Nostr notes by Tim (Wadhwa-)Brown :donor:

Someone's just listed out "all" the Windows versions ...

2026-04-20T14:51:57Z

Someone's just listed out "all" the Windows versions - with the tag line "which one did you start on" - and I am genuinely sad they forgot Windows 2.

When times were simpler: "text generator" ...

2026-04-13T17:22:00Z

When times were simpler:

"text generator"

Nostr event nevent1qqsdwmjacu3j0z9hc2egq6q0v7l0kvc8spnus8mr06lpv05rwe36a0szyp89hh2eeyfuw9sm48ywmmhuzg89aarr9aqg7v44xegfkkeyup2dzt9qa5u

2026-04-09T08:48:53Z

Has anyone seen any analysis of CVE:KEV ratios over time?

Finally got around to uploading my slides for Reflections on ...

2026-03-29T08:25:47Z

Finally got around to uploading my slides for Reflections on trusting Zero Trust (or why I have zero trust in Zero Trust) from BSides London 2021:

https://github.com/timb-machine/presentations/blob/main/Reflections%20on%20Trusting%20Zero%20Trust%20-%20Why%20I%20have%20Zero%20Trust%20in%20Zero%20Trust%20v3.pdf

#engineering, #architecture

For those that are upset about time, I've had an internal ...

2026-03-29T07:23:40Z

For those that are upset about time, I've had an internal date rollover too. Hours are easy for me, it's years that are harder.

Worth noting that after that paper's release I did further ...

2026-03-28T16:58:42Z

In reply to nevent1q…ry9p
_________________________

Worth noting that after that paper's release I did further work and found examples that would yield code execution and LPE.

My original paper from 2013: ...

2026-03-28T16:53:43Z

In reply to nevent1q…z3w6
_________________________

My original paper from 2013:

https://labs.portcullis.co.uk/download/MSAOSVSM.pdf

The number of places that are still potentially vulnerable to ...

2026-03-28T16:52:08Z

The number of places that are still potentially vulnerable to weak shared memory permissions...

https://codesearch.debian.net/search?q=shm.*\(.*[0-9][0-9][67]&literal=0

Citrix oofise reaches primetime: ...

2026-03-28T13:18:42Z

Citrix oofise reaches primetime:

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

#netscaler, #threatintel

Interesting Git repos of the week: Threats: * ...

2026-03-28T12:03:28Z

Today's AI bullshit: "Yes, I know agentic AI is ...

2026-03-27T23:12:33Z

Today's AI bullshit: "Yes, I know agentic AI is potentially unsafe, but can't we just run it in a container then it will be fine."

Interesting links of the week: Strategy: * ...

2026-03-27T14:41:36Z

Interesting links of the week:

Strategy:

* https://www.marisec.ca/reports/the-wrong-fix-why-the-fccs-router-ban-misses-the-real-threat - an alternate view on prioritising the supply chain
* https://cybertoolkit.service.ncsc.gov.uk/ - so you're a small business and you want to improve your posture?
* https://how.complexsystems.fail/ - courtesy of Russ Garrett (npub1hg9…wwtk)
* https://eepublicdownloads.blob.core.windows.net/public-cdn-container/clean-documents/Publications/2025/iberian-blackout/Final%20Report%20on%20the%20Grid%20Incident%20in%20Spain%20and%20Portugal%20on%2028%20April%202025.pdf - an Iberian oopsie
* https://www.theregister.com/2026/03/20/jlr_bailout_cmc/ - [@theregister](https://geeknews.chat/@theregister ) shares a point of view on bailing out JLR
* https://www.dni.gov/files/ODNI/documents/assessments/ATA-2026-Unclassified-Report.pdf - US intelligence community's annual threat assessment
* https://cyber.gouv.fr/actualites/nis-2-lanssi-poursuit-et-renforce-sa-dynamique-daccompagnement/ - hot new NIS2 action from ANSSI

Threats:

* https://www.microsoft.com/en-us/security/blog/2026/02/26/threat-modeling-ai-applications/ - how does AI affect STRIDE?
* https://united24media.com/latest-news/russian-spy-devices-found-inside-ukrainian-drone-developers-office-17243 - attack of the drones
* https://www.elastic.co/security-labs/illuminating-voidlink - another look at VoidLink
* https://ctrlaltintel.com/threat%20research/FancyBear/ - FancyBear fucks up
* https://netaskari.substack.com/p/chinas-massive-data-leak-of-military - .cn springs a leak

Detection:

* https://rogolabs.net/Talks/BSides-Galway-Open-Source-Intelligence.pdf - my colleague Jerry Gamblin (npub1660…u8rt) talks open source intelligence
* https://trustedsec.com/blog/building-a-detection-foundation-part-3-powershell-and-script-logging - trustedsec (npub1jfz…m99l) look at logging PowerShell
* https://righteousit.com/2026/03/27/linux-forensic-scenario/ - [@hal_pomeranz](https://infosec.exchange/@hal_pomeranz ) sets us a little challenge

Bugs:

* https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/ - this reminds me of when I first showed Ben Harris (npub1xl5…hs79) AIX
* https://itm4n.github.io/cve-2026-20817-wersvc-eop/ - when errors go rogue with Clément Labro (npub1ktw…rg75)

Exploitation:

* https://dev.to/numbpill3d/showdev-can-playground-a-local-first-can-bus-analysis-tool-4ap6 - scorn (npub1h6a…zxr9) shows how you CAN play with busses
* https://agentseal.org/blog/mcp-server-security-findings - hands up if you have a secure MCP?

Hardening:

* https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf - enclave backed SSH for OS X from Arian (npub1sue…wfat)

Nerd:

* https://www.theguardian.com/culture/2026/mar/24/punk-masks-walkmans-and-choppers-museum-of-youth-culture-to-open-in-london - eras...
* https://www.data.gov.uk/ - UK specific datasets from HMG
* https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/ - today in Linux daftness
* https://blog.rice.is/post/doom-over-dns/ - everyone's favourite vanity PoC payload comes to DNS

#security, #research

In which I get shout outs from the grsec crew: ...

2026-03-27T12:06:22Z

In which I get shout outs from the grsec crew:

https://x.com/spendergrsec/status/2037295088225636706

This piece of work remains one of my high water marks for security research. For all the bugs etc, doing something worthy of a grsec enhancement gives me a big smile.

Cheers grsecurity (npub1dg7…pyc8) folks.

Coding with LLMs and agents is a generational opportunity to ...

2026-03-24T17:40:20Z

Coding with LLMs and agents is a generational opportunity to throw the last decade's hard won lessons on secure coding and appsec out of the window. Definitely something that trust and safety teams, threat actors and possibly even your parents are seizing on with glee when they bypass all of your policies and procedures around installing new software, data governance, validated designs, code reviews, principles of least privilege and regular security assessments. Best of luck.

Today's oofness is on us :(: ...

2026-02-25T17:58:57Z

Today's oofness is on us :(:

https://blog.talosintelligence.com/uat-8616-sd-wan/

#threatintel, #sdwan

Got any plans to seize control and create an army from any ...

2026-02-25T07:58:51Z

Got any plans to seize control and create an army from any household IoT today? If so, LLM can help:

https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt

RE: https://infosec.exchange/@timb_machine/116068550511596363 If ...

