JavaScript is not available.

Export Control is Not a Magic Bullet for Cyber Mercenaries

Mar 24

🚨NEW: The Solution to Cyber Mercenaries Is Not Export Control 🚨 My first ever op-ed in

@lawfareblog

is out! Wanna know more about NSO, the cyber mercenary landscape, what export control even is, and why it’s not enough? Read on 🧵/

lawfareblog.com

The U.S. and the EU need to do more to limit the damage to their intelligence and law enforcement capabilities caused by cyber mercenaries.

The boom, the bust and the adjust The offensive cybersecurity industry — trends and updates I'm super excited to publish this article which embeds my experience in the offensive cybersecurity industry over the years. I hope you will enjoy it.

medium.com

The boom, the bust and the adjust

183

Registration for our highly anticipated Cape Town #Cyber912 is live! We're partnering with

@StateCDP

@MITREcorp

@C3SA_UCT

to hold an immersive cyber simulation for university students. Register your interdisciplinary dream team here before slots fill up: form.jotform.com/231294472510148

GIF

read image description

ALT

The Hacker Initiative

@inithackers

has announced its new round of grant funding for efforts to advance infosec through small community focused computer science & STEM education efforts. Application period closes 15 Aug 2023. See hackerinitiative.org/apply-now/ for details

hackerinitiative.org

Apply for the 2023 Grant Cycle

Our 2023 Grant Cycle is now open!Closes August 15, 2023 The Application Process Before applying, please note: Hacker Initiative will notify grant recipients no later than October 3, 2023. Grant...

Replying to

This is the single most chaotic use of #GenerativeFill I’ve seen so far. 😅 #AdobeFirefly

0:25

307.9K views

537

2,667

NEW: I found 1000s of shady PDFs hosted on .gov websites of states, universities, defense contractors, etc. It was a clever SEO spam operation, but the access could have been exploited for more nefarious things.

@lorenzofb

has the writeup.👇👇 techcrunch.com/2023/06/02/sca

107

269

This NYT headline is a really good example of how translation can go wrong. It's true that 吃苦 literally means "eat bitter". But it English it sounds alien and brutal. In Chinese, it's a standard expression. That doesn't mean it's okay, but it lands very differently.

China’s Young People Can’t Find Jobs. Xi Jinping Says to ‘Eat Bitterness.’

read image description

ALT

466

A Confession Exposes India’s Secret Hacking Industry | ⁦

@ddk_nyc

⁩ reporting 👇

newyorker.com

A Confession Exposes India’s Secret Hacking Industry

The country has developed a lucrative specialty: cyberattacks for hire.

Just in time to wreck your productivity for the short week, here’s some delicious postgame info about the DEF CON 31 CTF Quals that happened over the weekend. Please enjoy the official data dump from our good friends

@Nautilus_CTF

. quals.2023.nautilus.institute Additionally, please… Show more

read image description

ALT

This edition of the 5×5 features insights from

, and Christopher Porter on the relationship between the cyber threat intelligence and cyber policy communities.

the real CTF skill is Mergers & Acquisitions

106

644

PRC cyber threats to critical infrastructure are real and use sophisticated tradecraft that doesn't always rely on malware. This advisory describes tradecraft for hunting their intrusions and detecting this activity. We want to hear about discoveries. media.defense.gov/2023/May/24/20

106

209

yeah I’m into biohacking (walking 10k steps/day, sleeping 7-8 hours/night, drinking lots of water, eating whole foods, lounging in the sun, being in nature, spending time with people I love)

5,301

35.8K

Join the fun & help us keep this thing going. The registration for BSidesLV 2023 is officially open. You have three levels of support to choose from, including Participant, Donor, and Super Donor. These options go quick, so act fast. Space is limited. eventbrite.com/e/bsideslv-202

Weekly analysis is out - 🇺🇸 'expeditionary cyberspace operations' -🇷🇺 ops in 🇺🇦 -🇨🇳 router implants & eBPF implant upgrade -🇰🇵 ops in 🇪🇺 -🇰🇵 ops in 🇮🇳 -🇻🇳 ops in 🇨🇳 -🦹‍♂️ SIM swapping then we have -🇦🇿 ✂️ insecure gov plus the usual tradecraft analysis.

bluepurple.binaryfirefly.com

Bluepurple Pulse: week ending May 21st

Azerbaijan shows the world how it is done when dealing with government departments who aren't secure enough.

