The tale of a short-lived bug 🐛 affecting a NAS device which Luks and I planned to use at #Pwn2Own Tokyo. crowdstrike.com/blog/pwn2own-t…

This blog post describes our journey of identifying and exploiting a vulnerability on the Western Digital My Cloud Pro Series PR4100 NAS (already identified and fixed by WD). bit.ly/3otHkI2 via HPH Luks #cybersecurity

x41-dsec.de/lab/advisories…

Had lots of fun with CrowdStrike's #AdversaryQuest. Here are my timings and writeups for a few selected tasks github.com/Sin42/writeups…

Starting soon: Benjamin Grap (Ben Grap), Hanno Heinrichs (HPH), and Lukas Kupczyk (Luks) of CrowdStrike Intelligence target the LAN interface of the Cisco RV340 in the router category. $15,000 and 2 Master of Pwn points on the line.

Success! The CrowdStrike team of Benjamin Grap (Ben Grap), Hanno Heinrichs (HPH), and Lukas Kupczyk (Luks) wasted no time in their 1st #Pwn2Own by taking over the LAN interface of the #Cisco RV340 router. They're off to provide all the details.

Another bug collision: the CrowdStrike team used 4 bugs to gain code execution on the Cisco RV340 router, but some of the bugs were previously known. They still earn $10,000 and 1.5 Master of Pwn points.

Success! Benjamin Grap (Ben Grap), Hanno Heinrichs (HPH), and Lukas Kupczyk (Luks) of CrowdStrike Intelligence were able to exploit the #Lexmark MC3224i printer. They're headed to the disclosure room for drop the details. #Pwn2Own #P2OAustin

The penultimate entry of the contest ends in a collision. The #CrowdStrike team combined 3 bugs to get code exec on the #Lexmark printer. Alas, all 3 had been previously seen in the contest. They still earn $10,000 and 1 Master of Pwn point. #Pwn2Own #P2OAustin

Here are the final Master of Pwn standings. Congrats to Synacktiv on claiming the title. It was a close race, but they pull through.

CrowdStrike discovered vulnerabilities that can be used to compromise the Cisco RV340 router. Read more. ⬇️ crwdstr.ke/6017KqvEZ

One Windows in-the-wild 0-day in today's patch Tues: CVE-2022-24521. Discovered by NSA and Crowdstrike 🔥 #itw0days msrc.microsoft.com/update-guide/v…

Bad hires (particularly in cyber security) often cost you more than just leaving the position unfilled.

Small blog by me about using chompie's late eBPF exploit and modifying it for container escapes. crowdstrike.com/blog/exploitin…

Since there is no good way to do mass layoffs: People underestimate the cost of undisciplined over-hiring, because trying to undo it will demoralize the rest of the company. The cost is higher than just the salaries etc.

I am very excited to publicly unveil our new CrowdStrike Counter Adversary Operations! Consolidating our market leading Threat Intelligence and game changing OverWatch Threat Hunting teams into a new entity charged with raising the cost for adversaries! crowdstrike.com/blog/crowdstri…

I think the stock exchange moved out of this building 25 years ago. But there are still a lot of brokers around even today. 🤔 #hexacon2023

Verifying myself: I am hanno_heinrichs on Keybase.io. GcZ-6NcxJYKK9wj7WFhiOD7AGmRTKFK2UljT / keybase.io/hanno_heinrich…