2026-02-19T23:04:28Z

RE: https://infosec.exchange/@timb_machine/116068550511596363

If there's anyone on here that works at GitHub, do you think you could remind your support team to check their emails.

For reasons unknown you decided to suspend my account a week ago and I'm yet to even get a response that a ticket has been opened to investigate. I'm sure there's a reason (although I suspect it's debatable) but it would at least be nice to hear from you that it's being looked at.

#github

quoting
note1s4y…fhh2

*sigh*, a reminder that there are definite pros to self hosting. Waiting for someone to respond to a support ticket.

sigh, a reminder that there are definite pros to self hosting. ...

2026-02-14T10:38:49Z

*sigh*, a reminder that there are definite pros to self hosting. Waiting for someone to respond to a support ticket.

Seen an interesting trend in UK FSI over the last months, with ...

2026-02-07T14:56:32Z

Seen an interesting trend in UK FSI over the last months, with multiple requests for specific support in hampering network-centric aspects of discovery, lateral movement, C2 and exfiltration. I wonder what it's attributed to.

#threatintel, #fsi

Interesting links of the week: Strategy: * ...

2026-02-05T19:46:34Z

Interesting links of the week:

Strategy:

* https://x-c3ll.github.io/posts/Rant-Red-Team/ - Juanma Fernandez (npub19yn…5ucd) talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card

Threats:

* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - GreyNoise (npub1lmd…m9t8) discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - rapid7 :verified: (npub12gn…snpu)'s excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)

Detection:

* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - The Zeek Network Security Monitor (npub19qs…k34f) discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - J.M. Hill (npub125d…padk) describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of Huntress (npub1fe0…30s6)'s excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - [@da_667](https://infosec.exchange/@da_667 )'s survivors guide to Suricata (npub19dt…wrng)

Bugs:

* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - [@index](https://labs.watchtowr.com/ ) continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw

Exploitation:

* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ - leaking Signal IDs from scriptjunkie (npub1j8a…fvhn)
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
* https://secure.dev/securing_ggml_rpc.html - attack and defend on GGML

Hard hacks:

* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon

Hardening:

* https://itsfoss.com/news/amutable-linux-security/ - [@pid_eins](https://mastodon.social/@pid_eins ) triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked

#security, #research

One of our AI threat team pointed me at this: ...

2026-02-02T12:39:51Z

One of our AI threat team pointed me at this:

https://zenodo.org/records/18444900

Interesting analysis of Moltshite.

#threatintel, #aislop

Interesting links of the week: Strategy: * ...

2026-01-30T13:50:23Z

Interesting links of the week:

Strategy:

* https://www-tokio--dr-jp.translate.goog/thinktank/acd/acd-007.html - active defense in .jp
* https://www.cambridge.org/core/books/securing-democracies/stacking-up-for-resilience/EB2072FAE9F97CF41B568B1C4AAFC190 - building digital resilience ala India
* https://www.csis.org/analysis/civil-takedowns-missing-legal-framework-cyber-disruption - avoiding disruption when performing takedowns
* https://breakmeifyoucan.com/
https://sabsa.org/w105-sabsa-enterprise-security-architecture-principles/ - constructing a security architecture using SABSA principles
* https://www.ncsc.gov.uk/collection/how-to-prepare-and-plan-your-organisations-response-to-severe-cyber-threat-a-guide-for-cni - NCSC guidance on how to not get yourself in a panic
* https://home.treasury.gov/system/files/136/G7-CEG-Quantum-Roadmap.pdf - a roadmap for quantum

Standards:

* https://www.etsi.org/deliver/etsi_en/304200_304299/304223/02.01.01_60/en_304223v020101p.pdf - ETSI standards on AI in public life

Threats:

* https://ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/before-vegas-cyberdefense-report.pdf - understanding .cn hackers in long form
* https://www.bitsight.com/blog/what-is-y2k38-problem - do you even 2038?

Detection:

* https://it4sec.substack.com/p/detect-rogue-cell-towers-for-50-who - hunting rogue radios
* https://www.detectionengineering.net/ - a nice news feed for detection engineers
* https://github.com/OpenTideHQ/.github/blob/main/profile/OpenTide%20White%20Paper.pdf - paper on OpenTIDE
* https://huggingface.co/datasets/CIRCL/vulnerability-cwe-patch - enriching bug classifications
* https://arxiv.org/abs/2402.15147 - mapping techniques
* https://www.huntress.com/blog/ldap-active-directory-detection-part-three - Huntress (npub1fe0…30s6) discuss AD's LDAP logs
* https://api.gcforum.org/api/files/public/upload/523c55f1-b24a-4824-a841-b513c2aca3bc_Practical-Threat-Detections.pdf - getting the most from your telco logs

Bugs:

* https://www.zerodayinitiative.com/advisories/ZDI-26-020/ - why are LLMs so quick to oopsie
* https://www.interruptlabs.co.uk/articles/when-nas-vendors-forget-how-tls-works - TLS is hard
* https://projectzero.google/2026/01/pixel-0-click-part-1.html - taking over the world, Pixel by Pixel
* https://projectzero.google/2026/26/windows-administrator-protection.html - James Forshaw :donor: (npub1wp4…ejcr) beats up admins
* https://whisperpair.eu/ - BTLE gets another bad report
* https://www.atredis.com/blog/2026/1/26/generals - exploiting games for fun, high scores and remote tank execution
* https://fortiguard.fortinet.com/psirt/FG-IR-26-060 - FortiCloud makes a splash

Exploitation:

* https://www.synacktiv.com/publications/pentesting-cisco-aci-lldp-mishandling - kicking Cisco's ACI tyres
* https://shazzer.co.uk/blog/distributed-fuzzing-crowdsourced-browser-testing - scaling browser fuzzing from Gareth Heyes :verified: (npub1xcc…khle)
* https://dl.acm.org/doi/10.1145/3776743 - inferring grammar from parsing
* https://arxiv.org/abs/2601.01592 - breaking multi-model AI

Hard hacks:

* https://jyn.dev/remotely-unlocking-an-encrypted-hard-disk/ - picking the hard disk lock

#security, #research

Interesting links of the week: Strategy: * ...

2026-01-22T08:36:49Z

Interesting links of the week:

Strategy:

* https://assets.publishing.service.gov.uk/media/696e0eae719d837d69afc7de/National_security_assessment_-_global_biodiversity_loss__ecosystem_collapse_and_national_security.pdf - biodiversity and national security
* https://www.gov.uk/government/publications/software-security-ambassadors-scheme - when you get summoned to number 10 for a nasty oopsie
* https://www.cjr.org/news/hannah-natanson-fbi-washington-post-raid-devices-seized-runa-sandvik-security-computer-phone-laptop-sources.php - how to blow whistles safely, is it even possible?
* https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector/2025-cbest-thematic - themes and trends from UK FSI red teaming under Bank of England's CBEST programme

Standards:

* https://aivss.parthsohaney.online/calculator - a stab at quantifying AI risk... not convinced it'll work but at least people are thinking about the problem

Threats:

* https://www.esentire.com/blog/new-botnet-emerges-from-the-shadows-nightshadec2 - yay, more C2

Detection:

* https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules%2FDay17.yara - always like a bit of nice YARA
* https://andpalmier.com/posts/abuse-ch-toolkit/ - tools for [@abuse_ch](https://ioc.exchange/@abuse_ch )

Bugs:

* https://seclists.org/oss-sec/2026/q1/89 - finally Linux telnetd gets an auth-pass feature
* https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/ - CVE wen, an overflow in UNIX v4
* https://www.ibm.com/support/pages/node/7257143 - so you wanna pop a mainframe?

Exploitation:

* https://github.blog/developer-skills/github/codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/ - hunting bugs with CodeQL
* https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/ - industrialising set $pc=0x41414141
* https://netaskari.substack.com/p/whats-in-the-box - pentesting in .cn
* https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables - GOOG launch rainbows, share Net NTLMv1 pot of gold
*
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/passwortmanager_sicherheit_datenschutz.pdf - .de takes pop at password managers
* https://security.opensuse.org/2026/01/16/the-journey-of-auditing-uyuni.html - SuSE takes UYUNI for a space walk

Hard hacks:

* https://medium.com/@marcel.rickcen/no-tamper-alert-no-password-and-a-backdoor-root-access-on-a-pos-credit-card-payment-terminal-1ea32c73ca41 - what a POS
* https://neodyme.io/en/blog/drone_hacking_part_1/ - on and on, they drone
* https://blog.nns.ee/2026/01/06/aike-ble/ - sniffing scooter emissions
* https://lucasteske.dev/2025/09/running-code-in-pax-machines - this looks like payback
* https://web.archive.org/web/20160128030439/http://www.elemental.net/%7Elf/undoc/ - undocumented Cisco commands

Hardening:

* https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-by-using-ou-objects - delegation in AD by OU

Nerd:

* https://rbanffy.github.io/fun-with-old-mainframes.github.io/fun-with-vm370.html - mmm, greenscreen
* https://openmail.one/ - OpenAI lawsuits ahoi!

#security, #research

Interesting links of the week: Strategy: * ...

2025-12-18T20:14:01Z

Interesting links of the week:

Strategy:

* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who may not even know they pose a risk)

Standards:

* https://csrc.nist.gov/pubs/sp/800/82/r3/final - courtesy of [@Secure_ICS_OT](https://infosec.exchange/@Secure_ICS_OT )

Threats:

* https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025 - MSFT's take on the landscape

Detection:

* https://ip.thc.org/ - The Hacker‘s Choice (npub1a0s…dmkd) don't do things by half... here's a very large IP/DNS database
* https://www.fortinet.com/blog/threat-research/uncovering-hidden-forensic-evidence-in-windows-mystery-of-autologger - Fortinet look at alternate DFIR sources for Windows
* https://troopers.de/downloads/troopers19/TROOPERS19_DM_Threat_Modelling_Cisco_ACI.pdf - surprisingly, I have my own take on ACI, but here's one from ERNW (npub185c…kem0)

Bugs:

* https://kqx.io/post/qemu-nday/ - popping Qemu like it was 13 years ago
* https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc - FreeBSD AV:A oopsie
* https://projectzero.google/2025/12/android-itw-dng.html - GOOG discuss a nasty image

Exploitation:

* https://hackers-arise.com/sdr-signals-intelligence-for-hackers-building-a-low-cost-private-4g-lte-network/ - ever wanted your own 4G LTE playground?
* https://podalirius.net/en/mainframe/as400-forensics-retrieving-your-licence-keys-from-disk-images/ - getting the keys to the museum
* https://caido.io/ - another alternative to Burp, with a focus on multi-stage attacks
* https://arxiv.org/pdf/2512.09882 - AI vs flesh face off

Hard hacks:

* https://blog.quarkslab.com/modern-tale-blinkenlights.html - quarkslab (npub1zhy…cve0) pays €12 for a good time

Hardening:

* https://ariadne.space/2025/12/12/rethinking-sudo-with-object-capabilities.html - [@ariadne](https://social.treehouse.systems/@ariadne ) discusses their sudo alternative
* https://lpc.events/event/19/contributions/2159/attachments/1833/3929/BpfJailer%20LPC%202025.pdf - building jails with eBPF
* https://pages.nist.gov/OSCAL/ - an as-code approach to standardised standards

#security, #research

Any of the @npub1n4p…t7gf folks on here?

2025-12-18T19:45:18Z

Any of the OffSec (npub1n4p…t7gf) folks on here?

Interesting links of the week: Strategy: * ...

2025-12-12T18:27:57Z

Interesting links of the week:

Strategy:

* https://www.ofcom.org.uk/siteassets/resources/documents/consultations/7986-cfi-security-resilience/annexes/detica-report.pdf?v=334114 - the start of OFCOM's journey to improve telecomms (from 2013)
* https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far - sometimes it's okay for NCSC to be deceptive
* https://arxiv.org/pdf/2512.03641 - modelling adversary decisions
* https://www.ncsc.gov.uk/blog-post/what-makes-a-responsible-cyber-actor - NCSC discuss responsible threat actors
* https://www.interface-eu.org/publications/cyber-red-flags - just what makes an irresponsible threat actor
* https://www.csis.org/analysis/criteria-cyber-situational-awareness - what does situational awareness mean in cyber
* https://www.redteammaturity.com/ - a maturity model for red teams
* https://redteam.guide/ - a handy guide to red team capability
* https://engage.mitre.org/ - if ATT&CK is operational, where do you start with forward planning your operational capability

Standards:

* https://www.rfc-editor.org/rfc/rfc6918.html - deprecating the fun bits of ICMP

Threats:

* https://medium.com/@meeswicky1100/unmasking-a-new-dprk-front-company-dredsoftlabs-bf9ed544d690 - beware of DredSoftLabs, a North Korean enterprise
* https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/ - CrowdStrikes latest missive on naughty pandas

Detection:

* https://api.gcforum.org/api/files/public/upload/c77233d5-139d-4fbd-a1a4-793a6f29916b_STC-report.pdf - spotting spoofed callers

Exploitation:

* https://scrapco.de/ - fun projects from buherator (npub17wv…nag2)
* https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/ - spoofing the printer
* https://zplin.me/papers/GREBE.pdf - deep dive on Linux kernel bugs and exploitability
* https://faith2dxy.xyz/2025-11-28/extending_race_window_fallocate/ - winning races with the Linux kernel

Hard hacks:

* https://ioninja.com/ - manipulating protocols at the bits and bytes
* https://blog.byteray.co.uk/critical-vulnerabilities-in-rut22gw-industrial-lte-cellular-routers-f4eb8768feb7 - LTE modems go brrrrrrr
* https://mp.weixin.qq.com/s/mfXBJmTuDsE5Y5ufbffkjw?poc_token=HL9bPGmjQcx4HjY2q6nc3pvfsIFWuwnJf-vGJx33 - attacking the Globalstar uplink

Nerd:

* https://oswatcher.github.io/frontend/ - how Windows has changed over time
* https://social.coop/@eb/115646613032814668 - Evan B🥥ehs (npub1ysj…0ve5)'s prompt for F/OSS projects

#security, #research

Interesting links of the week: In honour of stealth: * ...

2025-12-05T22:09:43Z

Interesting links of the week:

In honour of stealth:

* https://www.thc.org/404/stealth/eulogy.txt

Threats:

* https://www.hacklore.org/letter - re-evaluating security myth
* https://disclosing.observer/2025/11/24/bulletproof-hoster-anatomy-data-driven-reconstruction.html - how bullet proof hosting works

Detection:

* https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem - GreyNoise (npub1lmd…m9t8) discuss what happens if 127.0.0.1 gets popped
* https://blogs.cisco.com/security/cisco-talos-incident-response-threat-hunting-at-govware-2025 - threat hunting at GovWare from one of my old team at Cisco Talos (npub1xkd…cc62)
* https://mikecybersec.notion.site/ESXi-IR-Guide-0ffbcec7272244d6b10dba4f4d16a7c8 - doing IR on ESXi
* https://rosesecurity.dev/2024/08/28/homegrown-honeypots.html - mm, honey

Bugs:

* https://blog.quarkslab.com/k7-antivirus-named-pipe-abuse-registry-manipulation-and-privilege-escalation.html - AV oopsies, don't you just love them... this time from quarkslab (npub1zhy…cve0)
* https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/ - explanation of the React bug

Exploitation:

* https://jhalon.github.io/reverse-engineering-protocols/ - reverse engineering protocols
* https://lyra.horse/blog/2025/12/svg-clickjacking/ - draw me the attack path
* https://ayaa101.medium.com/how-i-discovered-1-400-users-pii-through-a-graphql-query-and-uncovered-5-more-bugs-using-the-389d8e7d8deb - turns out adversaries also think in graphs
* https://blog.mantrainfosec.com/blog/18/prepared-statements-prepared-to-be-vulnerable - SQLi into prepared statements
* https://phishing.club/blog/covert-red-team-phishing-with-phishing-club/ - the first rule of phishing.club is there are no rules (that can't be bypassed)
* https://afine.com/desktop-application-security-standard-introducing-dasvs/ - content with fixing all web and mobile vulnerabilities, binary desktop apps enter the spotlight
* https://xbz0n.sh/blog/living-off-the-land-windows - avoiding falling out of Windows
* https://ipurple.team/2025/12/01/bind-link-edr-tampering/ - a new/old way to avoiding endpoint detection

Hard hacks:

* https://troopers.de/downloads/troopers25/TR25_SBOMs-The-right-way_CBLHDX.pdf - da SBOM from the securefirmware (npub1duh…8p3x) gang
* https://xairy.io/articles/pixel-kgdb - debugging a Pixel with gdb
* https://stefan-gloor.ch/pulseoximeter-hack - Stefan Gloor (npub1yhe…mhdt) patches consumer-grade pulse oximeters

Hardening:

* https://lwn.net/SubscriberLink/1046841/5bbf1fc049a18947/ - making Debian Rusty

Nerd:

* https://lolwifi.network/journey - how much do you trust wifi?
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f076ef44a44d02ed91543f820c14c2c7dff53716 - are you sure that's the right time?
* https://mathstodon.xyz/@dougmerritt/115596707083538102 - the wrong history of languages courtesy of DougMerritt (log😅 = 💧log😄) (npub1vlc…mzqq)
* https://obr.uk/docs/dlm_uploads/01122025-Investigation-into-November-2025-EFO-publication-error.pdf - release early, release predictably... UK OBR goes agile
* https://monthlyreview.org/articles/why-socialism/ - Einstein, not just a pretty face
* https://netpol.org/2025/11/28/government-plans-new-powers-to-label-dissenting-movements-as-subversion/ - kinda wonder what happens if you dissent?
* https://replaceyourboss.ai/ - replace your boss, slopify your strategy

#security, #research
nostr:note1afu4r7r78zwn470nlat4n0kalhwrvyfv0f35wn38paw39d6tptaqx8w30t

Interesting links of the week: Strategy: * ...

2025-08-22T00:31:37Z

Interesting links of the week:

Strategy:

* https://wero-wallet.eu/ - a European replacement for PayPal, Google and Apple

Threats:

* https://the-sequence.com/rustypages-malware-part-i - some nice new shiney malware for OS X
* https://www.crowdstrike.com/en-us/blog/murky-panda-trusted-relationship-threat-in-cloud/ - don't you just hate being poked with bamboo?

Detection:

* https://camel-security.github.io/ - LLM guard rails from GOOG
* https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging?view=powershell-5.1#enabling-script-block-logging - MSFT's protected logging feature for PS
* https://adsecurity.org/?p=4510 - mm, honey
* https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/ - preventing domain resurrections in PyPI

Bugs:

* https://www.heise.de/en/news/Docker-Desktop-Critical-vulnerability-allows-host-access-10560707.html - attackers may no longer be contained
https://bughunters.google.com/blog/5800341475819520/a-fuzzy-escape-a-tale-of-vulnerability-research-on-hypervisors - I hate being supervised, do you?

Exploitation:

* https://arxiv.org/abs/2507.09411 - feasibility of generating variant malware using LLMs
* https://phrack.org/issues/72/5_md#article - Phrack (npub1am3…j6qn) #72 lands and it's a goodie... aforementioned link is to Orange Tsai (npub1yps…97w6)'s work on PHP
* https://versprite.com/blog/the-shell-was-restricted-but-the-kernel-memory-was-wide-open/ - attacking Linux-based firmware for LPE via the kernel
* https://blog.anh4ckin.ch/posts/netexec-workshop2k25/ - nosing around an AD lab

#security, #research

Interesting links of the week: Strategy: * ...

2025-08-08T10:10:49Z

Interesting links of the week:

Strategy:

* https://www.ncsc.gov.uk/blog-post/caf-v4-0-released-in-response-to-growing-threat - NCSC CAF 4.0 drops
* https://cfp.bsides.london/bsides-london-2025/cfp - BSides London CFP is open
* https://data-media.s3.us-east-1.amazonaws.com/assets/CISOs+guide+to+SAP+Security.pdf - a CISO view on SAP

Threats:

* https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/ - PA give their thoughts on telco intrusions

Detection:

* https://medium.com/anton-on-security/soc-visibility-triad-is-now-a-quad-soc-visibility-quad-2025-72811401073a - [@anton_chuvakin](https://infosec.exchange/@anton_chuvakin )'s take on what comes next in SOCs... is it AI or is it fuck?
* https://www.greynoise.io/resources/early-warning-signals-attacker-behavior-precedes-new-vulnerabilities - what to look for as new bugs rain down...
* https://bakerstreetforensics.com/2025/08/02/enhance-threat-hunting-with-mitre-lookup-in-malchela-3-0-2/ - neat MITRE ATT&CK (npub1h8w…vyt6) integration
* https://www.totes-legit-notmalware.site/home/detection-exercise-d-link-dir-513-cves-2025-8184-8169-and-8168 - [@da_667](https://infosec.exchange/@da_667 ) talks IDS detections

Exploitation:

* https://specterops.io/blog/2025/07/29/bloodhound-v8-usability-extensibility-and-opengraph/ - new dog, who dis?
* https://www.incendium.rocks/posts/Exploit-Development-For-MSRPC/ - developing exploits for Microsoft RPC
* https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/ - Trail of Bits (npub1rcs…7sw8) exploit some 0lddays
* https://secret.club/2022/08/29/bootkitting-windows-sandbox.html - breaking the Windows sandbox
* https://blogs.cisco.com/security/extracting-training-data-from-chatbots - another way to fuck with LLMs

Hardening:

* https://lwn.net/Articles/1030669/ - how security patches land in Debian

Development:

* https://metacpan.org/dist/MCP - MCP in Perl
* https://20455591.fs1.hubspotusercontent-na1.net/hubfs/20455591/Website%20Assets/Secure%20Coding%20Guideline%20en%20BASE24%20.pdf - writing secure Base24 code

Nerd:

* https://www.e-resident.gov.ee/uk-hub-digital-residency-setup/ - become a virtual Estonian

#security, #research

Genie: You have 3 wishes Me: Can I just have -1 wish? Genie: ...

