たまご retweetledi
たまご
2K posts
たまご retweetledi
Offensivecon is coming to Tokyo! 🔗 offensivecon.jp
Ticket shop, sponsorships and CFP are already open...
English
たまご retweetledi
Microsoft Edge's Enhanced Security Mode was designed to be the ultimate defense when browsing unfamiliar websites.
Zellic researchers @eternalsakura13 and R1nd0 found 23 RCEs in it.
Their target? DrumBrake, Microsoft's WebAssembly interpreter.
The irony? This security feature became a massive attack surface itself.
These findings span type confusion, out-of-bounds memory access, use-after-free, and critical control flow errors.
offensivecon@offensive_con
Enhanced Insecurity Mode: 23 RCEs in Edge's "Safe" WebAssembly Interpreter by @eternalsakura13 and R1nd0
English
たまご retweetledi
Red/Blue どちらの畑にいる人にも刺さる内容だと思うので閲覧推奨です。
脅威インテリジェンスの人視点としても、シナリオ作れるならこってちで勝手にスレッドハンティングするので、スレッドハンティングでカバーできない領域の仮説を立ててそこをTLPTしてくれると嬉しいなぁと見てました。
Tinydile@Tinydile
[Slides/資料公開] 本日のBSides Tokyo 2026での講演資料です。 TLPT2.0の提案 -「敵を知る」と「自分を知る」の分離 (A Proposal for TLPT 2.0: Decoupling "Knowing the Enemy" from "Knowing Yourself") bit.ly/4uS3XbJ #BSidesTokyo #TLPT #レッドチーム #RedTeam
日本語
@GateauOki28997 でも普通の昼チケットですら販売終了になっていました…😢私も参加してみたかったです…次回何かで…!
日本語
たまご retweetledi
The hardware-based attestation requirements that Google are pushing for reCAPTCHA would make it challenging to access numerous normal websites from de-googled phoned, including the hardened GrapheneOS
Meanwhile, there are known leaks that makes it possible to unmask VPN users on stock Android phones even with the "Always-On VPN" setting. Google are flagging these leaks as "Won't Fix / Infeasible", while GrapheneOS is quickly patching them
Protecting your privacy online is becoming increasingly difficult (and this is intentional)
Mullvad.net@mullvadnet
A new VPN leak that allows any app to leak traffic outside the VPN tunnel has recently been discovered by @cybaqkebm Read more here: mullvad.net/blog/any-app-o…
English
たまご retweetledi
たまご retweetledi
In collaboration w/ @abstractshield, we analysed TukTuk, a sophisticated .NET RAT disguised as Apache log4net.dll, and what we found goes well beyond the malware itself.
After pivoting onto the threat actor's own dev machine, we recovered their entire AI-assisted development history: 7,016 messages, 17 projects, 48 days of offensive tooling built almost entirely with Claude.
Two C2 frameworks. A terabyte-scale exfiltration utility. EDR evasion tooling tested against @CrowdStrike,
@SentinelOne, @Sophos & @Bitdefender. A BYOVD process killer. Custom AD recon tools. A tunneling kit. A malware distribution platform.
All of it AI-generated. All of it operational.
The actors used persistent fake personas, "university professor", "senior pentester", to bypass safety guardrails.
We're flagging this to @Anthropic, @Fortinet and affected vendors. The OPSEC failure that exposed all of this?
.claude/ session directory on the dev machine.
Full IOCs, hashes, operator IPs, C2 infrastructure, and verbatim AI session excerpts in the report. Link below.
🧵🧵🧵🧵🧵🧵🧵🧵
English
たまご retweetledi
たまご retweetledi
BlackHatAsiaで発表した「TLGMapper」ですが、英国の国家サイバーセキュリティセンター(NCSC)のCTOからも今週注目のトピックの一つとしてこのツールが取り上げられました!
コミュニティに役に立つ研究成果が出せたのだと認められたようで、頑張ったかいがあります!🙂
ctoatncsc.substack.com/p/cto-at-ncsc-…
日本語
たまご retweetledi
httpsサイトを新しく作る
→ まだどこにも公開していないURLなのにすぐに攻撃botが来る…ドウシテ…
理由:CTログを見張られていてそこから来ている(サーバー証明書の透明性を悪用)
Yusuke Kawabata@ku_suke
ちゃんとした、かどうかはおいといて少し注意喚起として記事にしてみました。 外部からアクセス可能なhttpsサイトはドメイン設定後「即」攻撃にさらされる件 zenn.dev/kusuke/article…
日本語
たまご retweetledi
CrowdStrike Day Zero 2026にて、20代の日本人男性がとってもおもしろいお話をします。
crowdstrike.com/en-us/events/d…
日本語
たまご retweetledi
Tell me again how Edge is so great?
International Cyber Digest@IntCyberDigest
❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.
English
