Archive (Page 7) • the grugq's newsletter

October 13, 2024

October 13, 2024 The dystopia we predicted: Hacked Robot Vacuums Across the U.S. Started Yelling Slurs https://t.co/lV7JQ5R4Wi— Whitney Merrill (@wbm312)...

October 12, 2024

October 12, 2024 making one of those "uuid generator" websites where i give out uuids scraped out of github projects to drive down entropy in the universe—...

October 11, 2024

October 11, 2024 We finally get some description of how "adminless" on Windows 11 (now in canary insider versions, so you won't be seeing this in deployment...

October 10, 2024

October 10, 2024 "Influence and Cyber Operations: An Update," the new OpenAI threat intelligence report, out a few hours ago. The document is interesting for...

October 9, 2024

October 9, 2024 Virtualizing iOS on Apple Silicon Virtualizing iOS on Apple Silicon | Nick BotticelliNick Botticelli's personal website Law #1: Nobody...

October 8, 2024

October 8, 2024 ✍️ Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation https://t.co/zKhWw7DOY2 pic.twitter.com/haUYUD9HHw— Alex...

October 7, 2024

October 7, 2024 Collection of write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitationhttps://t.co/g2cERXRyeY#infosec...

October 6, 2024

October 6, 2024 CATASTROPHIC: Chinese hackers massively wiretapped 🇺🇸USA by compromising the interception portals mandated under US law. Remember this the...

October 5, 2024

October 5, 2024 “I still don’t have a clear idea of when I will retire or return to my country. For now, I will continue supporting the beautiful cause of...

October 4, 2024

October 4, 2024 A tour de force of modern exploit dev. Would love to know how they found the bug in the first place? Just code auditing ?...

October 3, 2024

October 3, 2024 HTTP Parameter Pollution in 2024! https://t.co/oJWTvI9b9j— /r/netsec (@_r_netsec) October 2, 2024 For over a year my free time has been spent...

October 2, 2924

October 2, 2024

October 2, 2924 ICYDK @neoeno makes nice materials (blogs, posters, videos) about file formats, analysis, crafting...Ex: https://t.co/AgdWoxYc98...

October 1, 2024

October 1, 2024 I asked my LLM agent (a wrapper around Claude that lets it run bash commands and see their outputs):>can you ssh with the username buck to...

September 30, 2024

September 30, 2024 strcpy bug in Tony Hawk's Pro to achieve RCEhttps://t.co/XY4wWgyOK5Credits @Grimdoomer#cybersecurity pic.twitter.com/T2fusrhPhD— 0xor0ne...

September 29, 2024

September 29, 2024 DHS IG finds serious problems w/ the govt's cyber threat information sharing portal.# of entities sharing CTI "declined to its lowest...

September 27-28, 2024

September 28, 2024

September 27-28, 2024 Attacking UNIX Systems via CUPS, Part IHello friends, this is the first of two, possibly three (if and when I have time to finish the...

September 26, 2024

September 26, 2024 A watering hole campaign against 25 Kurdish websites, which we named #SilentSelfie 📸: > 4⃣distinct variants identified;>📱Ranging from...

September 25, 2024

September 25, 2024 If you ever asked yourself why the 0day market is doing so well.This is why 👇🏻 https://t.co/mBMXWKcUnR— x0rz (@x0rz) September 24, 2024...

September 24, 2024

September 24, 2024 ITW! 🇰🇵👨‍💻Rad joint blog between consulting, AP, and the DPRK gang here at ol' Goog.I didn't have a hand in the blog but I've had the...

September 23, 2024

September 23, 2024 🧵 Europe Invasion Investigation1/ We dug into Europe Invasion, a blue tick X account spreading disinformation, xenophobia, and...

September 22, 2024

September 22, 2024 "Kyrylo Budanov, Chief of the Defence Intelligence of Ukraine, provided substantiated evidence that Russian special services have access...

September 21, 2024

September 21, 2024 https://www.bunniestudios.com/blog/2024/turning-everyday-gadgets-into-bombs-is-a-bad-idea/ Introduction to Security...

September 20, 2024

September 20, 2024 Most of cryptography research is developing a really nice mental model for what’s possible and impossible in the field, so you can avoid...

September 19, 2024

September 19, 2024 New: police have hacked Ghost, an encrypted app used by organized crime. I think this shows a fundamental shift: criminals are no longer...

September 18, 2024

September 18, 2024 The actual details of the pager attack, as reported by Reuters, are more interesting than I speculated earlier. They boomdoored the pagers...

Hezbollah Hacked? Pager Panic!

September 18, 2024

Hezbollah Hacked? Pager Panic! A supplement post to collect information on the attack targeting Hezbollah's pagers. Obviously, this is still a developing...