2025-08-01T23:56:34Z

Genie: You have 3 wishes
Me: Can I just have -1 wish?
Genie: Okay, you have 4294967295L wishes

#microfiction

Related: If you want to tell me you've jailbroken the AI, you ...

2025-08-01T10:09:14Z

Related: If you want to tell me you've jailbroken the AI, you better be prepared to tell me how you reverse engineered the ETL, data model and guard rails, not how you clicked on the shiny, shiny and got a shell prompt.

Wish there was an easy way to migrate MFA tokens from the various ...

2025-07-26T09:35:53Z

Wish there was an easy way to migrate MFA tokens from the various OTP apps to cold storage.

A Microsoft ouchy on a Saturday, oh my: ...

2025-07-20T06:43:45Z

A Microsoft ouchy on a Saturday, oh my:

https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/

Active exploitation already happening...

#sharepoint, #threatintel

Interesting Git repos of the week: Detection: * ...

2025-07-12T09:51:18Z

Interesting Git repos of the week:

Detection:

* https://github.com/telekom-security/tpotce - have some honey

Exploitation:

* https://github.com/tlsfuzzer/tlsfuzzer - fuzz TLS
* https://github.com/ShawnDEvans/smbmap - map SMB shares
* https://github.com/nccgroup/fuzzowski - another nice fuzzer

Data:

* https://github.com/sneakers-the-rat/gpu-free-ai - the AI implementation you don't want to use!

#code, #security, #research

Interesting Git repos of the week: Strategy: * ...

2025-06-27T07:03:13Z

Interesting Git repos of the week:

Strategy:

* https://github.com/timb-machine/security-research-governance-toolkit - I started releasing Portcullis' old security research governance toolkit

Detection:

* https://github.com/sandflysecurity/sandfly-forensic-scripts - Sandfly Security (npub1n7j…d4nw) have release scripts for collecting Linux artefacts

Exploitation:

* https://github.com/stealth/injectso - Ike Broflovski (npub17pe…7sl2) demonstrates how to inject .so files into running processes at will
* https://github.com/NeffIsBack/wsuks - have you ever wanted to MITM WSUS?

Data:

* https://github.com/public-api-lists/public-api-lists - does what it says on the tin

Development:

* https://github.com/sapdragon/syscalls-cpp - headers for direct syscall invocation

#security, #research, #code

Interesting links of the week: Strategy: * ...

2025-06-26T21:12:22Z

Interesting links of the week:

Strategy:

* https://www.enisa.europa.eu/publications/the-eu-cybersecurity-index-2024 - EU's 2024 cyber security index
* https://assets.publishing.service.gov.uk/media/67cad8b18c1076c796a45c25/Cyber_Security_Sectoral_Analysis_Report_2025.pdf - HMG cyber security sectoral analysis 2025
* https://www.nao.org.uk/wp-content/uploads/2025/01/government-cyber-resilience.pdf - NAO paper on making UK more resilient
* https://www.ncsc.gov.uk/collection/security-principles-protecting-most-sensitive-personal-information-in-datasets - NCSC ideas on protecting data
* https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/ - protest early, protest safely, protest often

Threats:

* https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/umbrella-stand/ncsc-mar-umbrella_stand.pdf - NCSC exposes UMBRELLA STAND
* https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/shoe-rack-tipper/ncsc-tip-shoe_rack.pdf - ... and SHOE RACK
* https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia - GOOG reports on how Russia is targetting academics

Exploitation:

* https://sud0ru.ghost.io/windows-inter-process-communication-a-deep-dive-beyond-the-surface-part-4/ - a nice set of posts on Windows IPC's attack surface
* https://eprint.iacr.org/2025/1042 - whacking Falcons with a hammer
* https://forums.oracle.com/ords/r/apexds/community/q?question=interpositioning-in-java-2701 - had your caffeine? seamlessly injecting into Java

Hard hacks:

* https://skemman.is/handle/1946/50456 - emulating icey routers

Hardening:

* https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html - calling cc safely
* https://spiffe.io/docs/latest/spiffe-about/community-presentations/ - better authentication primitives for bots
* https://workos.com/blog/mcp-authorization-in-5-easy-oauth-specs - bring OAuth to MCP

Nerd:

* https://www.metoffice.gov.uk/forms/name-our-storms-call-for-names - so you want to work in marketing for storms
* https://activitypub.academy - so you want to learn about how the Fediverse works?

#security, #research

Submitted my first bug via GitHub's advisory reporting ...

2025-06-13T13:11:42Z

Submitted my first bug via GitHub's advisory reporting mechanism for hosted projects (I know, right!?!?). Much less painful than the traditional hunt the email address/chase the vendor so far.

Sad times, John Young of Cryptome is no longer with us: ...

2025-05-25T18:00:51Z

Sad times, John Young of Cryptome is no longer with us:

https://www.theregister.com/2025/05/24/john_young_obituary/

Interesting Git repos of the week: Strategy: * ...

2025-05-02T07:34:14Z

Interesting Git repos of the week:

Strategy:

* https://github.com/TalEliyahu/awesome-CISO-maturity-models - modelling your strategy

Detection:

* https://github.com/yevh/TaaC-AI - threat modelling as code
* https://github.com/thalesgroup-cert/Watcher - build your own threat hunting platform with Thales
* https://github.com/microsoft/msticpy - Microsoft's TI tooling

Exploitation:

* https://github.com/specfy/stack-analyser - what's in the stack?

Hardening:

* https://github.com/nistorj/ISR1000 - guestshell on the ISR1000

#security, #research, #code

That SAP NetWeaver bug is pretty ouchy: ...

2025-04-27T20:56:42Z

That SAP NetWeaver bug is pretty ouchy:

https://x.com/gothburz/status/1915755189019017411

#sap, #threatintel

Kinda want a DirBuster style list of headers at this point, so ...

2025-04-24T09:37:02Z

Kinda want a DirBuster style list of headers at this point, so many times, we see new CVEs stemming from headers with magical properties.

Another header bypass, this time a Citrix NetScaler nasty: ...

2025-04-24T09:35:23Z

Another header bypass, this time a Citrix NetScaler nasty:

https://attackerkb.com/topics/7zebEgmGLs/cve-2024-6235

#threatintel, #netscaler

Interesting links of the week: Strategy: * ...

