Show more

NSA would like to inform GRU "we're in all your operations so deeply we're publicly taunting you about your internal jargon."

"Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware" "Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool..." Exceptionally detailed info for a public USG report!
media.defense.gov/2020/Aug/13/

I made this demo video for a tool I've been working on to simulate APT attacker behavior for our clients. I used a LuaJIT VM to bring a modern evasive scriptable implant capability to x86/x64 Windows systems with a full GUI written in C++/MFC/ASM & Lua. Enjoy the audio & demo.
peertube.hackerfraternity.org/

Wait, so Kaspersky and/or Microsoft deliberately posted untrue information in their vulnerability report? That seems more significant than even the 0day chain.
twitter.com/oct0xor/status/129

Does this mean send.firefox.com/ isn't coming back? Because that was the greatest. :-(

"full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11" "before our discovery, the exploitability of this vulnerability was considered less likely"
securelist.com/ie-and-windows-

Looks like I broke my Raspberry Pi Zero W within about 5 minutes of connecting any cables.

AMA

apple’s latest trademark claim

i shit you not

I don't want to brag *too much* about my dad powers, but the lawnmower did start today on the first pull of the starter rope, so, uh, *adjusts cargo shorts* take from that what you will.

Literally conducting genocide. And the WaPo Beijing bureau chief doesn't think that even merits a mention.
twitter.com/washingtonpost/sta

I completely agree and would love to see this for all development. Now if we'd only apply it to cryptography too.
twitter.com/apenwarr/status/12

If you block MS tracking in hosts, Defender will now specifically identify that as malicious, and re-enable the spying. Yes, the product once called "Microsoft AntiSpyware" is now pro-spyware. Do the MS engineers here ever take a hard look in the mirror?
bleepingcomputer.com/news/micr

How Apple uses anti-competitive practices to extort developers and support authoritarian regimes. Kudos to proton mail for speaking up protonmail.com/blog/blog/apple

OnionShare

onionshare.org/

"Securely and anonymously share files of any size. A web server is started, making OnionShare accessible as a Tor Onion Service, potentially temporarily or in a stealthy manner, over the Internet. An unguessable address is generated and is shared for the recipient to open in the Tor Browser to download the files. No separate server or third party file-sharing service required. You host the files on your own computer."

#tor #filesharing #cyberlocker #hosting

There's a GUI, but the CLI is so good, just `onionshare somestuff.bin` and you get a temporary onion service serving a static password protected website with the file made available. By default once the file has been downloaded, everything shuts down.

After buying TikTok , Microsoft immediately rebrands it to bring this exciting new market segment they have acquired in line with corporate identity guidelines.

Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!