November 21, 2022

-

0xor0ne @0xor0ne

Kernel memory allocator hardening by @Apple kheap, data split, memory sequestering, kalloc_type, temporal safery... security.apple.com/blog/towards-t… #apple #malloc #kalloc #memory #infosec #cybersecurity #exploit

8:30 AM ∙ Nov 20, 2022

---

-

Petrus Viet @VietPetrus

I have successfully reproduced CVE-2022-43781 causing RCE on Bitbucket server. Ref: jira.atlassian.com/browse/BSERV-1…

6:47 AM ∙ Nov 19, 2022

---

-

The Google Cloud security team has released a set of open-source YARA Rules and a VirusTotal Collection to help security practitioners flag and identify Cobalt Strike components and specific Cobalt Strike versions on their networks.

https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

https://mastodon.social/@campuscodi/109376602832029191

-

toomas ilves a.k.a. @toomas_ilves@mastodon.social @IlvesToomas

Time for all countries bordering Russia to beef up their borders even more.

newsweek.comLeaked FSB letters reveal civil war among Putin’s allies“The Service (FSB) is not ready for internal terror, and Prigozhin and Kadyrov think that their time has come,” an FSB agent wrote in an email shared with Newsweek.

8:41 PM ∙ Nov 20, 2022

---

Bear in mind that the source of the “leak” is “Winds of Change” a completely unverified source. They claim to be inside the FSB. But, here’s the thing, the FSB generally takes a poor view on people leaking secrets. As a rule they don’t let people just hang out at the office and tell the world what’s going on internally. Treason ain’t just a river in Egypt. 🤔

-

💭 @samthielman

Oh boy, $150,000!

9:34 PM ∙ Nov 19, 2022

---

-

benjaminvandyne@zirk.us @BenjaminVanDyne

Ok but actually

5:00 PM ∙ Nov 20, 2022

---

-

MG @_MG_

Did you know your Christmas tree uses more secure fuses than a lot of “secure” hardware? I learned about this because of a one in one million OMG Cable. Time for a thread! 1/n

3:50 AM ∙ Aug 15, 2021

---

MG @_MG_

But let’s focus on *real* OTP fuses. Here is what a pair of real OTP fuses look like. The one on the right was “blown” by sending sufficient power through it & is now disconnected, making it read as a 0, while the intact fuse reads as a 1. Seems pretty permanent. Right? 4/n

3:50 AM ∙ Aug 15, 2021

---

MG @_MG_

Well… there are some very rare conditions where a blown fuse can regrow. I saw exactly this happen with an OMG Cable when a MAC address suddenly changed after a few weeks of use. 10011111 (9F) became 11011111 (DF) 5/n

3:50 AM ∙ Aug 15, 2021

---

-

"AD is a system where any time you hack any computer on the network, you can become the domain controller, and own the whole company. That's just how it works.”

— @dave_aitel@mastodon.social

https://infosec.exchange/@raptor/109378388882420409

-

Will Gater @willgater

Wow. Earth setting behind the limb of the Moon. Screen captured the last ~3.5 minutes of imagery before loss of signal and turned it into a (sped up) GIF animation.👇 Credit: NASA TV/ESA

12:44 PM ∙ Nov 21, 2022

---

-

Daniel Cuthbert @dcuthbert

Thanks to @Kerberosmansour for introducing me to Tony's brilliant talk about how one goes about securing the most physically attacked thing: the games console

youtube.comGuarding Against Physical Attacks: The Xbox One Story — Tony Chen, Microsofthttps://PlatformSecuritySummit.com/2019/speaker/chenEvery game console since the first Atari was more or less designed to prevent the piracy of games and yet...

12:26 PM ∙ Nov 21, 2022

-