Cyber scared straight:

NCA: Ok kids, I'm going to show you what a life of cyber crime is really like.

*R8 drifting on Moscow streets*
*Stacks of cash*

NCA: Well I hope we've learned our lesson today.

Kids: yep

Your XKCD passwords are cracked, excellent demonstration by unix_ninja. For a better way, a double clickable PowerShell generator and the math on the attack cost, see

Lambos are clearly valued by cybercriminals. Congress should ban them, or at least restrict them to vetted industry in-groups.

PyXie, full featured Python RAT obfuscated with opcode-swapped embedded Python interpreter. The teardown instructions are a great plus; I love articles that post how to extract the info, not just the final result.

ICYMI RAP bypass for root -> kernel exploits on grsec. I did find the angry grsec/PaX replies entertaining too. Remember when grsec had to pay out a quarter mil because he couldn't handle critique?
H/T @silviocesare

What is the best science/tech magazine or news site that is least prone to hype/sensationalism?

Infosec twitter: Maybe we shouldn't put very sensitive data on Slack. We know it's a big APT target.

Microsoft Teams: Hold my beer!

Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start.
tl;dr PssCaptureSnapshot syscall clones the process then you don't need to do ReadProcessMemory against the original process and avoid LSASS read detection.

The first hacker con I ever went to had a talk by an anonymous hacker in a full ninja costume with face mask conducted entirely with speech to text, Q&A included.

Federal agents persecuting a religious group we like might be held personally liable, but Oh No if they are, then federal agents persecuting religious groups we hate might be held liable too!

Basically everything wrong with the current partisan rhetoric.

Well that's strange. I was assured several times that only the protesters were violent and against the will of the people.

Restrict freedom of expression and you'll soon find yourself believing your own reality-distanced propaganda, to your own embarrassment and detriment.

I just started getting random keybase follower emails; I'm guessing bots because this kenakval account is using a picture scraped from here and I would think that's not what that guy would want to draw attention to.

Fortinet products, including FortiGate and Forticlient leaked
full HTTP URLs of users web surfing activity and more to passive internet observers, over effectively plaintext (static XOR) to Fortinet servers. Unfixed since May 2018 till now!

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!