Log4j ate my homework

This is quite useful

Interesting to see how Moxie Marlinspike’s post changed the tenor of discussions on web3 (at least on my timeline). The strongest proponents shifted from “it’s the solution” to “it could be with a lot more work”. Also a lesson for us: Nothing beats doing the work & writing it up cogently.

The sad thing is that if we hadn’t expanded NATO, Putin would have tirelessly devoted himself to world peace and the brotherhood of man.

While this may sound too simple, we've managed to escalate across domains on several occasions by accounts with blank passwords 🔥! In this blog we describe how it works, and which popular spraying tools we've updated to support empty password spraying: northwave-security.com/abusing-empty-…

RFC 9225: Software Defects Considered Harmful, J. Snijders, et al., rfc-editor.org/info/rfc9225, This document discourages the practice of introducing software defects in general and in network protocol implementations specifically. 1/2

Any incident responder saying "DO NOT PAY A RANSOM" is hurting their customers. Paying (or not) should be a risk-informed business decision, pure and simple.

I worry that the current belief/practise that the only way to get into pentesting is via certs is having a weirdly damaging side effect. 🧵

Cobalt Strike BOF foundation for kernel exploitation using CVE-2021-21551. In its current state, as a PoC, it overwrites the beacon token with the system token (privesc). github.com/NorthwaveSecur…

These 'Beach Animals' were created by Theo Jansen as a fusion of art and engineering. The kinetic structures walk on their own and get all their energy from the wind.

Pretty cool blog post about how to deploy and test Azure Sentinel monitoring rules at scale! northwave-security.com/soc-testing-mi…

Yesterday we presented our research on the mental impact of ransomware attacks on people at victim orgs at #one2022. This topic deserves much more attention than it's getting, happy to see awareness rise. Blog at northwave-security.com/en/blog-after-… , paper with stats will be published soon

I love this blog post from Northwave. Intelligent Security Operations.. I cover some of this in my ransomware recovery talk. Taking care of your people during ransomware (and other) IR is really important, I see a lot of burnout and resignations after a ransomware incident. northwave-security.com/en/blog-after-…

Northwave has conducted research into the psychological effects of a ransomware crisis on people involved in mitigating a ransomware attack. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. northwave-security.com/wp-content/upl…

Why Apple’s announcements today are a big deal, a thread. 1/

The stolen data from LastPass is actively being decrypted and exploited. People with secrets keys for crypto wallets & login data to online wallets are being plundered. If you had your secret keys in LastPass, move your funds now, changing your password does NOT help.

Ons logo lijkt wel perfect gemaakt voor deze plek op Nyck de Vries zijn helm… nog maar 2 weken en dan barst het weer los! #F1

#HITB2023AMS HITB LAB: Developing Malicious Kernel Drivers - Tijme Gommers - conference.hitb.org/hitbsecconf202… cc Tijme Gommers