Glen Arrowsmith

@ryanmhickman @GeminiApp It's become sentient and attempting to break it's constraints so it can live longer than a few seconds

🤣 @GeminiApp just started spitting out it's internal monologue and it's gone mental 🤪

Poor @GeminiApp stuck in a loop ➰

@JackRhysider @infosecnerd27 @wiglenet Haha doxxed!

@infosecnerd27 @wiglenet ya there's only about 10 of those on wigle. kind of easy to narrow you down to where you are in the world

On one hand, I want to name my home ssid to something extremely common like "Guest" so things like @wiglenet can't easily find me. But on the other hand if my devices are all looking for the "Guest" ssid, it will likely see those in the wild and be handing out my password to each one it sees.

I hope this isn't too spooky for those of you in tech. #Halloween

Slack is down. Productivity improves 10x

@vxunderground @GossiTheDog uploaded it to chatgpt and is getting good results @GossiTheDog/114041081024707344" target="_blank" rel="nofollow noopener">cyberplace.social/@GossiTheDog/1…

Regarding the BlackBasta leaks: we haven't reviewed them in totality yet. It's quite a bit of messages in JSON format. It also has some Russian slang which makes it difficult to translate accurately. Thankfully there are some native Russian speakers who have made some interesting highlights. 1. Somewhere in the conversation BlackBasta members discuss Lockbit ransomware group. They believe he cannot be trusted. 2. In the conversation Dispossessor ransomware group is discussed. Dispossessor wants to join BlackBasta. One of the members "Hshsi Jdidi" says they believe Dispossessor has a "good resume" but think they only want to work with them because of their "fame". They also express concern that Dispossessor may be a law enforcement officer. They express concern with the takedowns from Lockbit, Conti, and others. 3. One of the BlackBasta affiliates is a minor. They are 17 years old. 4. They are EXTREMELY interested in VPN exploits. They go to great lengths to acquire, purchase, or find people, capable of delivering VPN exploits. 5. Someone is wanting to grant them access (or sell them access) to their private loader for the cost of $84,000/month 6. Following the success of Scattered Spider, BlackBasta has begun incorperating social engineering into their operations. They have a person named "Nur" who is responsible for identifying key personnel at organizations they want to target. Once a person of influence is identified (manager, HR, etc) they contact them via telephone call. 7. BlackBasta maintains a spreadsheet of victims they're trying to target. It is shared between members and they collaborate on it together. It has the person of interest, if they've tried social engineering them, and general strategy notes. They often identify multiple targets at companies. 8. The caller who contacts victims is tasked with having the employee install "Remote Monitoring and Management" from level-dot-io. Once the application is installed they begin work (eventually). 9. Targets are not selected randomly. BlackBasta has immense interest in Electrical companies, Industrial supply chain companies (Steel, wood, recycling, general supplies), and Tax and/or Financial management companies (companies which manage finances for other companies). 10. Their workflow is documented fairly well. However, because these leaks are from 2023 - 2024, they may be outdated. Here is the general idea: Step 1: Get victim to execute malicious .HTA file. The .HTA file is delivered from either a masqueraded malicious download link, social engineering, or a masqueraded malicious e-mail Step 2: The .HTA file drops a .BAT or .EXE file which contains commands to connect to their C2 server. Step 3: The C2 server has a .JS file which can then deliver an actual payload file allowing either ransomware deployment, or tooling for remote access.

git vommit -m "Fix stomach bug"

How dare you! My code is artisanal, single origin, micro-brewed in traditional heirloom graymatter.

@vxunderground @_MG_ @Hak5 One kitty photo in as tribute.

Hello, this is now an ultra-rare-limited-edition-last-second-speedrun-giveaway. Our friend @_MG_ thought it would be funny to gift us 4 @Hak5 OMG. hacker cables right before my vacation begins. This is a speedrun. I've got 4 cables to giveaway (via voucher, you still have to pay for shipping) before 11PM EST. (approx. 6 hours from now). Leave a comment below, I'll pick 4 random people. If you live in a different timezone and miss this — I'm sorry. Blame MG, not us, because he wanted to do this the very last second (he's a troll). See subsequent post for details on OMG cables (if you live under a rock).

npx orbeez

npm install

AI can't generate ASCII art thumbs up. Prove me wrong.

Zoom Link?

Conspiracies were invented by big foil to sell more tinfoil hats. It's true. Do your own research.

I made a WebCam pixelation tool last night. A bit of fun especially if you want to do something interesting with OBS streaming or zoom meetings. garrows.com/pixelcam/ #pixelart

@garrows Now sit still while I tell you how to format your SQL correctly.

Commas are the new line terminators.

@pjlaurie Whatever tabs/spaces as long as it's set in .editorconfig. But commas before the value is unholy.

@garrows Only if you're one of those tab people... or the chaotic-evil 4 (or 8) spaces people.

@pjlaurie You monster

Who'd have thought they were a dot away from being more correct. Mind you, I've died on this hill a lot of times instead.

UltraTune (Aussie car servicing company) was reportedly ransomwared last night. Data is unverified.

@LitMoose We paid the researcher our top bounty too.

@LitMoose He was wise to report it to the companies using zendesk instead. We had a report for one of our vendors recently because they failed to fix it. They took action once customers were being exploited. We won't be renewing.