2025-04-17T18:21:43Z

Interesting links of the week:

Strategy:

* https://en.wikipedia.org/wiki/SIPOC - modelling systems with SIPIC
* https://www.thecvefoundation.org/ - the CVE foundation
* https://euvd.enisa.europa.eu/ - EU bug jail
* https://xntrik.wtf/aisa2024/ - xntrik (npub1gtc…m0r6) maps threats with https://threatcl.github.io/
* https://threatspec.org/ - the ThreatSpec

Threats:

* https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol - a novel phishing attack involving RDP

Detection:

* https://rulehound.com/rules - a single place to find interesting detection engineering ideas

Bugs:

* https://bugs.chromium.org/p/chromium/issues/detail?id=584535 - an 11 year old bug in every browser, still not dead!

Exploitation:

* https://silentsignal.github.io/BelowMI/ - memory management on System i courtesy of buherator (npub17wv…nag2)
* https://github.com/N1ckDunn/SOSLInjection/blob/main/SOSLInjection.pdf - Sal''esforce \o/
* https://github.com/N1ckDunn/DoubleFetch/blob/main/Double-FetchVulnerabilitiesInC.pdf - exploiting double fetch

Hard hacks:

* https://xairy.io/articles/thinkpad-xdci - emulating USB on a ThinkPad
* https://www.rtl-sdr.com/dragonos-lte-imsi-sniffing-using-the-lte-sniffer-tool-and-an-ettus-x310-sdr/ - build your own LTE sniffer
* https://blog.sesse.net/blog/tech/2025-04-05-10-57_cisco_2504_password_extraction.html - extracting passwords from Cisco WLC
* https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet - exploiting the Nomad e-ink tablet

Nerd:

* https://ukparliament.github.io/ontologies/meta/bots/ - UK parliamentary bots
* https://mwl.io/fiction/crime - Git drives people to murder
* https://changelog.complete.org/archives/10768-announcing-the-nncpnet-email-network - building a new mail protocol

#security, #research

My cross-platform and cross-browser NTLM bug is public: ...

2025-04-17T12:47:43Z

In reply to nevent1q…fvg9
_________________________

My cross-platform and cross-browser NTLM bug is public:

https://issues.chromium.org/issues/40080133

Kudos to Bitquark (npub19m6…6gg2) who reported it separately.

Kudos also to The Tor Project (npub1vwv…cqgs) and Mozilla (npub16pr…crsg) who did make efforts.

#security, #wontfix, #threatintel, #browserbug

Released a new tool, packet-monkey: ...

2025-03-29T10:05:08Z

Released a new tool, packet-monkey:

https://github.com/timb-machine/packet-monkey

Packet Monkey is a tool to filter and classify PCAPs using Wireshark filters. I use it for layer 2/3 traffic analysis on engagements.

#tool, #code, #packetcapture, #trafficanalysis, #wireshark

Interesting links of the week: Strategy: * ...

2025-03-22T01:33:00Z

Interesting links of the week:

Strategy:

* https://rusi.org/explore-our-research/publications/commentary/typhoons-cyberspace - Ciaran Martin (npub1g3n…kzaf) talks .cn
* https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf - building a world class SOC with MITRE
* https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns - architectural booboos

Threats:

* https://www.mdsec.co.uk/2025/03/red-teaming-with-servicenow/ - red teaming SNow
* https://posts.specterops.io/mapping-snowflakes-access-landscape-3bf232251945 - mapping Snowflake
* https://www.dragos.com/wp-content/uploads/2025/03/Dragos_Littleton_Electric_Water_CaseStudy.pdf - a small case study on how .cn got into your water
* https://supportportal.juniper.net/s/article/2025-03-Reference-Advisory-The-RedPenguin-Malware-Incident?language=en_US - and a larger case study on how they got into Juniper devices
* https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers - more on Juniper from Mandiant
* https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ - Cisco Talos (npub1xkd…cc62) gives us the run down on how .cn got into Cisco devices too

Detection:

* https://mr-r3b00t.github.io/crime-mapper/ - reimagining graphs with [@UK_Daniel_Card](https://infosec.exchange/@UK_Daniel_Card )
* https://tinyhack.com/2025/03/13/decrypting-encrypted-files-from-akira-ransomware-linux-esxi-variant-2024-using-a-bunch-of-gpus/ - decrypting Akira
* https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised - another bugdoor in the supply chain

Bugs:

* https://blog.includesecurity.com/2025/03/memory-corruption-in-delphi/ - memory corruption in memory safe languages
* https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html - shedding light on the the recent TomCat bug
* https://portswigger.net/research/saml-roulette-the-hacker-always-wins - a SAML guide to lock picking from Gareth Heyes :verified: (npub1xcc…khle)
* https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/ - backdooring your backups

Exploitation:

* https://tmpout.sh/4 - new tmpout (npub1z6k…yrg4)
* https://research.swtch.com/nih - rethinking trust
* https://blog.quarkslab.com/bluetooth-low-energy-gatt-fuzzing.html - fuzzing BTLE
* https://sgued.fr/blog/der-pem-cert/ - certs are hard
* https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf - reverse engineering Defender
* https://www.slideshare.net/slideshow/remotemethodguesser-bhusa2021-arsenal/249983357 - fuzzing RMI
* http://gibsonnet.net/blog/dwarchive/NIMSH,%20SSL%20and%20LPM.%20(Chris%27s%20AIX%20Blog).html - with a 10.0 in IBM AIX's NIM install solution, I decided to do some digging... everybody relax, it's fine

Nerd:

* https://latex.vercel.app/ - LaTeX as HTML
* https://artsandculture.google.com/asset/english-electric-kdf9-lyons-electronic-office-computer-installation-bracknell-met-office/sAHERiMe475-Eg?hl=en - old time photos of the UK met office super computers

#security, #research

Activity spinning up on GitHub for people playing with the bug, ...

2025-03-15T12:03:38Z

In reply to nevent1q…w69d
_________________________

Activity spinning up on GitHub for people playing with the bug, but also at least a few possibly vulnerable code bases:

https://github.com/search?q=%3Cparam-name%3Ereadonly%3C%2Fparam-name%3E+%3Cparam-value%3Efalse%3C%2Fparam-value%3E++&type=code

The author of the blog post mentioned in my previous post initially predicted KEV but then reconsidered. I suspect they're right but it will it will depend on if any big commercial J2EE is vulnerable as deployed on TomCat. To that end, the following from the VMware folks looked interesting:

https://github.com/vmware/dod-compliance-and-automation/blob/e080d523461ade1dadca12c8f7622bd60fcbe920/vsphere/8.0/v1r1-srg/vcsa/inspec/vmware-vcsa-8.0-stig-baseline/eam/controls/VCEM-80-000130.rb#L35

A decent explanation of the Apache TomCat bug I posted a link to ...

2025-03-15T11:53:03Z

A decent explanation of the Apache TomCat bug I posted a link to the PoC for earlier:

https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html

#threatintel, #tomcat, #java

PoC vulnerable app for the Camel bug: ...

2025-03-10T17:45:22Z

PoC vulnerable app for the Camel bug:

https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC

Code that may/may not exhibit the same kinds of problems:

https://github.com/search?q=import+org.apache.camel+RouteBuilder&type=code

#threatintel, #java

Simply smashing a device that you have physical access to is ...

2025-03-10T10:01:07Z

Simply smashing a device that you have physical access to is scored as CVSS 5.2 (Medium):

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Interesting links of the week: Strategy: * ...

2025-02-21T10:41:56Z

Interesting links of the week:

Strategy:

* https://dl.acm.org/doi/10.1145/3594553 - refining TI with automated labelling

Threats:

* https://blog.talosintelligence.com/salt-typhoon-analysis/ - Salt Typhoon analysis from Cisco Talos (npub1xkd…cc62)
* https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html - a Chinese view on Equation Group

Detection:

* https://blog.thinkst.com/2025/02/almost-famous-behind-the-scenes-of-a-feature-that-didnt-make-the-cut.html - building canary tokens with unconstrained delegation

Hard hack:

* https://kindlemodding.org/ - modding the Kindle
* https://www.die-welt.net/2025/02/unauthenticated-rce-in-grandstream-ht802v2-and-probably-others-using-gs_test_server-dhcp-vendor-option/ - hacking hardware via DHCP vendor options

Hardening:

* https://neapay.com/viewposts.html?category=BASE24 - variable quality but details on Base24

#security, #research

A suitable punishment for DOGE.

2025-02-08T18:08:34Z

In reply to nevent1q…wdtw
_________________________

A suitable punishment for DOGE.

LinkedIn implies DB2 on z.

2025-02-08T17:12:02Z

In reply to nevent1q…3667
_________________________

LinkedIn implies DB2 on z.

I wonder what "mainframe" platform the US treasury ...

2025-02-08T17:06:55Z

I wonder what "mainframe" platform the US treasury actually uses...

Pretty sure this customer doesn't own unregistereddomain.tld. ...

2025-01-22T15:04:39Z

Pretty sure this customer doesn't own unregistereddomain.tld. Probably not the best FQDN for their OT hosts to be authenticating against.

#redteam

PSA: It is indeed incorrect to label Starmer or the modern Labour ...

2025-01-12T13:51:04Z

PSA: It is indeed incorrect to label Starmer or the modern Labour party as lefties.

A bug so hard to fix that it took almost 10 years to make a ...

2025-01-08T18:54:08Z

In reply to nevent1q…w0ed
_________________________

A bug so hard to fix that it took almost 10 years to make a decision.

Nostr event nevent1qqst0rxv9yvgwcrgtgs8xajk5zs8yzm64guvhutdw5kxx0ycwumpqjczyp89hh2eeyfuw9sm48ywmmhuzg89aarr9aqg7v44xegfkkeyup2dz960kph

2025-01-08T18:09:27Z

Just got a WontFix on a security bug I reported in 2014 :/.

PoC for CVE-2024-6387 in OpenSSH is out: ...

2025-01-06T12:02:03Z

PoC for CVE-2024-6387 in OpenSSH is out:

https://github.com/YassDEV221608/CVE-2024-6387_PoC

32-bit only...

#linux, #threatintel

Interesting links of the week: Strategy: * ...

2025-01-05T16:43:07Z

Interesting links of the week:

Strategy:

* https://jericho.blog/2024/12/28/mitres-phoning-in-new-cnas/ - a critique of the training for new CNA from jericho (npub17fr…q25e)

Standards:

* https://www.misp-standard.org/blog/Naming-Threat-Actor/ - MISP (npub1mly…rl2t) proposes a standard for naming threat actors

Threats:

* https://www.vodafone.com/sustainable-business/maintaining-trust/law-enforcement-assistance - Vodafone's yearly account of law enforcement interactions
* https://www.propublica.org/article/ap3-oath-keepers-militia-mole - moles in right wing infrastructure :bloblaugh:
* https://community.emergingthreats.net/t/the-many-cves-of-d-link-hnap-command-injection/2314 - attacking HNAP for CLI injection
* https://www.flux.utah.edu/paper/singh-nsdi24 - analysing the prevalence and scope of ITW SSH brute force attacks

Detection:

* https://www.usenix.org/conference/usenixsecurity24/presentation/badva - paper on threat hunting, full disclosure: participant P18 is me :)

Bugs:

* https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/ - AD LDAP sadness
* https://social.circl.lu/@vulnerability_lookup/113761006476621066 - fediverse reporting on the same bugs by [@vulnerability_lookup](https://social.circl.lu/@vulnerability_lookup )
* https://thesecmaster.com/blog/how-to-protect-your-four-faith-industrial-routers-from-cve-2024-12856-a-critical - hacking the factory
* https://seclists.org/fulldisclosure/2024/Dec/21 - when the CTF platform itself supplies the bugs...
* https://seclists.org/fulldisclosure/2024/Dec/19 - iSay, iSay, shell me a midtier, sir!

Exploitation:

* https://people.kernel.org/kees/colliding-with-the-sha-prefix-of-linuxs-initial-git-commit - Kees Cook (old account) (npub1h9f…9etp) collides Linux
* https://www.hvs-consulting.de/en/nfs-security-identifying-and-exploiting-misconfigurations/ - holes in NFS, surely not?
* https://blog.slowerzs.net/posts/thievingfox/ - stealing passwords for red team glory

Hard hack:

* https://aleksandr.rogozin.us/blog/2021/8/13/hacking-philips-wiz-lights-via-command-line - hacking Philips WiZ

Hardening:

* https://www.cisa.gov/sites/default/files/2024-01/SbD-Alert-Security-Design-Improvements-for-SOHO-Device-Manufacturers.pdf - CISA advice on SOHO networks.. not wildly blown away but I suppose they have to start somewhere...

Nerd:

* https://github.com/markqvist/Reticulum/discussions/231 - an interesting approach to non-TCP/IP federated networks as shared by sqshr (npub1ptq…6e7p)...
* https://www.jmeiners.com/lc3-vm/ - write your own VM... kinda remember doing this at uni
* https://tickets.why2025.org/ - have you ordered your tickets for why2025camp (npub1ux8…hm28)

#security, #research

A Struts bug: https://github.com/TAM-K592/CVE-2024-53677-S2-067 ...

2024-12-17T22:06:26Z

A Struts bug:

https://github.com/TAM-K592/CVE-2024-53677-S2-067

The week before Christmas?

Oh my!

#java, #threatintel

Looking at legacy NeXT source: ...

2024-12-15T22:48:52Z

Looking at legacy NeXT source:

https://github.com/johnsonjh/NeXTSrc/blob/ff846608a76ab2fbbb86e8a14c52ac85332f9786/libc-34.1/libc/gen/execvp.c#L34

Quoting from the OS X man page for execvp():

"Historically, the default path for the execlp() and execvp() functions was ``:/bin:/usr/bin''. This was changed to place the current directory last to enhance system security."

#noshitsherlock, #codereview, #appsec, #sdlc

Nothing. Just made me laugh.

2024-12-01T17:26:18Z

In reply to nevent1q…hck7
_________________________

Nothing. Just made me laugh.