We launched a new website to streamline enrollment in the no-cost cybersecurity services

@NSACyber

provides to small businesses supporting

@deptofdefense

@dod_cio

. Encourage companies with DOD contracts (sub or prime) to review & enroll (best in desktop): nsa.gov/About/Cybersec

104

Obligatory:

Quote Tweet

CyberKnow

@Cyberknow20

May 18

Anonymous #Russia claims to have taken the CIA tor website down using Tesla botnet. #cybersecurity #infosec #russiaukrainewar️ #UkraineRussianWar

BREAKING: SCOTUS just ruled in favor of Twitter in Twitter v Taamneh. Gonzalez vacated. Clean sweep. No mention of #Section230. More details to come.

240

Cyber tools often require long-term development, but in several Russian operations against Ukraine it appears that "someone needed a tool right then and grabbed it from the shelf, even if it was staged for future operations."

I suspect that some of these techniques and arguments could be useful in your debates with Russians on social media. But first, here is the text of the video: Is this the life I dreamed of? The path that I chose for myself? 2/

1,103

NEW: notorious spyware firm #NSO Group, maker of #Pegasus has spent millions on foreign agents & lobbying operations in the US. Their most recent target? The American Bar Association

@ABAesq

. By

@incisayki

@OpenSecretsDC

opensecrets.org/news/2023/05/s

Since 2020, NSO Group has paid foreign agents more than $2.9 million for foreign influence and lobbying operations in the U.S. The spyware firm’s foreign agents have reported spending about $50,000 thus far in 2023 to tackle restrictions and clean up its image, according to an analysis of disclosures filed under FARA by OpenSecrets. That amount is likely to grow substantially as more supplemental statements covering the last six months are filed.

The hired firms — Paul Hastings LLP, Chartwell Strategy Group, and Pillsbury Winthrop Shaw Pittman — approached members of the State Department, the House of Representatives and American Bar Association on NSO Group’s behalf since 2022, an OpenSecrets analysis of the firms’ FARA filings found. Foreign agents worked to counter allegations that its Pegasus software was abused, informational materials filed with the Justice Department reveal, and to reiterate its commitment to “protect the security and safety of citizens against major crimes and

read image description

ALT

338

468

Gentle Reminder folks, the #CFP for Recon Village is OPEN. Some amazing submissions have come in, if you have got something to share at Recon Village

, Submit your research NOW. reconvillage.org/cfp/

Quote Tweet

Recon Village

@ReconVillage

Apr 24

Exciting news! Call For Papers #CFP for @ReconVillage at @defcon 31 is officially OPEN! Are you a master of #OSINT or #recon? Do you have innovative research or techniques to share? Submit your proposals NOW. reconvillage.org/cfp/ #dc31 #hacking #infosec #bugbounty

hey, cyberpolicy nerds and nerds-to-be! this is a pretty awesome opportunity, and the

@DEFCONPolicy

folks are amongst my favorite humans on God's green earth. do recommend.

Quote Tweet

DEF CON

Ryan Mac (did not pay for this blue check)

May 11

Attending #DEFCON31? Curious to support gathering hackers and policymakers at @DEFCONpolicy? Check out our "call for support" application here! As a policy-attaché, you can spend a few hours helping bridge the hacker and policy maker divide form.jotform.com/231257054126045

Attending #DEFCON31? Curious to support gathering hackers and policymakers at

@DEFCONpolicy

? Check out our "call for support" application here! As a policy-attaché, you can spend a few hours helping bridge the hacker and policy maker divide form.jotform.com/231257054126045

…day two #theusualsuspects

Security of DMs only for those subscribed to Twitter Blue. Sure that will go over well with the

@FTC

Quote Tweet

@RMac18

May 10

Here are the caveats: -Sender and recipient have to be on the latest Twitter app. -Sender and recipient have to be subscribed to Twitter Blue or verified organizations. -The recipient has to follow the sender or have communicated with them before help.twitter.com/en/using-twitt

