João Paulo Barraca

MediaTek 5G baseband firmware reverse engineering Blog post: research.nccgroup.com/2024/05/07/ghi… nanoMIPS Ghidra module: github.com/nccgroup/ghidr… Mediatek firmware tools: github.com/nccgroup/mtk_bp #baseband #cybersecurity

you've heard of MITRE ATT&CK, but what about ATLAS? ATLAS is one of the matrices managed by the team at MITRE. it stands for Adversarial Threat Landscape for Artificial Intelligence Systems & maps adversarial TTPs that are specific to AI-enabled systems! api.cyfluencer.com/s/understand-a…

Naive, never-used-WordPress guy here: So you’re telling me ONE GUY has control over hundreds of millions of websites, including some government sites…? And thats never been a freaking atomic red flag before now? Seems insanely risky—why stay?

Worth sharing with parents / kids etc as well as anyone who thinks they’ll never be caught by scams. It’s called Quishing - fake QR codes placed over the top of a legitimate QR code used to pay for parking.

Cheat Sheet for Designing a Secure System Credit: @bytebytego #cybersecurity #infosec #cheatsheet

@dgomes Delving? 😀 it sounds suspicious from the start.

Academic Paper making machines arxiv.org/abs/2406.07016…

Network Security Protocols #cybersecurity #infosec #network

📈As ameaças de cibersegurança estão em constante evolução e pode ser difícil acompanhá-las.🫵Informa-te sobre as medidas de segurança mais recentes e as melhores práticas através do nosso site. Foto de Abhilash Sahoo: pexels.com/pt-br/foto/fot… #CyberAware #GCS_UA #Cybersecurity

𝗪𝗵𝘆 𝗔𝗺𝗮𝘇𝗼𝗻 𝗔𝗯𝗮𝗻𝗱𝗼𝗻𝗲𝗱 𝗠𝗶𝗰𝗿𝗼𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 𝗶𝗻 𝗙𝗮𝘃𝗼𝗿 𝗢𝗳 𝗠𝗼𝗻𝗼𝗹𝗶𝘁𝗵? In the latest post (check in the comments), a team that works on Prime Video explained their approach to ensuring that customers receive high-quality content. They use a tool to monitor every stream viewed by customers and use it to identify quality issues. The tool was intended to run on a small scale, so they noticed that 𝗼𝗻𝗯𝗼𝗮𝗿𝗱𝗶𝗻𝗴 𝗺𝗼𝗿𝗲 𝘀𝘁𝗿𝗲𝗮𝗺𝘀 𝘁𝗼 𝘁𝗵𝗲 𝘀𝗲𝗿𝘃𝗶𝗰𝗲 𝘄𝗮𝘀 𝘃𝗲𝗿𝘆 𝗲𝘅𝗽𝗲𝗻𝘀𝗶𝘃𝗲. So, they decided to revise the architecture. The initial architecture consisted of 𝘀𝗲𝗿𝘃𝗲𝗿𝗹𝗲𝘀𝘀 𝗰𝗼𝗺𝗽𝗼𝗻𝗲𝗻𝘁𝘀 𝗼𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗲𝗱 𝗯𝘆 𝗔𝗪𝗦 𝗦𝘁𝗲𝗽 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻𝘀. They moved expensive operations between components into a single process to keep the data more transient within process memory. Building initial solutions with serverless components was a good choice because it enabled it to be done quickly and scale each component, yet such a way of using some components 𝗰𝗮𝘂𝘀𝗲𝗱 𝗶𝘀𝘀𝘂𝗲𝘀 𝗮𝘁 𝟱% 𝗼𝗳 𝘁𝗵𝗲 𝗲𝘅𝗽𝗲𝗰𝘁𝗲𝗱 𝗹𝗼𝗮𝗱. After the analysis, they concluded that the distributed approach didn't bring many benefits, so they packed all the components into a single process. 𝗠𝗼𝘃𝗶𝗻𝗴 𝘁𝗵𝗲𝗶𝗿 𝘀𝗲𝗿𝘃𝗶𝗰𝗲 𝘁𝗼 𝗮 𝗺𝗼𝗻𝗼𝗹𝗶𝘁𝗵 𝗿𝗲𝗱𝘂𝗰𝗲𝗱 𝘁𝗵𝗲𝗶𝗿 𝗶𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗰𝗼𝘀𝘁 𝗯𝘆 𝗼𝘃𝗲𝗿 𝟵𝟬% 𝗮𝗻𝗱 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗲𝗱 𝘀𝗰𝗮𝗹𝗶𝗻𝗴 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀. Image credits: Amazon. #technology #softwareengineering #cloudcomputing #techworldwithmilan #softwarearchitecture

Jia Tan's git commit to turn off Landlock sandboxing one week after Lasse Collin improved it. I understand the sandbox is for xz, the command line tool, and Jia did not need to disable it for the SSHD backdoor. 🤔The xz command also activates the backdoor?

Newly discovered vuln in Apple M-series chips lets attackers extract secret keys from Macs. "The flaw—a side channel allowing end-to-end key extractions when Apple chips run...widely used cryptographic protocols—can’t be patched" arstechnica.com/security/2024/…

😂

Law enforcement agencies have issued an update, revealing that members of the LockBit ransomware group have been arrested in Poland and Ukraine. They have also shared a recovery tool and decryption keys. The LockBit ransomware group's blog site will be shut down in 4 days. Law enforcement agencies are coordinating activity to identify and deal with LockBit's affiliates, and have taken down of 26 servers as a result of the compromised LockBit platform. x.com/dailydarkweb/s… #DarkWeb #ransomware #lockbit

Welcome to my profile!♥️♥️♥️ Please take a look at my three main projects: OSINT stuff tools (1000+) collection: github.com/cipher387/osin… Worldwide OSINT tools map: cybdetective.com/osintmap/ Netlas CookBook: github.com/netlas-io/netl…

PacketSpy A powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively. github.com/HalilDeniz/Pac… #cybersecurity #infosec #pentesting #redteam

I don't usually spread rumors, but this could be a big deal if it's true. People are talking about hijacked AnyDesk sessions.

🛡️New #KQL queries! Created some detections based on APT28 activities reported by @_CERT_UA. 1. PowerShell No Profile Execution 2. Hunting for APT28 commands 3. PowerShell WebDav Folder File Collection All individual links in 🧵Happy hunting! 🏹🎯 github.com/Bert-JanP/Hunt…

You are a cybersecurity beginner and confused about the roadmap to have a clearer view of what you really want in your cybersecurity career. Then this file is for you! I found it so resourceful that I decided to share. drive.google.com/file/d/10So0S_… You are welcome🤝❤️

1/ A technical writeup on @Meta’s @WhatsApp privacy issue: WA leaks victim devices’ end-to-end encryption (E2EE) identity information (mobile device + up to 4 linked devices) to any user, by design, even if blocked and not in contacts. @TalBeerySec/hi-meta-whatsapp-with-privacy-6d646c5aa3bc" target="_blank" rel="nofollow noopener">medium.com/@TalBeerySec/h…

SploitScan A sophisticated #cybersecurity utility designed to provide detailed information on vulnerabilities and associated proof-of-concept (PoC) exploits. github.com/xaitax/SploitS… #pentesting #redteam #bugbounty