March 25, 2023

Currently catching up with some not-so-recent papers... I love this one from 2021 by @marcograss and @0xKira233!

Over The Air #Baseband#Exploit: Gaining Remote Code Execution on #5G Smartphones

keenlab.tencent.com/zh/whitepapers…

— [email protected] (@0xdea)
2:10 PM • Mar 24, 2023

As a specialist in evaluating language models, I declare that this is the best way of evaluating language models:

— Sam Bowman (@sleepinyourhat)
7:37 PM • Mar 23, 2023

My analysis from the TikTok hearing: The United States has failed to bequeath Americans most of the online privacy rights it accuses TikTok of threatening.

— Will Oremus (@WillOremus)
1:09 PM • Mar 24, 2023

*clutching a 90s desktop tower to my chest, hiding behind an office partition as gunfire rings out* it's okay, ELIZA. we're going to make it out of here

ELIZA: how do you feel about  make it out of here?

— zaratustra (parody account) (@zarawesome)
9:13 AM • Jun 16, 2022

Hilarious: One way FBI IDed Conor Fitzpatrick as owner of BreachForums was from a user complaint he submitted to Omnipotent that his own email was not in the @haveibeenpwned database. @troyhunt

documentcloud.org/documents/2372…

— emptywheel (@emptywheel)
2:14 PM • Mar 24, 2023

China and Russia collaborating in foreign information manipulation and interference? In overall, 100 incidents/operations identified. #digitaleuambassadoreeas.europa.eu/sites/default/…

— Lukasz Olejnik (@[email protected]) (@lukOlejnik)
12:27 PM • Mar 24, 2023

Spent this week in Ljubljana working on story of an arrested "Argentinian" couple. She ran an art gallery, he ran IT start-up, but it seems they are in fact deep-cover illegals working for Russia's SVR intel. Quiet negotiations now on over poss exchange

— Shaun Walker (@shaunwalker7)
4:08 PM • Mar 24, 2023

Analysis and PoC of CVE-2021–21974 (VMware ESXi OpenSLP heap-overflow)

Vulnerability overview by @_wmliang_: zerodayinitiative.com/blog/2021/3/1/…
PoC walkthrough by @straight_blast: straightblast.medium.com/my-poc-walkthr…

#cve#exploit#infosec#cybersecurity#vmware

— 0xor0ne (@0xor0ne)
8:01 AM • Mar 24, 2023

x64 kernel-mode rootkit that can hide processes or elevate their privileges .

— V2 (@ZeroMemoryEx)
6:23 PM • Mar 24, 2023

Graphics cards are *horribly* inefficient at rendering 2D games, yet we still use them for that, because uhhhhhhh-

Graphics Cards don't know how to render semi-transparent surfaces so we sort them on the CPU to render them properly

— Luna 🦊🇩🇰 // nullptr::live (@LunaFoxgirlVT)
1:05 AM • Mar 24, 2023

honestly it’s incredible that they recognized that people who pay for this website will be blocked and bullied so relentlessly one of the main selling points of twitter blue will now be able to be hidden

— pudding person (@JUNlPER)
2:54 PM • Mar 24, 2023

#redteam tip: @Fortinet self protection bypass
Fortinet is using minifilter to prevent copying or deleting files in the app's installed location.
If you Reverse engineer the responsible driver, You will notice that there are some exceptions

— Parsa Sarrafian (@XsarrafX)
10:48 PM • Mar 23, 2023

LinusTechTips has posted a video explaining the recent compromise of his YouTube account.

tl;dr editor downloaded malicious attachment with data stealer malware

— vx-underground (@vxunderground)
1:42 AM • Mar 25, 2023

mathematician: 2 > 1

linux admin: 2 > &1

— sleeping (@speginel)
11:53 AM • Mar 2, 2023