December 26-27, 2022

Mykhailo @mxpoliakov

I received bizarre microchips from the downed Russian SU-24M near Bakhmut. Research revealed that at least one microchip is part of the SVP-24 automatic targeting system. As you can guess, it is full of Western parts 🧵

1:56 PM ∙ Dec 24, 2022

---

-

Le Comptoir Sécu @comptoirsecu

Voici le cadeau de #Noel du ComptoirSecu : un nouveau dossier, l’épisode 61 qui sort tout juste de la hotte du Père Noel. Une discussion avec nos 3 experts ⁦sur le thème Cyber et guerre, ou Cyberguerre ? #ukraine #cyber #guerre

comptoirsecu.fr[Épisode 61] Cyber et guerre, ou Cyberguerre (Ukraine, 1/3) (Le Comptoir Sécu)L’articulation entre le cyberespace et la guerre conventionnelle : Revue des attaques ayant eu cours en Ukraine. Devrions-nous parler de cyberguerre ou de cyber et de guerre ? Partie 1⁄3. Les débats sont ouverts sur le Discord du Comptoir ! { “options”: { “theme”: “default” }, “extensions”: { “Chapt…

1:38 PM ∙ Dec 25, 2022

---

This is in French, but it was recommended to me.

-

CDSE Insider Threat Awareness @InT_Aware

The Critical Thinking Techniques for Insider Threat Analysts job is now available (cdse.edu/Portals/124/Do…) and it focuses on the deliberated and systematic means of processing information to arrive at better decisions.

8:04 PM ∙ Dec 23, 2022

---

-

Dr Brooke Magnanti @belledejour_uk

Kermit caused 9/11

10:26 PM ∙ Dec 25, 2022

---

-

kmkz @kmkz_security

Linux kernel exploit development series

breaking-bits.gitbook.ioLinux kernel exploit development - Breaking Bits

7:56 AM ∙ Dec 25, 2022

---

-

thaddeus e. grugq 🌻 thegrugq@infosec.exchange @thegrugq

pcgamer.com/i-tried-out-a-… H/T @archiloque cc: @juanandres_gs

pcgamer.comI tried out a bunch of pariah state OSes to find out which is best for gamingDon’t defect to North Korea if you want to keep ahold of your Steam library.

7:51 AM ∙ Dec 26, 2022

---

https://www.pcgamer.com/i-tried-out-a-bunch-of-pariah-state-oses-to-find-out-which-is-best-for-gaming/

-

raptor@infosec.exchange @0xdea

A comprehensive article on #ProxyNotRelay (#ProxyNotShell + #ProxyRelay) by @buffaloverflow ProxyNotRelay - An #Exchange #Vulnerability Encore

rw.mdProxyNotRelayProxyNotRelay - An Exchange Vulnerability Encore

8:30 AM ∙ Dec 26, 2022

---

raptor@infosec.exchange @0xdea

@buffaloverflow See also this writeup by @thezdi Part 1: The ProxyShell Path Confusion for Every User (CVE-2022-41040) Part 2: PowerShell Remoting Objects Conversions – Be Careful or Be Pwned (CVE-2022-41082) thezdi.com/blog/2022/11/1…

8:34 AM ∙ Dec 26, 2022

---

-

Daniel Cuthbert @dcuthbert

If strange signals, unexplained Russians talking numbers and other oddities found lurking in the kHz bands gets you excited, then the European Numbers Information Gathering & Monitoring Association (ENIGMA) newsletter is very good and worthy of a visit signalshed.com/nletter05.html#

8:47 AM ∙ Dec 26, 2022

---

-

Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) @lukOlejnik

LastPass breach is much more serious than the official Breach Notice wants you to know. It is, however, very smartly crafted. Essentially cybersecurity/privacy PR. Decrypted here. palant.info/2022/12/26/wha…

6:45 PM ∙ Dec 26, 2022

---

-

Robert Evans (The Only Robert Evans) @IwriteOK

everybody always talks about who they'd give advanced weapons to if they had a time machine. but the fun would be in dispensing inconsequential tech at random. fog machines for Han China. Yankee Candles for ancient Polynesia. Fake dog poo for the Roman Empire.

