Unlock the secrets of hiding C2 communications in plain sight on Windows! Join Gordon Long's talk at #x33fcon where he'll delve into new research and techniques for stealthy C2 design. Don't miss out! More info: x33fcon.com/#!s/GordonLong…

So Apple has introduced a new system called “Private Cloud Compute” that allows your phone to offload complex (typically AI) tasks to specialized secure devices in the cloud. I’m still trying to work out what I think about this. So here’s a thread. 1/

🆕🍎In the heat of WWDC week, I'm releasing a writeup about a new persistence method I was investigating on macOS. Widgets. I also wrote a few tools which can be used for widget forensics and also some limited offensive tooling. Links in the blog post. theevilbit.github.io/beyond/beyond_…

We just learned how to hide #C2 in plain sight, Who Guards the Guards? talk by Gordon Long at #x33fcon #EDR #redteam

#x33fcon 2024 interviews are ready. Shorter ones will be published on X. All on YT and linkedin. We are starting from Gordon Long

I had such a great time presenting /ˈziːf-kɒn/ last month! Great to meet so many new folks and make some friends. I am releasing my PoCs for the two techniques I spoke about at x33fcon, Guard Comms and Guard Stomping. Check out github.com/asaurusrex/Gua…, presentation slides included!

#x33fcon 2024 talks: Gordon Long > youtu.be/Oq_gzKWXmkY

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

I was rather skeptical that this wasn't an elaborate joke, but yes, CrowdStrike has apparently emailed its customers & offered a ~$10 UberEats gift card/coupon for any "inconvenience" ...and yes, it errors out when one goes to redeem it, saying it has been cancelled 🫠

Happy to announce I’ve been accepted to speak at Security BSides Northern Virginia 🥳. Come check out my talk on some MacOS bugs: bsidesnova2024.sessionize.com/session/712965

New blog from me on manually manipulating Vectored Exception Handlers to evade some EDRs and perform threadless process injection. securityintelligence.com/x-force/using-… Accompanying code: github.com/xforcered/Vect…

RE: Exploding Electronics ...at DEF CON 22 (2014) there was a talk/demo of a (subverted) security camera that leveraged facial recognition to trigger a self-destruction/explosion when a target was detected in close proximity ☠️ Have a watch! 🫣📸💥 youtu.be/8PXHhGa5k8g?si…

If you know me, you know I'm a huge fan of Cyber Deception! But what about deception as it relates to AI? Check out my new article on ways to utilize deception to potentially strengthen AI defenses and frustrate attacks, hope you find it interesting! medium.com/@marcusthebrod…