JavaScript is not available.

Oct 13, 2021

I've been working on this for 5 years, and it's finally out! I wrote a dark fantasy book (no computers involved), and it's the hardest thing I have ever done. I'm extremely proud of the final result. (But it's in French, for now.) lechantducygne.fr/gestalt/

139

vx-underground

@vxunderground

Jan 23

January 18th: Microsoft announces 10,000 employees will be terminated January 23rd: Microsoft to invest $10,000,000,000 into ChatGPT

785

4,549

Costin Raiu

Jan 19

Thinking of a career in Reverse Engineering? Don't miss this RE101 Training Walkthrough with

Starting Career In Reverse Engineering: RE101 Training Walkthrough

on Feb 16:

brighttalk.com

Reverse engineering is one of the most challenging and promising fields in cybersecurity. It enables you to get into the most notorious APTs, build a career as a malware analyst, or threat hunter....

GitHub - StrangerealIntel/EternalLiberty

Arkbird

@Arkbird_SOLG

Jan 11

Update of the matrix of the threat actors names used by different Threat Intelligence companies in their reports + JSON output, have fun !

github.com

Contribute to StrangerealIntel/EternalLiberty development by creating an account on GitHub.

Hahaha, gotcha #ChatGPT! They've been patching loads of jailbreaks as they are found, but the possibilities are endless.

156

Gepetto, using OpenAI to speed up reverse-engineering

Marc R

@Seifreed

Jan 6

Threat Diaries: Malware, Threat Intelligence, Cybersecurity: Gepetto, using OpenAI to speed up reverse-engineering

seifreed.substack.com

If you're in tech, you've probably heard about OpenAI and how freakin' helpful it can be for your daily job. Currently, OpenAI is free to use and can do all sorts of cool stuff like summarize texts,...

Jan 5

My three-part 🔥 series on #bitcoin, #ethereum, #nft, #web3, the #metaverse and all their baked-in politics has been fully released in 2022. Since then, it was translated to 10 languages! (🇺🇸 🇫🇷 🇷🇺 🇩🇪 🇪🇸 🇮🇹 🇳🇱 🇵🇹 🇹🇷 🇸🇦) All the links are now in one place: blog.kwiatkowski.fr/crypto

Lastpass: Hackers stole customer vault data in cloud storage breach

Jan 1

Happy new year everyone! I have completed a small passion project of mine: upscaling Tex Avery's cartoons, which I enjoyed tremendously when I was a kid. I'm not sure how to share them with people who want to (re)discover them, maybe on

Sure, the vaults accessed by the hackers are encrypted (AES + PBKDF2 SHA-256 I believe), but I'm willing to bet that a good number of backups will fall after a week's worth of Hashcat. And then, all hell breaks loose.

Alright. Is it maybe time to talk about using *local* password managers instead of cloud-based ones? Yes, they're better than no password manager, but come on. Don't trust anyone with such sensitive data as your passwords.

bleepingcomputer.com

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident.

Show this thread

Inside the IcedID BackConnect Protocol

The Brofessor

@Glacius_

Dec 21, 2022

Hey :) We published a new report detailing #IcedID BackConnect protocol, managing operators, SpaceX Starlink IPs involved, SOCKS and VNC management, and IOCs: team-cymru.com/post/inside-th Feedback warmly welcomed 😊🤝

@teamcymru_S2

team-cymru.com

In this blog we provide an insight into the management of the IcedID BackConnect protocol. Our tracking has identified potential operators located in Moldova and Ukraine, and from examining their...

100

Dec 18, 2022

I'm noticing a big spike in my Mastodon followers. Been trying to lay out my thoughts about Twitter's recent changes for a while, but every time I get started, something new and stupid happens here. TL;DR: I find Mastodon unexpectedly amazing.

