Florian Roth ⚡️ p19k mRr3b00t Interestingly, Microsoft and others have been trying to fix this for years while Google is the one who set us all back 5+ years You can thank the geniuses in this thread for screwing IdP providers: groups.google.com/a/chromium.org…

“Largest ever operation” 4 arrests (not convicted yet) To put into perspective I have 2 arrests. Guarantee you none of my botnet activity graphs on Monday will even show this disruption. We have to do better, so much better. europol.europa.eu/media-press/ne…

The full OCR text with the temporarily visible password is available in the %LocalAppData%\CoreAIPlatform.00\UKP\{<UUID>}\ukg.db SQLite database, nicely gift wrapped 🎁 for infostealer malware to exfiltrate:

Curious what Windows Internals tricks rootkits have leveraged throughout their history to achieve the necessary goals of concealing malicious activities, I've published a pdf with a breakdown of these tricks. It covers the following rootkit families. artemonsecurity.blogspot.com/2024/06/window…

So it begins. github.com/xaitax/TotalRe…

Check out this awesome report by Sophos on Chinese APT threat actors. There is much to learn from this technical breakdown; it's not your ordinary threat actor. Reading this report, you will notice that they used tools like impacket for lateral movement, which provides an

Who remembers the Zone Alarm? 🥹

The NHS has launched an urgent appeal for O blood-type donors following a cyber attack that has affected some of the largest hospitals in London. Sky's Science Editor Tom Clarke has the full story ⬇️ trib.al/unjm70D 📺 Sky 501, Virgin 602, Freeview 233 and YouTube

Mandiant's blog on the Snowflake breaches. The bottomline is that the infostealer problem is coming to a head and defenses have to account for it. cloud.google.com/blog/topics/th…

CVE-2024-4577: PHP 8.1.* before 8.1.29, 8.2.* 8.2.20, 8.3.* 8.3.8, when using Apache and PHP-CGI on Windows. allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP on server. PoC labs.watchtowr.com/no-way-php-str…

The PRC exploited 14,000 Fortigate devices before the vulnerability in question here was even announced. Just let that sink in. Mass intrusion campaigns by state actors abusing either perimeter 0days or supply chain backdoors have become reality.

microsoft: Exploit Code Unporoven me: i literally gave you a compiled PoC and also exploit code m$: No exploit code is available, or an exploit is theoretical. me:

ICYMI - this is a very serious issue. Whatever the good intentions might be, undermining end-to-end encryption is always a bad idea and a huge risk to freedom and society!

Doesn't take much to trigger a Crowdstrike exec apparently. If only they had 100% coverage against getting criticized on the internet 🙃

Putin on his endgame: “They [the West] say that they want to achieve the strategic defeat of Russia on the battlefield. What does this mean for Russia? For Russia, this means the end of its statehood. This means the end of the 1000-year history of the Russian state. I think

Ransomware is a national security and public health crisis. “…the National Health Service confirms more than 1,100 operations in total — almost 200 of them relating to cancer treatments — have been postponed due to the incident.” (via Alex Martin) therecord.media/london-hospita…

Elastic Security Labs has discovered a new method for initial access and evasion in the wild, termed #GrimResource, which involves arbitrary execution in mmc.exe through a crafted MSC file. elastic.co/security-labs/… gist.github.com/joe-desimone/2…

New blog post "Google: Stop Burning Counterterrorism Operations" My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it. poppopret.org/2024/06/24/goo…

The New York Times, one week apart: