December 10, 2022

On war and cybers, some thoughts

The first reports are now coming out about the offensive cyber operations of the Ukrainian intelligence services. Apparently they’re very interested in the Russian government. I’m as shocked as you are.

Please like and subscribe.

The more important lesson to learn here is that espionage is more useful than effects operations conducted without context. What I mean by that is, effects operations are most effective when employed within a strategy that takes advantage of them. Effects operations executed at random are generally speaking of negative value — they train the opposition and burn access.

Intelligence is almost always useful. Effects are useful inside a strategic context. Information operations are orthogonal because they typically don’t involve the same resources.

This focus on espionage demonstrates that Ukraine is focussed on getting the most value from their limited resources. They don’t have the same sort of cyber forces available as the Russians.

Ukraine has limited resources and must get maximum value from what they have. That means espionage.

https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/

-

Thomas H. Ptacek @tqbf

This is the biggest, most impactful cryptographic result in years, and nobody is talking about it. You can have a whole successful career and not discover something half as important as this.

sofía celi @claucece

Tomorrow (Wednesday 6th) at @BlackHatEvents, we are presenting with @martinralbrecht, @DowlingBJ and @djwj_ our work on finding practically exploitable vulnerabilities in Matrix. Join us!! https://t.co/9nOQrZGsOu (and check our paper: https://t.co/qi7boelou3)

6:49 AM ∙ Dec 10, 2022

---

-

Using openAI chat for phishing

https://www.richardosgood.com/posts/using-openai-chat-for-phishing/

-

Sad day for pre Pwn2Own bugs.

https://starlabs.sg/blog/2022/12-the-last-breath-of-our-netgear-rax30-bugs-a-tragic-tale-before-pwn2own-toronto-2022/

https://www.synacktiv.com/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html

-

This is absolutely hilarious.

A researcher created a bunch of research reports about vulnerabilities that weren’t actually vulnerabilities. And for an alleged RCE they included a broken PoC (it even hits the wrong web page). The developers off the Moobot malware (some sort of Mirai-alike) used the PoC to add support for this fake vulnerability!!

https://vulncheck.com/blog/moobot-uses-fake-vulnerability

-

apenwarr @apenwarr

Delegating is hard because you have to intentionally not do stuff that you want to do because you delegated it. That only leaves the stuff you didn't want to do that you couldn't delegate.

4:34 PM ∙ Dec 9, 2022

---

-

0.o @notbind

Tacticool holiday stocking ✔️

9:38 PM ∙ Dec 9, 2022

---

-

Propagandopolis @propagandopolis

US Air Force posters published in 1983 as part of a series imagining the USAF in the year 2000.

9:58 PM ∙ Dec 8, 2022

---

-

Ollie Whitehouse - @ollie_whitehouse@infosec @ollieatnowhere

Weekly analysis is out: -🇷🇺 ops on gov, intel, and mil -🇷🇺 ops use Slack C2 -❓ wiper ops in 🇷🇺 -🇻🇳 Linux IoT implants -🇰🇵 ops for ₿ -🇮🇷 ops on activists, journos etc. -🇮🇷 wiper ops in 🇮🇱 -🇵🇰 CT ops burnt then lots of ChatGPT RevEng tooling and more.. bluepurple.substack.com/p/bluepurple-p…

bluepurple.substack.comBluepurple Pulse: week ending December 11th600k Euro fine under GDPR in France for storing passwords as MD5s without salts

5:00 AM ∙ Dec 10, 2022

---

-

Heather Adkins - Ꜻ - Spes consilium non est @argvee

Happy Log4j Anniversary, Everyone.

5:02 PM ∙ Dec 9, 2022

---

-

Secure messaging is more complex than “use libsignal.”

https://mjg59.dreamwidth.org/62598.html

-

🚫🛢 Our ego is writing checks our body can't cash @BennettElder

@argvee @thegrugq Live. Laugh. Log4shell.

4:19 AM ∙ Dec 10, 2022

---

—

Zhuowei Zhang @zhuowei

A Windows executable from the Mingw Dynasty

6:02 AM ∙ Dec 10, 2022

---

-

Here’s a reminder that there’s a really good collection of offense focused security talks bit-rotting away in the old Immunity Vimeo account, e.g.[see below]… not sure if they’ll be up forever since many of the original folks are no longer with the company, so probably worth grabbing before they completely go the way of the dodo.

https://emacs.ch/@anticomputer/109487317977257354

-

Comments

[truekonrads]

That Cloud Atlas uses techniques which would be laughed at western red team firms shows how big of cyber defence capability spectrum exists. Clearly these techniques work - otherwise they’d be discontinued.

The target organisations almost certainly are not on any of the big clouds which have lots of built in security and demonstrate that to maintain good security on prem requires lots and lots of manpower.