September 17, 2024

September 17, 2024 From Rob Heaton's blog: https://t.co/1knGydWYgJ— Andy Kong (@oldestasian) September 15, 2024 We’re launching the public beta phase of our...

September 16, 2024

September 16, 2024 How Lazarus Group laundered $200M from 25 hacks How Lazarus Group laundered $200M from 25+ crypto hacks to fiat … — Investigations By...

September 15, 2024

September 15, 2024 Security Phd: run fuzzers for days and get an unexploitable bug 🤡Game console players: look at the fbsd kernel for 15 minutes and find a...

September 14, 2024

September 14, 2024 Interesting vector, ever seen this before @_JohnHammond? pic.twitter.com/oAkaXgnRBI— Mohamed Aruham #boleh (@aruhamm) September 12, 2024...

September 12-13, 2024

September 13, 2024

September 12-13, 2024 Recovering a full PEM Private Key when half of it is redactedhttps://t.co/esd8tEPf3n— Simone Margaritelli (@evilsocket) September 9,...

September 11, 2024

September 11, 2024 Photos released in Aug. 2024 reportedly showing US Special Forces training on CNE/CNA operations to disrupt and/or gain access to their...

September 10, 2024

September 10, 2024 Read this as the Hall of Meat pic.twitter.com/9Xza91h52M— Classical Studies Memes for Hellenistic Teens (@CSMFHT) September 9, 2024 My...

September 9, 2024

September 9, 2024 (CVE-2024-3914)[330759272][Pwn2Own 2024][DOMArrayBuffer]DOMArrayBuffer confused about ownership of backing buffer -> UAF is now open with...

September 8, 2024

September 8, 2024 Cracking an old ZIP file to help open source the ANC's "Operation Vula" secret crypto code This is quite cool. John Graham-Cumming's blog:...

September 7, 2024

September 7, 2024 The state of sandbox evasion techniques in 2024 https://fudgedotdotdot.github.io/posts/sandbox-evasion-in-2024/sandboxes.html Deep Linux...

September 6, 2024

September 6, 2024 This is a cool project, shows you what percentage of ads you’re blocking. Tried it on wifi with @The_Pi_Hole doing its thing then on 5G,...

September 4-5, 2024

September 5, 2024

September 4-5, 2024 Interesting paper on abusing the BPF infrastructure to bypass Linux kernel isolation techniquehttps://t.co/McFKINejmf#Linux #infosec...

September 3, 2024

September 3, 2024 Presentation slides from #HITB2024BKK are available for download here: https://t.co/CExLbj9CBZ— HITBSecConf (@HITBSecConf) September 3,...

September 1-2, 2024

September 2, 2024

September 1-2, 2024 a brief history of barbed wire fence telephone networks] a brief history of barbed wire fence telephone networks – loriemersonIf you look...

August 31, 2024

August 31, 2024 the first podcast that listens to you!! https://t.co/QSWLDmKK7u— Mick Baccio (@nohackme) August 29, 2024 ⚠️ Breaking: North Korea just burned...

August 30, 2024

August 30, 2024 I've finally finished my series of security frameworks.Security Operations: https://t.co/X37hqWvFvaProduct Security:...

August 29, 2024

August 29, 2024 As MSRC finally confirmed the two bugs, I have a "protip" to share w/ my fellow researchers.. 😅https://t.co/xy4MqzJ3Gd— Haifei Li (@HaifeiLi)...

August 28, 2024

August 28, 2024 Members of my CTF team & the SPS train repair company will meet NEWAG, the train manufacturer, in court on Wednesday (you might remember the...

August 27, 2024

August 27, 2024 I've written about AI doing realtime alteration to video directly on the phone. We're getting closer to that being a very interesting...

August 26, 2024

August 26, 2024 An epilogue 10yrs in the making sees arrests of those behind the first ransomware-as-a-service model, now fuelling today's cybercrime...

August 25, 2024

August 25, 2024 People say China is a near peer but evidence says we are the near peer. https://t.co/4eFLVq27eb— Dave Aitel (@daveaitel) August 24, 2024...

August 24, 2024

August 24, 2024 History: How to Build a Bugging Device in 1917 Kevin's Security Scrapbook: History: How to Build a Bugging Device in 1917News & Tips on...

August 23, 2024

August 23, 2024 Let's explore China’s 0-day vulnerability research capabilities.I’ve long been intrigued by the prolific nature of Chinese teams in...

August 22, 2024

August 22, 2024 Deadbeat dad faked his own death by hacking government sites https://www.theregister.com/2024/08/21/man_jailed_faking_death_online/ Data...