Dodo on Security 🇵🇸 🇺🇦

23.1K posts

Dodo on Security 🇵🇸 🇺🇦 banner
Dodo on Security 🇵🇸 🇺🇦

Dodo on Security 🇵🇸 🇺🇦

@dodo_sec

Brazilian Security Analyst | Malware Analysis | Responsible for the Slowest Algo in HashDB | Can barely reverse Hello World | PTC

Katılım Mart 2021
1.4K Takip Edilen2.4K Takipçiler
Sabitlenmiş Tweet
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
Racists are retards. Also I've been on the internet for like 20 years, you're gonna have to do better than "Brazil is liveleak" to rile me up. Funny that someone can call me antisemitic over criticizing a country, then on the same breath do actual racism lol
Dodo on Security 🇵🇸 🇺🇦 tweet media
English
6
1
24
12.7K
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
Also you can do body type instead of gender, whatever, but don't give me such baggy clothes. I was staring at types A and B without seeing any difference, until I rotated the character and realized I'd made dodo but with big boobs lmao
English
0
0
0
57
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
Ok, don't get me wrong, it's cool that Forza Horizon 6 lets you choose a bunch of prosthetic limbs and even cochlear implants but.... why can't my character have a mustache?
English
1
0
0
74
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
@mauthe_doog People like to joke about academics doing incredibly complex reads of something an author didn't intend to have extra meaning, but that's still valid when discussing how a piece of art interacts with the reality it exists in
English
0
0
1
21
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
@mauthe_doog People will keep consuming video essays, your career is fine. Humor aside, I suggest forgetting "objectively", you can't be purely objective because art isn't objective. Even analyses you meme about for bringing politics into it still bring up interesting interpretations
English
1
0
1
66
Mauthe Doog 👁️
Mauthe Doog 👁️@mauthe_doog·
When people consider the depth of a work, they usually only discuss the writing. I'm mostly talking about online and in video essays and such. But it's hard for words to capture beauty, and certainly not in a single moment in the same way visuals and music can. Picture is 1000 words, etc. We parse music and visuals as "vibe", and it's hard to analyse objectively (it usually isn't but we can get closer to objective) compared to writing, which might be why we overvalue it. These "vibes" can be used to slip meaning in easily. Some obvious examples are scary music, character designs like making the hero attractive and the villain ugly, harsh lighting to change the scene vibe, etc. In games, you can look at things like object and character placement, architecture, even game mechanics can be used to impart meaning. The ambiguity means that if you want something to be definitely understood you've gotta put it in words, or doing something really obvious. Anything that just uses visuals or music will struggle to be noticed. The Painter is a good example: there's themes of nature vs civilisation and media sensationalism, which as far as I'm aware nobody has discussed and I almost missed them myself. Of course that ambiguity is often intentional. Dark Souls and F&H use it to make the world seem much larger and deeper than they could ever physically make, and to keep communities engaged for years. Analog Horror use it for similar reasons, as a puzzle. It's hard to get the balance right, making sure to show enough of the puzzle so that it's understood but not enough that it's easy to solve. It's actually the same reason why the ambiguity of visuals and music can be useful. Like the Zen koans, or the parables of Jesus, some things are only clear or useful if you think about it and figure it out yourself. In that case... It's probably better than video essays and people online don't worry about the visuals/music as much because it wouldn't actually impart the understanding anyway. Having someone tell you what something means is much less valuable than understanding it yourself. Should I really be saying this it's my entire career here...
Mauthe Doog 👁️ tweet mediaMauthe Doog 👁️ tweet media
English
3
5
46
900
Jay R Audette Jr
Jay R Audette Jr@JayRAudetteJr·
@dodo_sec @eedaaf @metroadlib little of A, little of B. 😁 although I'll admit I mostly got caught on the bottom of the first image where they were talking about only reading the dialogue.
English
1
0
1
150
fooler initiative
fooler initiative@metroadlib·
WHAT IS HAPPENING?!?! WHAT IS HAPPENING?!!! WHAT?!!!
fooler initiative tweet mediafooler initiative tweet media
English
2K
10.4K
129.4K
3.8M
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
What do you mean Forza Horizon 6 is selling an expansion bundle for TWO EXPANSIONS THAT *WILL RELEASE IN THE FUTURE*?????
English
0
0
0
60
Dodo on Security 🇵🇸 🇺🇦 retweetledi
Zachary Foster
Zachary Foster@_ZachFoster·
Zionist learns the word “kidnapping” means being abducted in international waters by armed terrorists
Zachary Foster tweet media
English
7
110
556
4.8K
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
@RidgelineCyber @rucam365 You shouldn't take it as a compliment. Your original tweet also reads like clanker speak, to the point you're either lying or should be worried about what you're reading to end up writing like that. A wall of AI blabbering is disrespectful to the reader, stop it
English
0
0
0
16
Ridgeline Cyber
Ridgeline Cyber@RidgelineCyber·
@rucam365 I'll take that as a compliment, but 100% human here, one who has purchased and read your book
English
1
0
0
403
Ru Campbell
Ru Campbell@rucam365·
>“Conditional Access policies won’t stop token theft” Mate it’s literally the primary way to stop token theft.
Ridgeline Cyber@RidgelineCyber

