Mathieu D.

Google is working on a new feature called Shielded Email that lets users create unique email aliases for signing up for services, which helps protect their privacy and reduce spam. #Privacy #Mail androidauthority.com/google-shielde…

reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first.

AWS Nitro Enclaves offer strong isolation for sensitive workloads but require careful security implementation. Learn how to avoid common pitfalls and harden your enclave deployments. blog.trailofbits.com/2024/09/24/not…

Discover how to determine the AWS account ID associated with access keys using sts or by decoding the key itself. Learn these effective techniques for better AWS environment assessments. Dive into the details here: buff.ly/3RXkPwU

Following on from our #GitHub action exploitation series, @hugow_vincent discovered a new exploitation technique that allowed us to push arbitrary code onto the spring-security project using the Dependabot GitHub app. synacktiv.com/publications/g…

@florent_viel Il y a Hiya (ce qui est utilise sur les Samsung) par contre en app standalone je ne sais pas ce que ca vaut

Bluetooth LE spam attack is now ported to dedicated Android app to push notifications for Android and Windows For Android, is can advertise over 170 devices github.com/simondankelman…

OpenAI's security team noticed that a group reverse engineered and was abusing ChatGPT's internal API. Instead of shutting them down, they quickly replaced ChatGPT with CatGPT… and then lurked in the attackers' Discord to watch the chaos. Absolute legend. youtube.com/watch?v=PeKMEX…

Excited to launch my first browser extension, DOMLogger++! Now available for both Firefox and Chromium! 🎉 DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations 🔥 Check it out 👇 github.com/kevin-mizu/dom… 1/5

PS If a viral report goes around saying there’s a vulnerability and you should turn off link previews, there’s really not a lot of cost to being cautious for a day or two. It’s not like someone is asking you to inject chlorine into your veins.

If you dont know why @xillwillx and #sub7 is trending in hacker land because you weren't born, this retrospective review by @DarkCoderSc is a good summary. It was the 1999 hackers preferred RAT tool that inspired the likes of DarkComet. darkcodersc.medium.com/a-malware-retr…

I'm dumping this before my talk at @bsidesct so I don't get distracted. Enjoy fuckers. gitlab.com/illwill/sub7 cc: @vxunderground

My team just released a Kubernetes attack path tool named KubeHound! Release blog post (with examples) securitylabs.datadoghq.com/articles/kubeh… Website / docs: kubehound.io :D Should be able to handle large k8s env! Feedback welcome!

#ESETresearch uncovered a #Lazarus attack against an aerospace company in 🇪🇸, deploying several tools, most notably a publicly undocumented and sophisticated RAT we named LightlessCan. The attack is part of Operation DreamJob. @pkalnai welivesecurity.com/en/eset-resear… 1/6

In the spirit of "this talk could've been a tweet", I just pushed a button: #BinDiff is now open source. - Snapshot release, no major new functionality - Release binaries later today or tomorrow - This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)

Repeat after me: no amount of security awareness training will solve the social engineering problem. You might as well be relying on ancient chants and sacred crystals if this is the plan. Thank you for coming to my TED talk...

New: I tracked the precise movements of an NYC subway rider. Saw what specific time they got on and at what station. It became obvious which station was nearest to their home. This was all because of a 'feature' on the MTA website Wide open to abuse 404media.co/i-tracked-nyc-…

Just published a little presentation "ST25TB series NFC tags for fun in French public transports" 🥝 It demonstrates why it's not a good idea to use chips without authentication (like SRT512 & ST25TB512-AT) for convenience transport tickets > 1drv.ms/b/s!AlQCT5PF61…

I wrote an article on bypassing BitLocker on a Lenovo laptop: errno.fr/BypassingBitlo…