2:32 AM ∙ Dec 26, 2022

---

-

Kelsey D. Atherton @AthertonKD

NIEN [speaking fluent Kikuyu]: The chains of galactic imperialism can only be broken through the collective struggle of a colonial proletariat, united by resistence and bound through brotherhood LANDO: What's that, little buddy, looking for a way to make some quick credits?

Siddhartha Mahanta @sidhubaba

An ‘Andor’-like show for Nien Nunb called ‘Nunb’

3:10 AM ∙ Dec 27, 2022

---

-

Lasq @lasq88

I finally managed to update my Malware Analysis resources list. Removed dead links, and added a lot of new ones:

github.comLearingMaterials/MalwareAnalysis.md at main · lasq88/LearingMaterialsDifferent learning materials. Contribute to lasq88/LearingMaterials development by creating an account on GitHub.

9:03 PM ∙ Dec 26, 2022

---

-

It's Me ! @ManieshNeupane

Mindmaps for bug bounty Hunters, pentesters, and offensive/defensive security Professionals ! github.com/imran-parray/M…

2:40 PM ∙ Dec 26, 2022

---

-

Jay Hack @mathemagic1an

The 'data engine' idea of defensibility in AI may not be as defensible as we thought: In SELF-INSTRUCT, authors get GPT-3 to generate it's *own* dataset for instruction tuning, outperforming vanilla GPT-3 and comparable to InstructGPT. arxiv.org/pdf/2212.10560… Here's how 👇

2:34 PM ∙ Dec 26, 2022

---

-

brendan @bscarvell

Here's my advisory and exploit for an unauthenticated remote code exeuction vulnerability I discovered in the new Netcomm NF20MESH Cloud Mesh routers.

github.comadvisories/2022_netcomm_nf20mesh_unauth_rce.md at main · scarvell/advisoriesContribute to scarvell/advisories development by creating an account on GitHub.

6:15 AM ∙ Dec 27, 2022

---

-

zack reeves @zbreeves

losing my mind at this sticker on the bhagavad gita in the DFW airport chapel

1:47 PM ∙ Dec 25, 2022

---

-

Eva @evacide

2022 was a big year for fighting tech-enabled abuse, from physical trackers to stalkerware.

eff.orgFighting Tech-Enabled Abuse: 2022 in ReviewNo year that includes tech-enabled abuse can be said to be a good year. But 2022 has certainly been an eventful year for the technologies used as instruments of coercive control domestic abuse situations, ranging from stalkerware to physical trackers. In February, EFF called for the FTC to...

7:37 AM ∙ Dec 27, 2022

---

-

FACTS ABOUT MASTODON

If you are curious about leaving the cooked turkey site and going to the elephant site, here are some important tips:

1. It sucks. But then, so does every site.

2. You can still shitpost. Take great glee.

…

https://circumstances.run/@davidgerard/109581994992923846

-

Ollie Whitehouse @ollieatnowhere

In Jan 2018 a Subreddit was created and in August 2021 it was joined by a Substack. 'Building a social cyber community of interest part II - further lessons from the field' or how 40,000 members and 4,000 subscribers came together for meta analysis.

cybercto.substack.comBuilding a social cyber community of interest part II - further lessons from the field14 months of growth continues and meta analysis wins..

7:55 AM ∙ Dec 27, 2022

---

-

vx-underground @vxunderground

.@vx_herm1t, the creator of vxHeaven, the website which serves as the inspiration to vx-underground, was recently interviewed. herm1t now serves as Press Secretary of the Ukrainian Cyber Alliance and is the founder of RUH8 Watch the video here:

youtube.comХто захищає Україну у кібервійні? Український кіберальянс та його діяльність | HackYourMomХто захищає Україну у кібервійні? Український кіберальянс та його діяльність | HackYourMom🔔 Підписуйся на канал, щоб бути у інформаційній безпеці, та дізнав...

5:31 PM ∙ Dec 27, 2022

---