Rezk0n

Hi everybody! I did a talk today about pagetable exploitation techniques on x64 Linux. I uploaded the slides to Github I loved meeting everybody :) github.com/Notselwyn/blog…

@_xpn_ @AnthropicAI Yikes

I'm sorry @AnthropicAI, did you just try and tell me to enable data sharing (which I disabled) and then told me that you can keep my data for 5 years??!

NPM package NX compromised! The nx package versions 20.11.0 and 21.7.0 appears to be compromised with code published that would attempt malicious actions including modifying the installers .bashrc/.zshrc. github.com/nrwl/nx/issues…

@LukeParkerDev github.com/nrwl/nx/issues…

just found what looks like a massive virus. thousands of github repos called 's1ngularity-repository' created in the last couple hours. containing public data of your github private tokens and a clear attempt at trying to get access to all private/financial data on the system

This is what I mean when I say working with MSRC is degrading. They want everything: write up, stack traces, PoC, exploit source, analysis, life advice, approval on anything you will ever publish. In return they will patch your bug whenever they feel like it and not tell you

🚀 Bridging MITRE ATT&CK with ATTACKIFY for Advanced Threat Actor Emulation! Exciting news! We've just released a new CLI tool in beta to compliment ATTACKIFY that will help you instantly run emulations based on any @MITREattack Threat Actor Group Profiles. 🎯 Map ATT&CK TTPs to ATTACKIFY Modules 🛡️ Automate Threat Actor Emulations 🔗 Run Custom APT Campaigns Instantly 🔐 Improve Security Controls as data is published! Learn more from our blog: attackify.com/blog/bridging_… #Cybersecurity #ThreatEmulation #ThreatIntel

🚀 New Module Alert! 🚀 We're excited to introduce our latest ATTACKIFY module targeting CVE-2024-26229, a vulnerability in the Windows CSC Service. 🔍 Key Features: - Test & Validate Security Controls: Focus on local privilege escalation detection & prevention. - Real-World Simulation: Attempts to safely exploit the vulnerability & runs whoami.exe to verify SYSTEM privileges. Enhance your security posture with ATTACKIFY today! Test your security controls against many of our privilege escalation modules and more💪 attackify.com #CyberSecurity

🚨 Attention Australian Businesses and Educational Institutes! 🚨 We're offering FREE Professional ATTACKIFY accounts for the rest of 2024 if you register for a FREE account in June. We want to help protect against the current surge in cyber attacks seen in Australia lately. Don't miss out on this opportunity to improve your overall security posture now! - Audit Endpoints - Test, Validate & Improve Security Controls - Perform Security Maturity Assessments - Perform External Asset Discover and Vulnerability Scanning attackify.com (Must be a registered business within Australia) #CyberSecurity #Australia #ATTACKIFY #JuneFreeOffer

Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00. github.com/TheOfficialFlo…

@naehrdine @CodeColorist Willl it be recorded? ❤️

@CodeColorist The lectures are in-person, so if you're located near Berlin, feel free to join :) Anyone can register. It's a bit of paperwork, but I can help you with that. Details are here: uni-potsdam.de/en/studium/wha…

Join us for an exciting guest lecture! @i41nbeer will present his talk "r00t cause analysis: the process of analyzing in-the-wild zero day iOS exploits" 📱💥 📅 Friday, April 19, 14:30 📍 Potsdam, @HPI_DE, HS3

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

How the hell are we gonna send the epic fail Pwnie to China

@UnitedEnergyAU There’s no way that if takes till Thursday.

POWER OUTAGE UPDATE (1/4) #UnitedEnergy is responding to 600 faults & working to restore power to 120,000 customers after severe winds & lightning strikes caused significant damage to poles, wires & electrical infrastructure across the south-east suburbs & Mornington Peninsula.

The world's first(?) kernel exploit for Vision Pro- on launch day!

@TinySecEx This looks sick, will this be public or nah?

Although it is only an early version, but it already helps me alot.😂

🚀 Exciting New Module in #ATTACKIFY  - OceanLotus 🚀 A new module inspired by the awesome research from @coolestcatiknow & @PwnieFan and the @MITREengenuity team on OceanLotus APT emulation! 🛡️ Dive deep into advanced threat simulations & hone your defenses by experiencing first hand tactics of OceanLotus. Use ATTACKIFY to quickly emulate key OceanLotus TTPs around the OSX.OceanLotus backdoor and malicious activity! attackify.com #adversaryemulation #APT #infosecurity #purpleteam

@Yassineaboukir @stokfredrik <3 Thankyou for the content and inspiration

@stokfredrik much love brotha and may the wind always blow in your favor whatever you do next 🤟🏽

Rip 🪦

🚀 New Feature in ATTACKIFY! Introducing attack scheduling - our latest feature to further automate & schedule attack simulations on a continuous daily, weekly, or monthly basis on single or multiple endpoints & environments is out now. That and some more details in our latest blog: attackify.com/blog/attackify… #cybersecurity #purpleteam #blueteam #infosec #attacksimulation

🔐 Introducing the Bootloader.io Scanner Module for ATTACKIFY! Following the success of our LOLDrivers Scanner Module, we're excited to unveil the Bootloader.io Scanner. Dive deep into detecting malicious bootloaders using data from the awesome project hosted at bootloaders.io For an in-depth look & bonus scripts for manual scans and tinkering, check our blog: 📖 attackify.com/blog/loldriver… 🚀 ATTACKIFY: Simulate Malware, Emulate Adversaries, Conduct Security Scans & more - all for FREE! Join us today: 🔗 attackify.com #purpleteam #Bootloaders #infosec #BlueTeam #redteam #CyberSecurity #Bootloaders #LOLDrivers

🔐 New Module: LOLDrivers Scan! While ATTACKIFY excels in automated adversary simulations, we're also about enhancing endpoint security. Our newest module leverages the awesome work from the #LOLDrivers project, allowing seamless malicious and vulnerable drivers scans on your endpoints. 🚀 Explore ATTACKIFY - Emulate Adversary Behavior, Simulate Malware, Run Various Security Scans, and more in just a few clicks - all for FREE! Sign up at: 🔗 attackify.com #purpleteam #LOLDrivers #infosec #BlueTeam #redteam #CyberSecurity