April 25, 2022

Apr 25, 2022

This is spectacular. Really cool stuff!

Trent Telenko @TrentTelenko

Chalk an EW win up for Ukraine. They seems to have figured out how to trigger Russian Orlan-10 reconnaissance drone recovery chute's remotely. You bag enough drones. You get to reverse engineer their data protocols to infiltrate their remote commands👇👇👇

Ukraine War Report @UkrWarReport

🇺🇦🇷🇺⚡️Downed Russian Orlan-10 reconnaissance drone. https://t.co/Uy04nBk2UT

Sergej Sumlenny @sumlenny

Russian FSB has fabricated a "plot" to kill Russian TV propagandist Solovyov. Allegedly by Ukrainian SBU and Nazis. One of the "evidences" is neonazi inscription on a book. Signed by "Signature unclear". Yes, FSB got an order to sign it with a "signature unclear" - and did so!

This clusterfuck operation is so bad it is comical.

Eliot Higgins @EliotHiggins

I genuinely believe this is a dumb FSB officer being told to get 3 SIMs.

Francis Scarr @francska1

And in these pictures from the raid we have a "Ukrainian neo-Nazi starter pack" courtesy of the FSB

If you program, you write bugs. But, there’s help.

https://www.debuggingbook.org/html/Importing.html

Good stuff on how Russian disinformation can be countered (effectively).

Anatomy of an Info-War: How Russia’s Propaganda Machine Works, and How to Counter It | StopFake

https://www.stopfake.org/en/anatomy-of-an-info-war-how-russia-s-propaganda-machine-works-and-how-to-counter-it/

Ido Naor 🇺🇦 @IdoNaor1

WINAMP 1st version was exactly 25 years ago. Forever changing the way we consume media.

Samuel Gross’ Offensive con talk on attacking JavaScript engines.

Samuel Groß @5aelo

The recording of @itszn13's and my @offensive_con talk "Attacking JavaScript Engines in 2022" is now on YouTube:

youtu.beOffensiveCon22 - Samuel Gross and Amanda Burnett - Attacking JavaScript Engines in 2022https://www.offensivecon.org/speakers/2022/samuel-gro%C3%9F-and-amanda-burnett.html

https://saelo.github.io/presentations/offensivecon_22_attacking_javascript_engines.pdf

Some wisdom from Dave “Dark Tan” Aitel.

https://cybersecpolitics.blogspot.com/2022/04/forecasting.html

I wonder how much of this is local sabotage vs. Ukrainian special forces. We’ll probably never know for sure.

Giorgi Revishvili @revishvilig

Reportedly, in #Bryansk, in addition to the explosions of oil and ammo depots, the railway has also been damaged which has been used to transport #Russian military equipment and ammunition to #Ukraine

Australian spies helped expose secret pact between China and Solomon Islands

https://intelnews.org/2022/04/25/01-3191/

I guess this is the exception to public private partnership track record.

Ollie Whitehouse @ollieatnccgroup

I wrote a blog for @NCSC marking my four years there as part of their Industry 100 scheme. If you have the chance to be part of i100 my advice is grab it with both hands. It is one of the most fulfilling things I have ever done personally/professionally

ncsc.gov.ukInside Industry 100 - the on-loan CTOBy day, Ollie W is Chief Technology Officer for a multinational cyber security company. For the past four years he has also moonlighted at the NCSC as an i100 integree. In this blog, he reflects on his experiences so far and considers the opportunities for others to be part of i100 too.

Dave throwing some shade. It’s cool how “making a cogent observation” and “throwing shade” are the same thing when talking about the FBI

Dave Aitel @daveaitel

Maybe opening new cases is not a scalable situation for this kind of thing?

Mike Rogers @RepMikeRogers

The @FBI opens a new #China-related counterintelligence case every 12 hours & has over 2K cases open right now. Director Wray is absolutely right, the hacking & espionage threat from the #CCP is "unprecedented in history". We better start acting like it. https://t.co/CGaWHSIASF

Exploit devs talking bug hunting

starlabs @starlabs_sg

Our team member, @peternguyen14 's slidedeck at #Zer0Con2022 is public now. We hope it is useful.

github.comPresentations/A Journey Of Hunting macOS kernel.pptx at main · star-sg/PresentationsContribute to star-sg/Presentations development by creating an account on GitHub.

If patching worked you’d only have to do it once? I guess? It seems like one of those bad faith “if X worked then why doesn’t it work?” arguments where the dichotomy is false and the points don’t matter. Just patch your shit.

My philosophy is: make them earn their paycheck. If the adversary has to work for it, then it’s a win.

Manuel Atug @HonkHase

Also ich mag ja, wie @daveaitel denkt 😏👌 Sicherheitsexperte: Stopfen von Sicherheitslücken ist sinnlos "Patches würden Unternehmen und Kund*innen ein falsches Gefühl von Sicherheit für unsichere Software geben." #AllesAnzünden & instant #Brandroden futurezone.at/digital-life/p…

futurezone.atSicherheitsexperte: Stopfen von Sicherheitslücken ist sinnlosPatches würden Unternehmen und Kund*innen ein falsches Gefühl von Sicherheit für unsichere Software geben.

Discussion about this post

No posts

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts