Alyosha Sintsov ری ٹویٹ کیا
Alyosha Sintsov
4.3K posts
Hey, we are looking for an Incident Response Engineer in Mexico! #job social.icims.com/viewjob/pt1723…
English
How can we measure the Return on Security Investment (RoSI) of Bug Bounty programs? @ygoltsev and I have explored various numbers to find answers, and we'd like to share our ideas with you - linkedin.com/pulse/how-meas…! #ROI #bugbounty #metrics #okr
English
Is Ivanti 0days based on path traversal + command injection in backup endpoint?
English
Alyosha Sintsov ری ٹویٹ کیا
Let me say that again...
You store pointers at the _destination_ address of a memcpy.
You glitch during memcpy ().
You get that pointer into PC.
No, it's not sci-fi. It's the "instruction corruption" fault model. And we pioneered that.
See thread below 1/N.
Raelize@raelizecom
This attack showed that the data at the destination of a copy can be abused just like the data at the source. We had to improve this attack quite a bit as it simply took too long to get a successful glitch. The details for this optimization will be explained during our training.
English
Alyosha Sintsov ری ٹویٹ کیا
Application Security and Vulnerability Assessment getting a significant advantage from GenAI (context-driven knowledgebase). That helps security teams understand the root cause of the problem faster and significantly reduces the latency in producing security fixes at scale.
English
Alyosha Sintsov ری ٹویٹ کیا
"... detected several remotely exploitable bugs in AMI MegaRAC BMC"
"... whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash"
Looking forward to this talk!
Alex Tereshkin@AlexTereshkin
Check out the abstract of our upcoming DC talk :) CC: @Adam_pi3 forum.defcon.org/node/245714
English
Alyosha Sintsov ری ٹویٹ کیا
Our lovely Red Team at @gitlab is looking for a Senior Red Teamer
boards.greenhouse.io/gitlab/jobs/67…
English
@joernchen I call it D&D already. I also think we should have network map and mini-figures!
English
Why do they call it tabletop exercise and not DFIR Dungeons and Dragons?
Matt Johansen@mattjay
Tabletop exercise of the day: You lead a small security team for a tech startup No Active Directory or mail servers, but a fleet of macbooks and SaaS apps You hear mumblings of some weird Slack DMs & later a teammate texts you saying they have a ransomware message. What next?
English
Also found interesting, that ChatGPT works much better if you ask to use LangSec approach: translate logic into grammar, and input as a language and try to find a Weird Machine, works more efficient at my example than just "check the pseudocode/logic for security issues"
English
And on other side: "fraud/propaganda" is also a language for creating "weird machines"...
English
Think lately about weird machines, and found myself that jokes and humor is an example of such for human beings.
English
Alyosha Sintsov ری ٹویٹ کیا
English
@virustotal @bquintero Can anyone please run Code Insight against that file: virustotal.com/gui/file/b9a79…
English
Introducing VirusTotal Code Insight: empowering threat analysis with generative AI. This tool is based on Sec-PaLM (LLM) and helps explaining behavior of suspicious scripts. Code Insight is available now for all our users! More details by @bquintero: blog.virustotal.com/2023/04/introd…
English
Alyosha Sintsov ری ٹویٹ کیا
My dear humans and non-humans, I present to you the speakers for #OffensiveCon23
offensivecon.org/speakers/
English
Alyosha Sintsov ری ٹویٹ کیا
📝New research by @lmpact_l: "Fork Bomb for Flutter"
There are more and more Flutter applications, and security analysis of these apps is in high demand. Our member Phil shares his knowledge and presents his reFlutter tool.
Read the article: swarm.ptsecurity.com/fork-bomb-for-…
English