Show this thread

🚨🚨 We are officially THREE. MONTHS. AWAY from

! The team will also be doing everything, everywhere, all at once these coming weeks. Few updates here of things to look at for in the coming weeks 🧵

GIF

read image description

ALT

me @ the CTI twitter bros throwing out attribution buzz words

GIF

May 9

reposting this bc on the day of my final exam DOJ announced a defend forward takedown of Turla malware, the EU finished its spyware inquiry, and my cyber reading backlog has reached 20 books 🥲

Quote Tweet

Spyware: MEPs sound alarm on threat to democracy and demand reforms | News | European Parliament

Apr 4

Me, a student, 2013: “wow what’s cyber policy, let me take a free weekend to learn more about it” Me, a student again, 2023: “Damn can the cyber policy field just chill out for 2 seconds I have no time to read an EO, 2 joint statements and 10 malware reports”

The EP spyware inquiry committee has adopted its final report. Recommends the creation of an EU Tech Lab, an independent research institute with powers to investigate surveillance, provide legal and technological support, & perform forensic research.

europarl.europa.eu

EP spyware inquiry committee has adopted its final report and recommendations, condemning spyware abuses in several EU member states and setting out a way forward.

I went on PBS to hose down some of the overheated rhetoric about spyware.

pbs.org

The risks commercial spyware poses to journalists, activists and government officials

The use of commercially developed spyware that allows governments to hack a phone and steal its data is booming. Earlier this year, the Biden administration banned federal agencies from using...

Our non-resident fellow

Jonathon Ellison interviews Winnona DeSombre at CYBERUK 2023

attended

@CYBERUKevents

in Belfast last month. Check out her interview with

@NCSC

's Jonathon Ellison to talk about her experience in cyber and cyber proliferation - more here!

youtube.com

📢 Big congrats to the

for their work with the White House & leading AI developers. "This will allow these models to be evaluated thoroughly by thousands of community partners & AI experts". We're excited to welcome AI policymakers to

📢 See you in LV!

Quote Tweet

Beau Woods

@beauwoods

May 4

Huge news! White House is supporting @aivillage_dc Generative AI Red Team event at @defcon this year. Congrats to @comathematician @ruchowdh @austincarson and everyone else planning this. AI Village: aivillage.org/generative%20r White House: whitehouse.gov/briefing-room/

Huge news! White House is supporting

Generative AI Red Team event at

this year. Congrats to

@comathematician

@ruchowdh

@austincarson

and everyone else planning this. AI Village: aivillage.org/generative%20r White House: whitehouse.gov/briefing-room/

Retweeted

Ram Shankar Siva Kumar

🚨🚨 The

is tapping

to have the hacker community and

come together for a public evaluation of AI systems. Historic 🧵 whitehouse.gov/briefing-room/

Show this thread

Sven Cattell @comathematician@infosec.exchange

Retweeted

@comathematician

May 4

I'm excited to finally be able to talk about this openly. Thank you

@ruchowdh

@austincarson

for pushing this over the line with me, and a ton of others for their advice and ideas.

Quote Tweet

AI Village @ DEF CON

May 4

We've been hard at work on the Generative Red Team event we're doing at @defcon for a while and are excited that the @WhiteHouse announced it this morning. Here's more details: aivillage.org/generative%20r

Show this thread

we're excited to be partnering with

@SeedAIOrg

, Humane Intelligence,

@WeAreHCCS

, and

@BlackTechStree1

on the generative redteaming exercise at

FACT SHEET: Biden-Harris Administration Announces New Actions to Promote Responsible AI Innovation...

just announced by

@WHOSTP45

this morning:

whitehouse.gov

Today, the Biden-Harris Administration is announcing new actions that will further promote responsible American innovation in artificial intelligence (AI) and protect people’s rights and safety....

Details revealed at RSA conference on Monday that CYBERCOM copied an infected Sunburst server and then trained its troops using the image to further 'hunt forward' malicious software from the same group of programmers associated with Russia's SVR.

washingtonpost.com

Iran gained access to election results website in 2020, military reveals

U.S. officials disrupted the attack before the votes were tallied.

Show this thread