Ferdous S

Hi Toronto #infosec and #hacking folks. We are currently looking to hire a FT/Non-remote N-Day Vulnerability Researcher ( https://social.icims.com/viewjob/pt1559240681755ef8ec … ) and a Malware Researcher ( https://social.icims.com/viewjob/pt155924064507128524 … ) Please pass along and let me know if you have any questions :)

Yikes! “Since today all Internet providers in Kazakhstan started MITM on all encrypted HTTPS traffic. They asked end-users to install government-issued certificate authority on all devices in every browser.”https://bugzilla.mozilla.org/show_bug.cgi?id=1567114 …

Facebook CTF 2019 is happening this June. I got to write one of the reversing challenges this time https://ctftime.org/event/781 

ICYMI - @its_a_feature_ released a writeup for a new MacOS persistence technique using Folder Actions. Bonus: Apfell module also released to operationalize the technique. Check it out:https://posts.specterops.io/folder-actions-for-persistence-on-macos-8923f222343d …

New blog post: Some info about the upcoming C3X2019 this summer in Toronto https://www.invokethreat.actor/2019/04/we-break-so-we-can-build-better.html?m=1 … FYI here’s 2017: https://youtu.be/oycYKQzzHoU  and 2018:https://youtu.be/vZe5zio-5X4 

Everybody knows researching Hyper-V is the most fun thing you can do, so I wrote a blog post about how to start doing just that! Let me know what you think && if you find any 0days of course :)http://aka.ms/hvresearch101 

Multiple 0days in MacOS discovered and used in a red team exercise at Dropboxhttps://blogs.dropbox.com/tech/2018/11/offensive-testing-to-make-dropbox-and-the-world-a-safer-place/ …

Here are the slides and video for mine and @matthewdunwoody's presentation at @brucon: $SignaturesAreDead = "Long Live RESILIENT Signatures" wide ascii nocase Slides: https://www.slideshare.net/DanielBohannon2/signaturesaredead-long-live-resilient-signatures … Video:https://www.youtube.com/watch?v=YGJaj6_3dGA …

My write-up for the 2018 #flareon5 challenge ( all 12 levels ): https://bruce30262.github.io/flare-on-challenge-2018-write-up/ … Thank you @FireEye & @ctfdio for creating and hosting such an amazing challenge this year. Also big thanks to @_L4ys and @_wmliang_ for helping me out. Till next year !

DNS Tunneling and Detection : https://www.endgame.com/blog/technical-blog/plight-end-tunnel … cc @jack8daniels2

redsnarf : a pen-testing / red-teaming tool for retrieving hashes and credentials from Windows workstations, servers and domain controllers : https://github.com/nccgroup/redsnarf … , More details :https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/november/introducing-redsnarf-and-the-importance-of-being-careful/ …