Sabitlenmiş Tweet
IRIS C2
970 posts
IRIS C2
@C2IRIS
The world's most advanced offensive cyber platform
McLean, VA Katılım Ocak 2025
144 Takip Edilen2.5K Takipçiler
@Robert4787 What’s unreal about any of that?
It’s pretty run of the mill cyber statecraft, tbh
English
This is where spycraft starts to feel unreal. It’s not just agents anymore, it’s hacked cameras, AI, and years of tracking someone’s every move. By the time a strike happens, it’s already been decided long before.
chosun.com/english/world-…
English
Chinese telegram groups are posting real time satellite images. We are two weeks behind, per a government mandate ordering satellite companies to withhold updates for at least 14 days.
john m@johnm11088928
@Cernovich I can't get a good read on the Iran conflict on X.
English
What??? The guy who ran the company that’s been inserting semi-obvious backdoors in SuperMicro motherboard firmware for years, which allows easy insertion of implants into SMM, was smuggling sensitive technology to China???
You don’t say!?
NIK@ns123abc
🚨BREAKING: SUPER MICRO CO-FOUNDER ARRESTED FOR SMUGGLING $2.5B IN NVIDIA GPUs TO CHINA >SMCI co-founder Yih-Shyan "Wally" Liaw arrested today >personally holds $464 MILLION in SMCI stock >charged with smuggling BILLIONS in Nvidia servers to china >used a southeast asian shell company to funnel $2.5B in servers to chinese buyers >$510 million worth shipped in just THREE WEEKS in spring 2025 >built thousands of fake dummy servers to fool U.S compliance auditors >caught on surveillance camera using a HAIR DRYER to swap serial number stickers >coordinated the whole thing over encrypted group chats >SMCI down 12% after hours >faces up to 30 years in federal prison ITS SO OVER…
English
Those people are typically called programmers but someone else will argue it's more than just knowing the code and understanding people enough too to make it a weaponizable turn key solution. This is why the people in question often come in teams. You'll have someone like me who designs the ui for NPC gov users and like 3 people bug hunting in the background who bring 2 other middle pipeline people things to chain together into something practical and useful for me to educate potential clients about.
English
Fun fact: 90% of the Web3 bug bounty programs are scams
they list huge reward amounts mainly as a marketing tactic.
f4lc0n@al_f4lc0n
I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…
English
There is not a single iPhone on earth right now that’s secure against 1-clicks (which can also be delivered to webpages via targeted ads) if Russia or China want to hack you.
There’s even a phony shut down module. So when you think you’ve powered off your phone, it’s still on.
English
There is a leaked Coruna version being used against iOS 26.3 at present, btw
Google, et al just haven’t released their report on it because Apple hasn’t been able to patch yet
“Responsible disclosure” usually = creepy, vague lying to the public via omission & half truths
English
Binary Ninja is a great tool if you want to do deep vulnerability research by writing scripts to find patterns.
Their ILs has been carefully crafted.
IRIS C2@C2IRIS
Finally bought Binary Ninja today Absolutely tremendous product Obviously built by total craftsmen Well worth the $3,000
English
How iOS App Hacks Work: Using __got and __la_symbol_ptr for iOS Hacking / Tweak Development
📲 Full Write-up: idevicecentral.com/ios-hacking/us…
It's been a long time since I put together a write-up, but here it is. If you are curious how iOS tweaks work, how they change app behavior and where they hook stuff, this introduction to __got and __la_symbol_ptr on iOS will help you understand the picture better.
Note: __got and __la_symbol_ptr are very similar to GOT and PLT in ELF (Linux / Android) binaries.
Note #2: This write-up does NOT contain any AI generated material, you are reading a fully human written article.
English