Hyperion Gray

arstechnica.com/gadgets/2020/0… Remind me why a platform promoting accessibility of information would limit that ability?!

Zero Day Alert: Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild thehackernews.com/2020/09/cisco-… via @TheHackersNews

Happy Monday to all researchers. We hope you have a very successful week of hunting and programming. Should you want to sell any technologies don't hesitate to contact us.

Expectation: I'll use GraphViz to plot this callgraph and it will make the structure perfectly clear Reality:

@0SecLLC This is huge! For the researchers by the researchers!

We are firm believers that researchers should get the money they deserve for the research they conduct. It takes time and effort. Zero Security prides itself on helping people from all over the world. We are currently accepting new clients to represent as we continue to expand

Chainlink is a Russian pump-and-dump fraud. Until when are such fraudulent activities going to happen under @SEC_Enforcement @SEC_News watch? Protect the American people from Russian fraudsters! @coinbase why are you tolerating this scam on your platform? @brian_armstrong $LINK

The Spectre Rootkit is now released alongside my @BlackHatEvents USA talk, Demystifying Modern Windows Rootkits. Go check it out! github.com/d4stiny/spectre

Cerberus Bot v2 source can leak to the criminal forum xss[.]is, source code already available for the admin of the forum. The seller looked for a guy who can manage the project but doesn't found. Cerberus Bot selling has been closed because no way to manage a project.

I've been taking a huge interest in APTs recently and Threat Intelligence in general and I found this paper called "A Threat Actor Encyclopedia" by @ThaiCERT and it's fire! 🔥 thaicert.or.th/downloads/file…

Tor 0-Day: Stopping Tor Connections Very interesting read and research! hackerfactor.com/blog/index.php…

Don't forget to sign up for our Green Belt course on 0-Day Hunting! hyperiongray.com/htp/ Date: 07/30/2020 Spaces are limited!!

If you need to debug a Linux kernel Hyper-V guest check out github.com/weltling/convey. Allows you to kernel debug the guest from WSL on the host which is neat.

OPSEC Fail! Iranian #APT35 hackers accidentally exposed 40 GB worth of sensitive data online, containing #hacking training videos that revealed they managed to hack a member of the U.S. Navy, and a Greek naval officer. Read Details — thehackernews.com/2020/07/irania… #cybersecurity

Some Friday humor to help jump start the weekend!

My new research and open source memory scanner tool Moneta dives deep into the topic of memory stealth and forensics when designing malware or fine tuning detection for it. Many should find this information valuable forrest-orr.net/post/masking-m…

OK, we talked to another hacker. Were able to confirm how they got accounts: Twitter employee used internal tool to change email addresses associated with accounts. Twitter seems to have just confirmed this in tweets as well vice.com/en_us/article/…

At last, the series begins: MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface. googleprojectzero.blogspot.com/2020/07/mms-ex… I'm excited to start sharing more about this work, starting with a deep dive into the internals and history of the codec.

tfp0 on iOS 13.6 - by @_simo36