syncop @colt@nanao.cybtex.fr

Video: Hunting for Cobalt Strike in PCAP
https://netresec.com/?b=2410f02

I have successfully sent a toot from my #HamRadio (pictured below) using @xssfox ’s excellent APRS to Fediverse gateway.

I typed and sent it from my radio at Montgomery Park and it reached the internet via what’s called an I-Gate in Vancouver. I’m the king of the nerds on shift tonight.

#AmateurRadio

Quoting @kf7azy:

https://aprs.internaluse.net/@kf7azy/posts/204677194906936432/

Meta: OH, COME ON. ISN'T THAT BETTER NOW?

#meta #fediverse #threads
#MastoArt #krita

Hey fediverse,

As many have already heard last week, Dragos had to let go about 50 people. Tuesday last week was my last day on the job, and as of today I am slowly beginning my search for a new role while allowing myself plenty of time to unwind between roles (for a change).

My role at Dragos was to reverse engineer ransomware and I would love to continue reverse engineering malware (not just ransomware) in the future. I've worked in a few different threat intelligence roles over the last several as well.

I'm located on the US East coast and am currently looking to stay remote as relocation and travel are not an option for my family.

Any leads are appreciated! My LinkedIn profile can be found at the top of my profile as well.

#malware #reverseengineering #jobs #jobsearch

Your own LTE Network (SDR / Ubuntu)

https://open5gs.org/open5gs/docs/tutorial/01-your-first-lte/

Dangerzone 0.4.1 has been released! This release includes a native Apple Silicon version, performance improvements for large files, and several other bugfixes and improvements. Download links for all platforms can be found on our website:

https://dangerzone.rocks/

New major DDoS amplification factor discovered.

SLP, with a factor of 2,200

BitSight: https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

CureSec: https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html

CloudFlare: https://blog.cloudflare.com/slp-new-ddos-amplification-vector/

NetScout: https://www.netscout.com/blog/asert/slp-reflectionamplification-ddos-attack-vector

54k servers exposed online and ready for abuse

I released some scripts to manipulate hashquines.
https://github.com/corkami/collisions/
Cc @0xabad1dea @spq @retr0id @ESultanik

🚀 Pyodide 0.23 is out! Now featuring CPython 3.11.2 with official Tier 3 support for WebAssembly, FFI improvements, load time optimizations, and additional packages. We've also introduced an experimental SDL2 support for graphics applications in Python. 🎉

https://blog.pyodide.org/posts/0.23-release/

oh, the new dbx update has the trend micro bootloaders (CVE-2023-28005) revoked too

how nice

also: MS didn't update dbx on windows yet. (probably because CVE-2023-28005 JUST got fixed, i was told june/july for that dbx update actually), so people on windows who trust the MS UEFI third party CA are still vulnerable to shdloader until then!

REALLY great job MS! :D

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

Made a small project this week-end, using a RPI (mysql Grafana and a 7inch screen) and two custom sensor based on ESP32 I made a small meteo station to replace the one dead few weeks ago :) I still need to make pcb to cleanup the mess and make some lasercut box :) By the way I have huge doubt about reliability of the PMS5003 sensor.

Finally releasing our new file indexing and search project.

We integrated #ClamAV and #Yara scanning and are archiving suspicious files we come across.

We also look into compressed files.

https://files.leakix.net/?q=infected%3Atrue

New in last week's #Metasploit release:

* Exploits for Cisco RV Series #CVE_2022_20707 and GitLab #CVE_2022_2992
* Bug fix for Arch warnings when starting msfconsole
* Updates to DLL template code that allow msfvenom to use (default Metasploit) DLL templates with payloads larger than 4096 bytes (e.g., unstaged payloads).

https://www.rapid7.com/blog/post/2023/02/17/metasploit-wrap-up-193/

MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support.

https://www.misp-project.org/2023/02/16/MISP.2.4.168.released.html/

Don't forget to update your instance.

#misp #threatintelligence #opensource

Our #rapid7 blog about an 0-day being actively exploited in Forta GoAnywhere:

https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/