adulau

@adulau@infosec.exchange

Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.

The other side is at https://paperbay.org/@a (photography, art and free software at large)

#infosec #opensource #threatintelligence #fedi22 #threatintel

This profile is from a federated server and may be incomplete. Browse more on the original instance.

adulau, to infosec

What happened to pastebin.com ? It has been down for the past 12 hours.

:blobcatpeekaboo:​

#pastebin #cti #infosec

adulau,

@d_a Yep it’s partially back.

adulau,

@spiegelmama with them, everything is possible. From running away to having hosted the wrong stuff and being seized. Let’s see what the future will tell us.

adulau, to fun

Always intriguing to witness conspiracy theorists diving into our open-source projects, weaving together connections that are more creative fiction than reality.

#fun #opensource #threatintel #threatintelligence

Drinking tea and watching the fun!

bert_hubert, to random
@bert_hubert@fosstodon.org avatar

"To be good with technology requires actually doing technology" - it is so sad that we have to point this out today. You can't outsource all the things you do and assume you'll continue to be in control of what you do. (from https://www.techpolicy.press/the-dangers-of-moving-key-internet-governance-functions-to-amazons-cloud-the-case-of-the-netherlands/)

adulau,

@tfiebig Doing security is clearly the people reading logs, fixing stuff, improving automation, dealing with false positives, searching for true positives and doing incident response. The most successful security teams are the ones dealing with the boring stuff to make those interesting. @bert_hubert

adulau,

@bert_hubert Very good point. We can focus the point “To be good with security requires actually doing security” all the recent incidents with many magical security vendors selling VPN boxes. If you don’t know what’s inside the box and actually doing security around, you are left alone to listen to false promises from those vendors.

adulau, to opensource

We (@terrtia and myself) are at the @leHACK to present the AIL project at the OSINT village today!

Feel free to join us and discuss about data mining for threat intelligence.

https://www.ail-project.org/

#opensource #threatintelligence #threatintel #lehack

adulau, to random

For 25BTC you can buy the complete dataset of

"General Directorate of Migration of the Dominican Republic"

I remember discussions about how safe are "biometrics data". A good example how unsafe it is.

#ransomware #biometrics #leak

https://www.ransomlook.io/screenshots/rhysida/General%20Directorate%20of%20Migration%20of%20the%20Dominican%20Republic.png

source: @Ransomlook

adulau, to bbs

Nowadays those BBS are pretty neat with 2.8TB of free space. In the early nineties, it was more 20MB of free space.

#bbs #oldbutnew

adulau, to random

To make it clear, I did some stickers…

https://tlp-unclear.org

#tlp #tlp:unclear

adulau, to privacy

“Nebula Genomics – First to offer consumer anonymous sequencing” when I saw it. I was wondering about it and then I saw the “Protected By” on their website. Ok forget about this.

adulau, to privacy

Digging a little bit in the some ICC profiles added in signal-app, I updated the original issue and there is clearly an issue where new ICC profiles are created from the Google skia library.

https://github.com/signalapp/Signal-Desktop/issues/6031#issuecomment-1702432836

This issue only appears when the media-quality is to high. Maybe an allow-list strategy like the mat2 tool written by @jvoisin would be better to be sure that new metadata created are discarded by default.

@signalapp

#privacy #signal #signalapp #metadata

adulau, to infosec

I love core and crash dumps.

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

It seems I’m not alone.

adulau, to random

A good summary in LaTeX about the illogical part of the TLP:CLEAR concept.

#tlp

adulau, to opensource

If you wrote scripts using tshark, there are some changes in version 4.2.0 of wireshark for the -e option...

🔗 https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html

adulau, to random

If you want to host a phishing website, don’t use a cheap ISP or cloud provider. They might take it down in less than 48 hours. Take Amazon, it’s up for more than two weeks. 🤦🏼‍♂️

adulau, to infosec

There is a significant increase of phishing/spear phishing using IPFS and their persistance is quite annoying.

#phishing #infosec #ipfs

https://lookyloo.circl.lu/tree/3f5f07d4-c4e1-4fba-afc2-feb7e503093f

adulau, to opensource

Why many open source OSINT tools have this bad practice of outputting non parseable text with blinking or crappy ANSI character set? Is this because of TV series?

#opensource #osint

adulau, to llm

You want to detect the probability if a text was generated by a LLM. ZipPy can help (it's fast).

https://github.com/thinkst/zippy

"ZipPy: Fast method to classify text as AI or human-generated"

A nifty tool presented by Jacob Torrey at @hack_lu 2023

@Jacob

adulau, to infosec

I maintain some notes about HTTP/2 ‘Rapid Reset’ DDoS attack - CVE-2023-44487

🔗 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

#rapidreset #http2 #infosec #ddos #vulnerability #CVE-2023-44487

adulau, to random

The right decision for Ivanti products disconnect :

https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

adulau, to opensource

A very nice dataset from Malpedia with all the deobfuscated strings from their dataset. The repository contains the result of the FLARE FLOSS tool applied to all unpacked and dumped samples in Malpedia.

🔗 https://github.com/malpedia/malpedia-flossed

#dataset #opensource #malpedia #infosec #research #malware #opendata

adulau, to music

"Hacker’s Paradise: Analysing music in a cybercrime
forum"

🎼 #cybercrime #music #paper #research

Remind me to add this functionality in @ail_project ;-)

🔗 https://api.repository.cam.ac.uk/server/api/core/bitstreams/646224d4-9d69-45ee-9892-a70b8bbd7024/content

adulau, to opensource

The @misp project's extensive knowledge base, available at misp-galaxy.org, now features an interactive and dynamic graph. This new addition showcases graph relationships, enhancing your browsing experience with visible, dynamic connections. Plus, you can easily filter through these relationships to find exactly what you need.

#misp #threatintelligence #threatintel #threatactors #opensource #opendata

🔗 An example with the PROMETHIUM threat actor https://www.misp-galaxy.org/microsoft-activity-group/relations/5744f91a-d2d8-4f92-920f-943dd80c578f/
🔗 Threat actor galaxy https://www.misp-galaxy.org/threat-actor/

adulau, to random

Zero-Trust just means that you can connect from a hotel room to your corporate applications using a crappy laptop.

#zerotrust

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •