70kms from MOPA to Planet Hollywood. Anyone landing around 2.30pm Friday? #BsidesGoa

It's fascinating to see that you need to a build a narrative of cyber espionage, circulate videos of oppression, Israeli prime minister's video etc. all at once to try and ban TikTok in US. We just do it! Not sure which is worse.

CVE-2024-4577 PHP CGI Argument Injection github.com/11whoami99/CVE…

Less than 3 weeks to close our call for paper. bsidessg.org/call-for-paper

Qualys does it again! #regreSSHion: #RCE in #OpenSSH's server, on glibc-based #Linux systems (CVE-2024-6387) qualys.com/2024/07/01/cve…

You have TrendMicro, SentinelOne and Defender on every machine. But I only read web.config files.

Strangle the Falcon!

Writing good windows rootkits is hard. Always has been. Remember that some teams have development continuity all the way back to 2003-2005. And they push updates. But even great teams sometimes ship bugs. Fascinating to see that grounding 3 major airlines only means 10% off ...

This happened with me, while I was on an onsite assessment. I panicked, but eventually it worked out. Now I plan to pause updates, till the internet tests it out for me.

I like how github has evolved. This person is running his stealer through github commits/malicious repos. github.com/Rabchin/proxy-…

Chillin’ in q8

This was an easy Domain Admin on watchguard installations for internal PT, at least at one client. Setup ntlmrelayx and wait for watchguard to find your machine.

We expected to have to dedicate considerable resources to identify the soldiers featured in the photos and videos. What we found was that, for the most part, soldiers posted material in their own names on publicly accessible platforms.

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got:

Israel has not allowed a single ounce of food to reach 2.3 million people in eight weeks.

In sensitive times like these, it is necessary to be wary of disinformation being spread on social media. Always verify any piece of news, image, or video before you forward. If you come across suspicious or misleading content, report it to PIB Fact Check #FactCheck

Eid Mubarak 💔

Details published research.checkpoint.com/2025/stealth-f…. To summarize: the "WorkingDirectory" problem within .url files. Oh, .url files, my old friend (I previously discovered another .url/IE 0day itw last year).. My thoughts/opinion: no organization should allow any inbound .url files in

Pwnie Awards should only be for exploits, not something that only 5 eyes bought an exploit for. If the award is public the exploit should too.

Shot in the head and chest. We investigated the killing of two-year-old Layan and six-year-old Mira. We also found many more cases of children shot in the head and chest in Gaza, from the beginning of the war right up until last month. bbc.co.uk/news/videos/cj…