:blobcry:

2024-12-01T17:13:43Z

In reply to nevent1q…ltcd
_________________________

:blobcry:

I have but provisionally but it may not stay. We'll see.

2024-11-16T17:53:57Z

In reply to nevent1q…m8es
_________________________

I have but provisionally but it may not stay. We'll see.

Woop. QNX is free (as in beer) again: ...

2024-11-08T12:01:23Z

Woop. QNX is free (as in beer) again:

https://blackberry.qnx.com/en/products/qnx-everywhere

Samba can also expose your CUPS configured printers too so ...

2024-09-28T12:03:31Z

In reply to nevent1q…mf7l
_________________________

Samba can also expose your CUPS configured printers too so it's not just 631/tcp to be watchful of.

That's not typically the default but we're talking about ...

2024-09-28T12:00:42Z

In reply to nevent1q…tccw
_________________________

That's not typically the default but we're talking about something that is fundamentally designed to be a server & queue manager for others on the network. By default, cupsd (the actual server & queue manager) may well be bound to localhost, with browsing set to no and various IPP API endpoints restricted with location ACLs but all of these can and are changed for various reasons (witness 631/tcp being open).

The victim needs to print narrative would be fine if we're ...

2024-09-28T08:27:21Z

In reply to nevent1q…ls6w
_________________________

The *victim needs to print* narrative would be fine if we're targetting an end user. Thing is, we're not - we're targetting the print server.

Casual observation. Someone needs to print something. What ...

2024-09-28T07:42:07Z

Casual observation. *Someone* needs to print something. What happens if the adversary can?

#cups, #redteam

Rumours look to have been accurate, it looks like it's CUPS: ...

2024-09-26T18:16:43Z

In reply to nevent1q…p4lx
_________________________

Rumours look to have been accurate, it looks like it's CUPS:

https://www.linkedin.com/posts/benjamin-harris-sg_15-minutes-ago-our-monitoring-systems-went-activity-7245132773902983168-xZ0u?utm_source=share&utm_medium=member_android

(Courtesy of an old friend at watchTowr (npub1r4a…u230))

Add in, runs as root and likely listens on the network (by ...

2024-09-26T17:55:13Z

In reply to nevent1q…gp94
_________________________

Add in, runs as root and likely listens on the network (by default).

If you wanted to speculate on the upcoming CVE in Linux distros, ...

2024-09-26T17:29:46Z

In reply to nevent1q…dk2j
_________________________

If you wanted to speculate on the upcoming CVE in Linux distros, correlating Popcon with those that have listening ports and CVE data might be one way to make a prediction:

https://popcon.debian.org/

PSA: Wild speculation is the best speculation. #rumops

2024-09-26T15:16:55Z

PSA: Wild speculation is the best speculation.

#rumops

Nostr notes by Tim (Wadhwa-)Brown :donor:

Someone's just listed out "all" the Windows versions ...

When times were simpler: "text generator" ...

Nostr event nevent1qqsdwmjacu3j0z9hc2egq6q0v7l0kvc8spnus8mr06lpv05rwe36a0szyp89hh2eeyfuw9sm48ywmmhuzg89aarr9aqg7v44xegfkkeyup2dzt9qa5u

Finally got around to uploading my slides for Reflections on ...

For those that are upset about time, I've had an internal ...

Worth noting that after that paper's release I did further ...

My original paper from 2013: ...

The number of places that are still potentially vulnerable to ...

Citrix oofise reaches primetime: ...

Interesting Git repos of the week: Threats: * ...

Today's AI bullshit: "Yes, I know agentic AI is ...

Interesting links of the week: Strategy: * ...

In which I get shout outs from the grsec crew: ...

Coding with LLMs and agents is a generational opportunity to ...

Today's oofness is on us :(: ...

Got any plans to seize control and create an army from any ...

RE: https://infosec.exchange/@timb_machine/116068550511596363 If ...

*sigh*, a reminder that there are definite pros to self hosting. ...

Seen an interesting trend in UK FSI over the last months, with ...

Interesting links of the week: Strategy: * ...

One of our AI threat team pointed me at this: ...

Interesting links of the week: Strategy: * ...

Interesting links of the week: Strategy: * ...

Interesting links of the week: Strategy: * ...

Any of the @npub1n4p…t7gf folks on here?

Interesting links of the week: Strategy: * ...

Interesting links of the week: In honour of stealth: * ...

Interesting links of the week: Strategy: * ...

Interesting links of the week: Strategy: * ...

Genie: You have 3 wishes Me: Can I just have -1 wish? Genie: ...

Related: If you want to tell me you've jailbroken the AI, you ...

Wish there was an easy way to migrate MFA tokens from the various ...

A Microsoft ouchy on a Saturday, oh my: ...

Interesting Git repos of the week: Detection: * ...

Interesting Git repos of the week: Strategy: * ...

Interesting links of the week: Strategy: * ...

Submitted my first bug via GitHub's advisory reporting ...

Sad times, John Young of Cryptome is no longer with us: ...

Interesting Git repos of the week: Strategy: * ...

That SAP NetWeaver bug is pretty ouchy: ...

Kinda want a DirBuster style list of headers at this point, so ...

Another header bypass, this time a Citrix NetScaler nasty: ...

Interesting links of the week: Strategy: * ...

My cross-platform and cross-browser NTLM bug is public: ...

Released a new tool, packet-monkey: ...

Interesting links of the week: Strategy: * ...

Activity spinning up on GitHub for people playing with the bug, ...

A decent explanation of the Apache TomCat bug I posted a link to ...

PoC vulnerable app for the Camel bug: ...

Simply smashing a device that you have physical access to is ...

Interesting links of the week: Strategy: * ...

A suitable punishment for DOGE.

LinkedIn implies DB2 on z.

I wonder what "mainframe" platform the US treasury ...

Pretty sure this customer doesn't own unregistereddomain.tld. ...

PSA: It is indeed incorrect to label Starmer or the modern Labour ...

A bug so hard to fix that it took almost 10 years to make a ...

Nostr event nevent1qqst0rxv9yvgwcrgtgs8xajk5zs8yzm64guvhutdw5kxx0ycwumpqjczyp89hh2eeyfuw9sm48ywmmhuzg89aarr9aqg7v44xegfkkeyup2dz960kph

PoC for CVE-2024-6387 in OpenSSH is out: ...

Interesting links of the week: Strategy: * ...

A Struts bug: https://github.com/TAM-K592/CVE-2024-53677-S2-067 ...

Looking at legacy NeXT source: ...

Nothing. Just made me laugh.

:blobcry:

I have but provisionally but it may not stay. We'll see.

Woop. QNX is free (as in beer) again: ...

Samba can also expose your CUPS configured printers too so ...

That's not typically the default but we're talking about ...

The *victim needs to print* narrative would be fine if we're ...

Casual observation. *Someone* needs to print something. What ...

Rumours look to have been accurate, it looks like it's CUPS: ...

Add in, runs as root and likely listens on the network (by ...

If you wanted to speculate on the upcoming CVE in Linux distros, ...

PSA: Wild speculation is the best speculation. #rumops

sigh, a reminder that there are definite pros to self hosting. ...

The victim needs to print narrative would be fine if we're ...

Casual observation. Someone needs to print something. What ...