Dec 17, 2022

As some of you may know, I've gone pretty deep with

@midjourney

. I generated over 1300 images thus far, with no intention of stopping. Eventually I chose my favorite, upscaled it, and printed it on a 120cm * 120cm canvas. It now stands proudly in my living room!

read image description

ALT

Dec 14, 2022

Takeaways of the war in Ukraine for the cybersecurity community: securelist.com/reassessing-cy I contributed to this article along with

Reassessing cyberwarfare. Lessons learned in 2022

and

@securechicken

. As with any analysis piece, there's some deal of personal opinion in there, so I'm very interested in other assessments.

securelist.com

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict,...

FTX’s Sam Bankman-Fried Is Arrested in the Bahamas

Dec 13, 2022

Epilogue: #SBF (#FTX founder) arrested in the Bahamas. The US filed criminal charges.

nytimes.com

A statement by the government of the Bahamas said Mr. Bankman-Fried was arrested after prosecutors in the United States filed criminal charges.

Leaked: The Altrnativ world of cybersurveillance

SEKOIA.IO

@sekoia_io

Dec 9, 2022

#Karkadann (#Candiru) domains, mostly typosquatting Azeri websites. #ThreatHunting ⤵️ checkhotel[.]net vergisorgula[.]com koronamiyim[.]com opinionlimit[.]org seffafxeber[.]com parkdev[.]net captivelogin[.]net olkem[.]net

Great

investigation on Alternativ, another shady private-intel IT company based in France: politico.eu/leaked-altrnat The founder has deep political connections. The situation in Europe when it comes to cybermercenaries is shameful and unacceptable.

politico.eu

Leaked: The Altrnativ world of cybersurveillance About this series: As co-founder of the French search engine Qwant, Eric Leandri was heralded as a champion of digital privacy and an example of Eur…

Dec 7, 2022

On Dec 14, we organize a webinar to study the cybersecurity aspects of the war in Ukraine: kas.pr/56gv In particular,

@vignus

and

@VRadunovic

will discuss the nature of cyberwar. Also watch out for the upcoming paper, which I helped write!

Costin Raiu

Dec 5, 2022

If you're into reverse engineering, this will rock your world:

Quote Tweet

Dec 4, 2022

I wrote an IDA plugin that queries #ChatGPT and explains decompiled functions. It's still very bleeding edge, but you can find the code here and try it out: github.com/JusticeRage/Ge (Yes, the video was performed on a very basic case for simplicity's sake.)

Show this thread

0:10

50.7K views

Dec 5, 2022

Wondering what you'll be doing when you're done replacing yourself with a Python script that sends your work to #ChatGPT? I got you covered. Did you know you can role play with it? It's exactly as amazing as it sounds.

Dec 4, 2022

New feature added moments ago:

@OpenAI

's #ChatGPT now automatically renames variables in the pseudocode view. (Video slightly edited to cut loading times.) Keep in mind that this is only the work of a single week-end! This thing is only getting started.

Follow-up: I wrote a plugin that performs this directly from IDA: twitter.com/JusticeRage/st Also, since this blew up, I might as well plug the fantasy novel I wrote (in French), because why not: lechantducygne.fr/gestalt/

Quote Tweet

Dec 4, 2022

Show this thread

0:10

50.7K views

This is a follow-up of the last few days' experiments: twitter.com/JusticeRage/st I'm still figuring out exactly how much we can do here. There may be a way do do a decompilation plugin too, but it will require more work to integrate with IDA. I'll post more as I discover more!

Quote Tweet

Dec 2, 2022

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

Show this thread

433

1,512

Fun fact about AI: you can also plug one into the other. Here's #ChatGPT feeding

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

1,067

4,803

A lot of the value I bring to any company comes in the form of entertainment, specifically through an endless stream of salty emails. AI just made me obsolete. All hail our new robot overlords.

326

Crypto, really. Part II: non-fungible tokens

Brendan Dolan-Gavitt

@moyix

Nov 30, 2022

ChatGPT exploits a buffer overflow 😳

1,329

6,405

Previous articles of the series: Part 1: kaspersky.com/blog/crypto-ac Part 2: kaspersky.com/blog/crypto-ac I'll set up a page listing all translations shortly.

kaspersky.com

In this second part of the series, we’re going to dive deep into Ethereum and its novelties: smart-contracts, DAOs and NFTs.

The final part of my 🔥🔥🔥 series on #blockchains & #cryptocurrency has finally been released. kaspersky.com/blog/crypto-ac This is the most important one in my opinion: crypto is a mess, but it would be worse if it weren't. My analysis of the embedded politics and future of crypto.

kaspersky.com

Crypto, really. Part III: cryptocurrency politics, and the future

In the final part of the series, we take a look at cryptocurrency politics, the future, and the metaverse.

I'm in no rush to leave, but if everything goes down in flames, you can also find me here: infosec.exchange/@justicerage I'll collect my thoughts on Twitter's situation and post them soon.

infosec.exchange

Ivan Kwiatkowski :ida: (@justicerage@infosec.exchange)

57 Posts, 28 Following, 385 Followers · Senior Security Researcher at Kaspersky's GReAT. Writer. Would-be musician. Maintainer of Manalyze. Trolling on a purely personal capacity.

Eric Capuano ⬡ @eric_capuano@infosec.exchange

@eric_capuano

Nov 19, 2022

Incredible work by the

@googlecloud

team on developing detection signatures for nearly all major versions of Cobalt Strike… This is one of the most comprehensive CS Beacon yara collections I’ve seen yet.

cloud.google.com

Making Cobalt Strike harder for threat actors to abuse | Google Cloud Blog

A new initiative from Google Cloud and Cobalt Strike’s vendor has made it easier to find and block cracked versions of the popular red team software.

177

369

Nov 18, 2022

OH today: FTX pulled the incredible feat of causing a medical examiner to barf twitter.com/jonwu_/status/

This Tweet is unavailable.

Replying to

622

3,307

10.1K

Nov 9, 2022

I really hope there will still be crypto exchanges left by the time we release Part III of my series of articles on cryptocurrencies.

Quote Tweet

Ledger

Prometheus of the Plebs

@ledgerstatus

Nov 8, 2022

Sam deleted these tweets?

Glenn Greenwald

@ggreenwald

Nov 7, 2022

Please watch this detailed explanation from former CIA analyst Frank Snepp about how the newspapers and magazines you were taught to regard as mainstream and reliable have always eagerly served as disinformation megaphones for the CIA and the US Security State. That's still true. twitter.com/Snowden/status

This Tweet is unavailable.

472

8,901

23.5K

To be fair, anti-cheat usually only has a single process to protect, which its developers fully own. EDR and endpoint solutions have to defend whole systems that they have zero control over, which is a much more difficult task. We welcome constructive feedback from game hackers!

Quote Tweet

GuidedHacking

@GuidedHacking

Nov 7, 2022

bypassing anticheat is harder than bypassing EDR infosec is cucked by cheat engine users your entire industry is a joke

GitHub - oct0xor/mgs2sos: This mod lets you play MGS2: Substance with the 3rd person camera (and...

Boris Larin

@oct0xor

Nov 5, 2022

Kept you waiting, huh? Its the 20th anniversary of Metal Gear Solid 2: Substance, and as promised, here's a mod that lets you play it with the 3rd person camera from Metal Gear Solid 3: Subsistence!

github.com

This mod lets you play MGS2: Substance with the 3rd person camera (and game controls) from MGS3: Subsistence - GitHub - oct0xor/mgs2sos: This mod lets you play MGS2: Substance with the 3rd person c...

368

1,152

Medical and humanitarian IT infrastructure should be safeguarded from cyber-attacks. I think this is the lowest common denominator we need to agree on. The Red Cross proposes clearer signaling for such machines and I genuinely hope it sees adoption (including from attackers)

Quote Tweet

ICRC

@ICRC

Nov 3, 2022

Cyber operations are a reality of armed conflict and can cause real harm. We are proposing a digital emblem that would signal protection for digital infrastructure of medical facilities and identify the Red Cross/Crescent Movement in cyberspace. How would it work?

Show this thread

1:53

8.4K views