|
x0rz
@
x0rz
France
|
|
Security Researcher & Cyber Observer ㊙
|
|
|
18 768
Tweety
|
338
Sledovaní
|
70 318
Sledující
|
| Tweety |
| Uživatel x0rz retweetnul | ||
|
Mark
@Mark88933736
|
25. 11. |
|
My new debit card 😊😊😊 #debitcards pic.twitter.com/qqXGe658Pq
|
||
|
||
| Uživatel x0rz retweetnul | ||
|
Joseph Cox
@josephfcox
|
4 h |
|
You've prob seen coverage about a firm allegedly unlocking iPhones for ordinary consumers. Told me:
- 100% success THUS far [???]
- wouldn't confirm if that includes up to date iPhones
- can take 3 months
- declined to unlock iPhone we offered to send twitter.com/thomasareed/st…
|
||
|
|
||
|
|
x0rz
@x0rz
|
6 h |
|
Interesting Brazilian #malware targeting the financial sector cybereason.com/blog/brazilian… #cybercrime
|
||
|
|
||
|
|
x0rz
@x0rz
|
6 h |
|
;)
|
||
|
|
||
|
|
x0rz
@x0rz
|
9 h |
|
People think of « cyber war » like it’s a grandiose battle between regular forces. The truth is, it’s more like urban guerilla fighters against mercenaries operating in unmarked uniforms. It’s a mess and no one knows exactly what is happening.
|
||
|
|
||
| Uživatel x0rz retweetnul | ||
|
Mark Shapiro
@GntlmnGuardian
|
28. 11. |
|
"Granddad? Where did you fight in the Cyber War?"
"I was a Blue Teamer, Billy. They had us deployed at 18.228.0.0/16. 'Hold the line!' they told us. And by God, Billy...we did."
#CyberwarCon pic.twitter.com/FWv8Q8EQRP
|
||
|
|
||
|
|
x0rz
@x0rz
|
19 h |
|
Thanks :)
|
||
|
|
||
|
|
x0rz
@x0rz
|
22 h |
|
Apparently it changed since last month, maybe some providers decided to block the port
|
||
|
|
||
|
|
x0rz
@x0rz
|
24 h |
|
This serves as a recap of the talk I gave at ZeroNights, I wanted to add more content but the recent Akamai technical paper on UPnProxy was already giving all the technical details, so be it! (blogs.akamai.com/sitr/2018/11/u…)
|
||
|
|
||
|
|
x0rz
@x0rz
|
24 h |
|
How to create the perfect anonymizing botnet by abusing UPnP features — and without any infection blog.0day.rocks/hiding-through… #botnet #upnp #vulnerability #inception
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
Europol base64 tshirt... nerds!
FYI, "RXVyb3BvbCBFQzMg" = base64("Europol EC3") twitter.com/EC3Europol/sta…
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
The 'test' subdomain redirecting to qinetiq-tim[.]com (QinetiQ group) subcontractor pic.twitter.com/Y5xI56HK2a
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
I received the same DM spam today, lol
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
Yeah that's really sad :/
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
They try to make it look like it's a boolean question: whether we disclose it and protect or just use it against targets. But this is not as simple! You can both keep it to yourself AND detect it when used against you.
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
Especially if you can detect your own 0days in the wild, you can protect (= detect) the vulnerabilities and at the same time exploiting them as 0days: getting the best of both worlds
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
Don’t get me wrong, this is a good move but overall nothing has really changed, offensive capabilities will always be more « strategic » than defensive ones
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
These are intelligence agencies, they know how disinformation works and how to keep information confidential. There is zero guarantee all vulnerabilities will go through VEP. Some of them might be compartmentalized to upper classification and only known to a few.
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
The whole process is done in secrecy, there are no publicly available statistics about the vulnerabilities being kept
|
||
|
|
||
|
|
x0rz
@x0rz
|
29. 11. |
|
This is pretty much why I think all VEP are just smokescreens gchq.gov.uk/features/equit… (1/?) pic.twitter.com/LHlJImLoYr
|
||
|
|
||