Enrico M.

Really great blogpost about bypassing client isolation on wifi networks (WPA till 2 and public) from Ben Knight pulsesecurity.co.nz/articles/bypas…

Uncovering hidden paths in 5G core: Exploiting protocol tunneling and network boundary bridging tu.berlin/fileadmin/www/… [PDF]

🔥 Microsoft fixed a high severity data exfiltration exploit chain in Copilot that I reported earlier this year. It was possible for a phishing mail to steal PII via prompt injection, including the contents of entire emails and other documents. The demonstrated exploit chain consists of techniques that didn't even exist 2 years ago. 🔥 In particular, it involves: 1. Prompt Injection 💉 2. Automatic Tool Invocation (without human in loop) to bring PII into chat context ⚙️ 3. ASCII Smuggling 🫣 4. Rendering of benign link + invisible text 👀 5. (Optional) Conditional instructions to only trigger when certain users view the content ☝️ Discussing two demos (stealing sales data and MFA codes), including the videos I had shared with MSRC in February. @simonw @goodside @llm_sec embracethered.com/blog/posts/202…

The next time you have imposter syndrome at work, just remember:

Andy was the CISO for Maersk Line when they were hit by Notpetya in 2017. He told what really happened to the audience of the t2 conference this May. Video here: youtu.be/wT2r5VuYCU0

Time to make some hype! #BSidesLjubljana

Nice blog post by @McuOnEclipse on embedded devices reverse engineering ( IoT monitoring/sensor device) mcuoneclipse.com/2019/05/26/rev… #iot #embedded #reverseengineering #infosec #hacking

@theluemmel @ZephrFish Based on my experience, the most interesting vulnerabilities on Nessus you can find it tagged as INFO <.<

This is super-interesting research by @merlinchlosta et al.: Drone Security and the Mysterious Case of DJI’s DroneID mu00d8.me/paper/schiller… [PDF]

I built a real-time intelligence gathering tool and it's accessible online. Open Source Surveillance has 18 features including social media, cameras, #IoT, #ICS, transportation and more. #osint #intelligence #infosec #privacy

Network Measurement Methods for Locating and Examining Censorship Devices ramakrishnansr.com/assets/censors… [PDF]

TIL: The CIA “The Simple Sabotage Field Manual” from WWII suggested enforcing the bureaucracy at companies that delivered to the enemy as a viable sabotage technique. corporate-rebels.com/cia-field-manu…

This is the best infosec blog post I've read in years @swagitda_ - kellyshortridge.com/blog/posts/the…

Just installed Nmap and ran it... Mind blowing tho.. I'm getting addicted to this shit lol OpenAI is awesome 😁😁

Not fan of "awesome" lists in general, however these maturity models collected by @Eliyahu_Tal_ can turn out to be pretty useful github.com/TalEliyahu/awe… I've developed some maturity models myself in the past, and I found them to be a valuable infosec tool (if used properly).

What are your top security Antipatterns? (opposite of best practice) (en.wikipedia.org/wiki/Anti-patt…) I have these so far - 10 patching antipatterns - "compliant is not secure" @scritches - "Collection is not detection" for log data - re-using the same password what else?

@Al3ssiaManka @Corriere Ricordiamolo indici libertà di stampa 2022, Italia 58 posto al mondo assieme al Niger.. rsf.org/en/index

A Roma piove. Che imbarazzo @Corriere

@ACmanville @ring Current status of iot security...@mikko law strikes again..."if it's smart it's vulnerable"

@ring my account was hacked and I can’t recover my account the hacker is making vulgar comments towards me and my neighbors through my door bell

@0xdea MS Teams with "take control" functionality acts exactly in that way...A user can access to the clipboard of the other user..

I wonder if that’s still the case. I haven’t looked into RDP architecture, but this seems likely. Also other similar products, including video conferencing with screen sharing capabilities, might work this same way…

NSA released its future Quantum Resistant algorithms for National Security systems: nsa.gov/Press-Room/Pre… media.defense.gov/2022/Sep/07/20…