Justin Elze
@HackingLZ
Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
ID:14539104
26-04-2008 03:27:52
45,7K Tweets
52,4K Followers
4,9K Following
Google patches third exploited Chrome zero-day in a week - Sergiu Gatlan
bleepingcomputer.com/news/google/go…
bleepingcomputer.com/news/google/go…
The way Microsoft chose to implement this in Conditional Access is fundamentally broken (forcing use of Device platform)
Be sure to read rootsecdev's blog post on how to test and alternative options to secure this better 🔥
Hack web APIs using agents: github.com/dreadnode/rigg…
Memory, goals, context pinning, actions, etc.
hanspetrich has been hacking on this stuff internally
.Volexity shares new observations following its discovery of CVE-2024-3400 + #0day exploitation of the GlobalProtect feature in Palo Alto Networks firewalls and offers guidance for detecting compromise.
More here: volexity.com/blog/2024/05/1…
#dfir #threatintel #memoryforensics
🔬 XZ Utils Made Me Paranoid
@trustedsec's Kevin Haubris built a scanner to detect backdoors like XZ Utils
It identifies hooks in process memory, and compares them with on-disk binaries
🛠️ VerifyELF - tool repo
github.com/trustedsec/Ver…
trustedsec.com/blog/xz-utils-…