August 17, 2022

Aug 17, 2022

Fascinating story from @washingtonpost on the prewar intel. Might be one of the greatest intel coups ever “US intel community had penetrated multiple points of RU political leadership, spying apparatus and military, from senior levels to the front lines”

washingtonpost.comRoad to war: U.S. struggled to convince allies, and Zelensky, of risk of invasionA Washington Post examination of the road to war in Ukraine, and Western efforts to unite to thwart the Kremlin’s plans, draws on extensive interviews with more than three dozen senior U.S., Ukrainian, European and NATO officials.

Offensive Cyber Working Group @Offensive_Cyber

"We observed cyber-warfare incorrectly; we have over-promised on what is likely & under-promised on what is possible." @ILDannyMoore discusses what we can realistically expect from cyber-warfare as offensive cyber capabilities evolve. Check out #TheAlert

offensivecyber.orgCyber-Warfare: Stop Asking About the RevolutionBy Daniel Moore We have been expecting cyberwar for decades. Researchers and commentators alike have awaited a revolution in military affairs delivered by non-violent digital coercion. In thei…

Greg Knauss @gknauss

I’m kind of surprised how often, in a professional context, I say, “So fix your fuckin’ shit.”

A post that goes into the details of some cyber criminal infrastructure.

https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145

s1r1us @S1r1u5_

Watch, Proof of Concept: Remote Code Execution on Element Desktop Application. blog.electrovolt.io/posts/element-… This involves usage of v8 n-day exploit to bypass certain Electron Framework restrictions.

VPNs on iOS are a scam, apparently.

https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php

𝕭𝖊𝖑𝖔𝖚𝖛𝖊 @UlicBelouve

This was one of the best shirts I saw at @defcon . I’m pretty sure they’ll get an awesome prize package in 15 years. Let me be one of the first (timeline wise) to congratulate you on your contest win!

Corey Quinn @QuinnyPig

♪ ♫ ♬ YOUNG DEV! There's a format you know I said, YOUNG DEV! ♪ ♫ ♬ With Python, Ruby, or Go You can WRITE IT! And I'm sure you will face So many. Ways. To. Fuck. Up. Whitespace... ♪ ♫ ♬ It's fun to write config in Y.A.M.L! ♪ ♫ ♬

Canadian Forces in 🇺🇸 @CAFinUS

“You lose 100% of the credit for the NOFORN op orders you write. – Martyn” – Americans https://t.co/HxPQ8jwvAk

Martyn @OleSuperSub

@CAFinUS I was once asked to write an Op Order for the US when I was working for them. Did the whole thing, sent to the Ops Staff who then NOFORN it. The Admiral wanted me to brief it but I couldn’t because, even tho no changes, it was now NOFORN. Couldn’t even get in the room.

Cannibal ➡️ Defcon @Cannibal

Defcon 30 photos I shot are up! Consent was received for every photo but if you wish to rescind let me know. I wanted to thank the Goon Photo Corps for all their hard work. @astcell @InfoSystir @AlexChaveriat @gregory_price and @AJ7o2. You're awesome <3

flic.krDefcon 30August 2022

As @dinodaizovi said, “breaches are primitives” chained to gain access to the actual target.

I know that more advanced groups have been doing this for years, decades really, but it is nice to see it entering the public sphere. As some people will be aware, one of my quotes on security is is “trust is the root of all compromise.” These ‘supply chain’ attacks are exploitation of trust relationships. Trust relationships are more powerful than memory corruption. Once you gain access you are a legitimate user as far as the system is concerned. And they’re everywhere (see Halvar’s comment below)