The Offensive Cyber Working Group has released a new journal issue. I have opinions on some of these papers.
๐จ Summer 2022 Special Issue in the Cyber Defense Review
We are pleased to announce a special issue on 'An Offensive Future?' published by @cyberdefreview in their Summer 2022 edition, curated by the Offensive Cyber Working Group.
A ๐งตof the papers ๐ฝ
offensivecyber.org/2022/08/22/an-โฆ
The in-depth analysis of the Zerodium brochures is on par with other papers in this space. The findings always suggest their methodology involves a lot of monkeys and dartboards: ๐ ๐ฏ
Credit for predictive tweeting
Does somebody have a copy of "Advanced Threat Modeling: Zerodium Charts Querying And Beyond"?
Asking for a friend.
-
Kenneth Geers has published a paper via DEFCON on the Russian Ukraine cyberwar. It looks promising.
-
-
-
Updated my Gitbook for aWardriving guide with @KismetWireless. Check it out.
th4ntis.gitbook.io/th4ntis-cybersโฆ
#wardriving #kismetwireless #cybersec #cybersecurity
-
-
I am surprised to learn there are drones manufactured to drop bombs. Taiwan has a drone, the Revolver, that can carry and drop 8 mortar rounds in sequence.
-
-
Clop have now posted the data dump of South Staffordshire Water.
It includes a significant amount of PII of staff - e.g. passports etc - and lots of corporate data. Passwords are stored in Excel.
Alarmingly, it appears they did indeed get on the SCADA/ICS network for water.
-
1/3 The POINT of end-to-end #encryption is to open up new frontiers in secure communication: to be able to safely & privately share intimacy, be that for telemedicine, for family stuff, or for simply partners.
This *obsession* with stopping one bad thing, is disproportionate.
Kashmir Hill @kashhill
-
This is a hilarious scam. The person pretends to be a clueless crypto users asking for help withdrawing money and sends you their private key. Wallet has over $1k in it, but no gas. If someone deposits the gas fee needed to steal the money, it just gets forwarded to the scammer.
-
-
I made a very very simple tool that makes some noise every time your computer sends data to Google. Here a demo on the official Dutch government jobs site. The noise starts while typing the domain name already. Code, currently Linux only: github.com/berthubert/gooโฆ
-
Essays on espionage from Hew Strachan, Elizabeth Braw, Richard Aldrich, Chrostopher Moran, @RoryCormac, and me:
"Above all, war is more than battles and operations. Regardless of the technology, it is, as Thucydides reminds us, the human aspects that matter most." I love this piece from @RJohnsonCCW1 at @EngelsbergIdeas
-
Can't believe my @BlackHatEvents talk was a week ago!
In case you can't wait for the recording, here are the highlights & announcements I made including:
- Metrics to improve VDPs & bug bounties
- Hybrid labor models bounty-to-contract
- Referral bounties!
lutasecurity.com/post/bug-bountโฆ
-
The misconception that there is no sound in space originates because most space is a ~vacuum, providing no way for sound waves to travel. A galaxy cluster has so much gas that we've picked up actual sound. Here it's amplified, and mixed with other data, to hear a black hole!
-
-
https://nelsonfigueroa.dev/using-python-to-flood-scammers-with-fake-passwords/
-
