, 2024 https://www.antipope.org/charlie/blog-static/2024/05/on-mistaking-a-transient-state.html...
May 24, 2024
May 24, 2024
May 24, 2024 BORN TO CODE KERNEL IS A FUCK Compile Em All C89 I am mailing list man 410,757,864,530 CVEs https://t.co/IpCMclFydq— chompie (@chompie1337) May...
May 23, 2024
May 23, 2024
May 23, 2024 Google AI overview suggests adding glue to get cheese to stick to pizza, and it turns out the source is an 11 year old Reddit comment from user...
May 22, 2024
May 22, 2024
May 22, 2024 Abusing url handling in iTerm2 and Hyper for code execution | Vin01’s BlogWhat are escape sequences My data protection assessment of TLS Session...
May 21, 2024
May 21, 2024
May 21, 2024 So you want to get into bug hunting huh? Well this blog post by @assetnote is a perfect example of the flow, the itch, the scratch and...
May 20, 2024
May 20, 2024
May 20, 2024 Because Soviets worked to have tight political/civilian control over the nuclear forces one of the challenges was maintaining constant...
May 18, 2024
May 18, 2024
May 18, 2024 #ICYMI: IT workers infiltrated more than 300 U.S. companies, earning millions in North Korean illicit revenue generation scheme....
May 17, 2024
May 17, 2024
May 17, 2024 A belated writeup about macOS snapshot fuzzing I talked about last year: https://t.co/s4JzidEqm5 Builds on @0vercl0k 's WTF and adds loading of...
May 16, 2024
May 16, 2024
May 16, 2024 Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach | Ars TechnicaEbury backdoors SSH servers in hosting...
May 15, 2024
May 15, 2024
May 15, 2024 I'm back from Offensive Con. Was great to meet up with friends and meet new people. Inside a low budget consumer hardware espionage implant...
May 10-11-12, 2024
May 13, 2024
May 10-11-12, 2024 I was having too much fun at offensive con to read anything. I wholeheartedly endorse Offensive Con. Had a great time, even if some ppl I...
May 9, 2023
May 10, 2024
May 9, 2023 Excited to share my latest article: "Russia’s Declining Satellite Reconnaissance Capabilities and Its Implications for Security and International...
May 8, 2024
May 8, 2024
May 8, 2024 Announcement: Expect some disruption to the newsletter this week as I’ll be at OffensiveCon in Berlin. If you’re around feel free to say hello....
May 7, 2024
May 7, 2024
May 7, 2024 This is excellent. Today Lockbit ransomware group's website has been seized (again). The new server hijack mocking asks Lockbit ransomware group...
The Revolution in Military Media Affairs
May 6, 2024
The Revolution in Military Media Affairs Shifting Dynamics of the Information Environment during Conflicts While watching this interview I had some thoughts....
May 6, 2024
May 6, 2024
May 6, 2024 People adapt to systems, because changing systems is hard North Yorkshire Council to phase out apostrophe use on street signs - BBC NewsA North...
May 5th, 2024
May 5, 2024
May 5th, 2024 The Attritional Art of War: Lessons from the Russian War on Ukraine | Royal United Services InstituteIf the West is serious about the...
May the 4th, 2024
May 4, 2024
May the 4th, 2024 Be with you. CZ taking action against APT28: "In the context of the upcoming European elections, national elections in a number of European...
May 3, 2024
May 3, 2024
May 3, 2024 The McAfee central America Travel Guide - Who Is McAfee?As all of my close friends know, I have not always been a teetotalling, drug fighting...
May 2, 2024
May 2, 2024
May 2, 2024 A Phantom’s Tale: The Coyote Influencer on TikTok - bellingcatHe had tens of thousands of followers and posted regularly about his alleged people...
May 1, 2024
May 1, 2024
May 1, 2024 Happy May Day! LABScon23 Replay | From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec, by @hatr...
April 30, 2024
April 30, 2024
April 30, 2024 Wow wow wow wow First there were "The Americans", now there are "The Czechs": Husband and wife outed as GRU spies aiding bombings and...
April 29, 2024
April 29, 2024
April 29, 2024 Interesting reading on antivirus evasion techniques for beginners Credits @gatarieehttps://t.co/D2CApg1fXT#infosec #evasion...
April 28, 2024
April 28, 2024
April 28, 2024 Excellent LPE write-up by @gabe_k , where he details how suspected compiler changes lead to the introduction of double fetch vulnerabilities....
April 27, 2024
April 27, 2024
April 27, 2024 Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR by @gabe_k https://t.co/E7PhfD8TbR— lander (@landaire)...
April 26, 2024
April 26, 2024
April 26, 2024 Absolutely wild story. A Baltimore County principal was seemingly caught on recorded audio making blatantly racist and anti-Semitic comments....
April 24, 2024
April 24, 2024
April 24, 2024 I just published C isn’t a Hangover; Rust isn’t a Hangover Cure https://t.co/CyDpCwGMJy— John Viega (@viega) April 23, 2024 from @violazhouyi...
April 23, 2024
April 23, 2024
April 23, 2024 ChatGPT and its ilk are making people worse at writing, in a more insidious way than social media or text messaging ever did. Woah Daniel, how...
April 22, 2024
April 22, 2024
April 22, 2024 I had a great time at T2 con, Helsinki was a load of fun. First time I’ve seen snow in at least a decade. Introduction to "EDR-Preloading"...
April 21, 2024
April 22, 2024
April 21, 2024 GPT-4 can exploit vulnerabilities by reading CVEs : https://t.co/Kw65h1q7Nm (pdf)— Binni Shah (@binitamshah) April 21, 2024 IMO as co-founder...
April 18, 2024
April 19, 2024
April 18, 2024 The second order side effects of using memory safe code languages in edge devices is that all discovered vulnerabilities thereafter will...
April 17, 2024
April 18, 2024
April 17, 2024 My @BlackHatEvents #BHEU presentation has now been posted 📽️https://t.co/NUJQhW1ha6— Brett Hawkins (@h4wkst3r) March 28, 2024 Finished reading...
April 16, 2024
April 17, 2024
April 16, 2024 I am in Helsinki, Finland, for the T2.fi conference this Thursday and Friday. The newsletter will be on semi-hiatus while I am away. If you’re...
April 14, 2024
April 14, 2024
April 14, 2024 Note: I will be traveling to Helsinki for T2.fi con this week. The newsletter will be sporadic while I’m away. If you’re in Helsinki, feel...
April 13, 2024
April 13, 2024
April 13, 2024 Those who don't read https://t.co/DWIfxzByU0 (which turned 11 last month) are doomed to whatever people shocked about /sys/kernel/notes are...
April 12, 2024
April 12, 2024
April 12, 2024 Instagram is rolling out nude detection in private DMs; will automatically blur images it believes are nudes, including in end-to-end...
April 11, 2024
April 11, 2024
April 11, 2024 Looks like someone dropped a Linux kernel 0day https://t.co/UYPK9rItOc pic.twitter.com/wGFK4Vw7Fb— matteyeux (@matteyeux) April 10, 2024...
April 10, 2024
April 10, 2024
April 10, 2024 Come see how I used my jerry-rigged “EMBite” probe to capture an EM side-channels using a HackRF. I used this to figure out the precise timing...
Newer archives
Older archives