Conditional Access policies won’t stop token theft—and standard MFA won't fix it either. When teams roll out Microsoft Authenticator push codes or SMS, some assume the cloud perimeter is safe. But sophisticated actors have moved completely past brute-forcing passwords. They use Adversary-in-the-Middle (AiTM) phishing frameworks like Evilginx. The attack flow is clean: The proxy site mirrors your Entra ID login page. The user enters credentials and solves the genuine MFA challenge. Once Entra ID validates the session, it issues an ESTSAUTH session cookie. The malicious proxy server snatches that cookie before passing it back to the victim’s browser. The Result: The attacker drops that stolen cookie into their own machine. Because the session has already passed the MFA verification loop, they gain instant access to the mailbox or cloud apps. They bypass standard Conditional Access rules seamlessly. , when an identical session jumps between network or device contexts Advanced features like Continuous Access Evaluation (CAE), Token Protection session controls, or strict device compliance rules can mitigate this. But they are rarely part of an organization’s "default" browser-based setups. Because a stolen token completely bypasses the sign-in loop, you cannot hunt for it by looking for failed logins. You have to hunt for Session Anomalies—specifically when an identical session jumps network or device context mid-lifecycle. From Sentinel or Entra ID Advanced Hunting, you can run the below KQL query to identify active token replays across interactive and non-interactive sign-ins:

English
2
11
177
22.9K
an
an@eedaaf·
@JayRAudetteJr @metroadlib What you wrote is action oriented which is ideal. What is being talked about is spending a paragraph (or worse a page) describing something or a new location
English
6
0
0
2K
Preston Byrne
Preston Byrne@prestonjbyrne·
All they had to do was put a battery pack in a Testarossa
Sawyer Merritt@SawyerMerritt

Ferrari has just officially unveiled its first ever all-electric car, called the Ferrari Luce. • Starting price: $640,000 • Interior co-designed with Apple's former head of design, Jony Ive • Range: 280 miles (expected EPA) • Peak charging speed: 350kW • 122 kWh battery • 1,050 horsepower • 0-60mph: 2.4s • 800v • Four-door four-seater • Four electric motors • OLED screens • Weight: 4,982 lbs • Front motors spin to 30,000 rpm, rears hit 25,500 rpm • Car uses an accelerometer to capture real vibrations from the electric motors & rear chassis. An algorithm filters out unpleasant frequencies and amplifies only the more “musical” sounds. This can be heard inside and outside the car. • Paddle shifter on steering wheel changes how aggressively torque is delivered, with five different levels • The trunk has 21.1 cubic feet of space, the largest luggage capacity the company has ever offered • 197.6 inches long, about as long as a Tesla Model S U.S. deliveries start in Q2 2027. More photos in the thread below:

English
7
6
53
2.9K
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
For a buffer smaller than block size, they tried to do just the step of xoring the buffer with the previous encrypted block (CBC first decrypts the current block and then XOR's with the previous one) but their code encrypts the previous block a second time before the XOR 🫠
English
1
0
1
56
Dodo on Security 🇵🇸 🇺🇦
Dodo on Security 🇵🇸 🇺🇦@dodo_sec·
Turns out this is caused by an error the TA made when writing code for CBC mode. They encrypt a null bytes buffer to serve as IV and each 16 bytes block is decrypted as the mode dictates. But they messed up when the buffer size isn't aligned to block size (1/3)
Dodo on Security 🇵🇸 🇺🇦@dodo_sec

>be Brazilian threat actor >want to decrypt C2 IP >create AES provider >load hardcoded key >use provider to encrypt a null buffer >encrypt the result of that >use resulting buffer to XOR encrypted C2 IP and get plaintext Brother what the FUCK

English
1
0
2
408

Keşfet

@RussianPanda9xx @HackingLZ @mauthe_doog @JayRAudetteJr @eedaaf @metroadlib @GirBerzerkerCat @RidgelineCyber