c0rdis

The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with a pincode that says "Do not share this". You don't share it, yet you still get hacked. How?

#GhostSec claims to have conducted the first ever #ransomwwre attack against an RTU - remote terminal unit used in ICS environments. @uuallan @RobertMLee #cybersecurity #infosecurity #infosec #cyber

Breaking RSA with a Quantum Computer dlvr.it/SgKgWk

🕸️Inside the Ransomware Economy🕸️ Ryuk is the biggest Saas unicorn u've never heard of. $150M ARR. 3 yrs old. Maybe it’s taboo to learn business strategy from a cybergang. But the ransomware industry-- from supply chain operations to market microstructures-- is truly genius. 👇

Want to learn about GraphQL hacking? A thread ⬇⬇⬇ (1/10)

IoT device browser doesn't let you enter file:///? Use view-source:file:///. It works 80% of the time, every time

Scenario: Your CEO is worried about supply chain security and tells you to implement a program to "stop us from being hit with another SolarWinds." What *specifically* do you do to secure your software supply chain? Please RT for reach. I'm interested in diverse opinions.

Deep link on mobile app ➡️ Host-relative SSRF ➡️ Account takeover 🦾 (affecting @Pinterest) dphoeniixx.com/2020/12/13-2/

I'm not that great a chess player, but a pretty good hacker...so after watching The Queen's Gambit I of course put my skills to great use and found a board setup I could give to a chess engine to have it segfault when it tries to search for the next best move... take that

Security Budgets - Supply and Demand Thinking Think of budgeting as a supply & demand problem. Work both sides to make it a risk management exercise. It will bring clarity of thought and illustrates to your business that you are thinking commercially. bit.ly/3joAqlp

If you don't embrace absurdity, infosec might not be for you.

Without formal access, a college kid got hold of @OpenAI's GPT-3 and created a fake, AI-generated blog under a fake name. Within hours, his first post reached #1 on @newsycombinator. A case study in how people could (ab)use the model in the future. technologyreview.com/2020/08/14/100…

🛡️ Sensitive data leakage using .json 🛡️ #cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

For 327 days, the impostor site privnotes.com has been stealing traffic/privacy/users from privnote.com, a legit encrypted msg service. Worse: KrebsOnSecurity found privnotes.com also will alter bitcoin addresses in messages. krebsonsecurity.com/2020/06/privno…

A Red Team Maturity Model redteams.fyi

From the 15th-19th of June 2020, we will be bringing the best security minds together to take our participants on a unique experience. All sessions will be recorded, LIVE streamed and shared : ) To register, head over to …en-security-summit-2020.heysummit.com/checkout/selec…

I am just watching a great presentation about security & #WardleyMapping by @madplatt. My notes are here, feel free to add notion.so/kdaniel/Evolut…

@aristotelianmem Waking Life (2001)

Best philosophy movie? I will block if you say Matrix

We're excited to release TerraGoat, a vulnerable-by-design training tool for #Terraform! 🐐 📑 Read more about why we built TerraGoat: bridge.dev/2XdwAlz ⭐ Check it out on GitHub: bridge.dev/3bLgOUt

We chased an attacker in #AWS and want to share the story. Our blog covers: 🔍 Initial lead w/ #CloudTrail 🕵️ Investigative approach 🤖 Use of orchestration "robots" to respond faster ✅ Steps to improve ☁️ #Mitre ATT&CK Cloud Tactics? 👍 Those too! expel.io/blog/finding-e…