's Avatar

@a37f5b.bsky.social

53 Followers  |  508 Following  |  7 Posts  |  Joined: 04.06.2023  |  2.0777

Latest posts by a37f5b.bsky.social on Bluesky

Preview
npm debug and chalk packages compromised The popular packages debug and chalk on npm have been compromised with malicious code

www.aikido.dev/blog/npm-deb...

08.09.2025 18:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

here's a framebuffer graphics demo (this has no practical purpose and I can't prove I'm not just like, playing a youtube video or something)

05.06.2025 16:26 β€” πŸ‘ 1285    πŸ” 270    πŸ’¬ 32    πŸ“Œ 60
Preview
The Signal Clone the Trump Admin Uses Was Hacked TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.

New from 404 Media: the Signal clone the Trump administration uses was just hacked. TeleMessage makes a modified version of Signal that archives messages for government agencies, Waltz used it. A hacker got some users' messages, group chats. Hugely significant breach www.404media.co/the-signal-c...

04.05.2025 22:01 β€” πŸ‘ 6071    πŸ” 2781    πŸ’¬ 156    πŸ“Œ 526
Preview
Astrill VPN and Remote Worker Fraud - Spur In our ongoing efforts to help organizations protect against fraud and abuse, we're excited to announce the free release of a comprehensive list of IP

Security firm Spur has released a list of 2,400 IP addresses linked to Astrill, a VPN service often used by North Korean IT workers to hide their location

spur.us/astrill-vpn-...

26.12.2024 16:09 β€” πŸ‘ 47    πŸ” 17    πŸ’¬ 0    πŸ“Œ 1
Portspoof - A new approach to fight back port and service scanners. Mangle your attackers' port scan results effectively.

drk1wi.github.io/portspoof/

26.12.2024 18:04 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

github.com/kooscode/srg...

20.12.2024 02:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - microsoft/markitdown: Python tool for converting files and office documents to Markdown. Python tool for converting files and office documents to Markdown. - microsoft/markitdown

Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.

Google also added Markdown export to Google Docs a few months ago.

github.com/microsoft/markitdown

13.12.2024 20:25 β€” πŸ‘ 529    πŸ” 127    πŸ’¬ 24    πŸ“Œ 24
Preview
Nearest Neighbor Attack: Hackers Breach Organizations via Wi-Fi from Russia Russian state-sponsored hacking group GruesomeLarch (also known as APT28 or Fancy Bear) has demonstrated a sophisticated new attack technique dubbed the "Nearest Neighbor Attack," which allows remote hackers to breach organizations by exploiting Wi-Fi networks of neighboring businesses.

Nearest Neighbor Attack: Hackers Breach Organizations via Wi-Fi from Russia

23.11.2024 03:56 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Preview
GitHub - stevendborrelli/bluesky-tech-starter-packs: A list of tech-related Bluesky starter packs A list of tech-related Bluesky starter packs. Contribute to stevendborrelli/bluesky-tech-starter-packs development by creating an account on GitHub.

github.com/stevendborre...

21.11.2024 02:52 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Creating a QR Code step by step This JavaScript demo application visualizes in detailed steps, how a text string is encoded into a QR Code barcode symbol. The content of this page essentially explains and justifies how my QR Code generator library works internally.

www.nayuki.io/page/creatin...

18.11.2024 05:24 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Here’s some cool stuff you can do with Bluesky It’s not just an Alf pics repository.

Here’s how to do stuff with Bluesky that you could not on X.

#medtech #bcsm #medsky #Xodus

www.theverge.com/24295933/blu...

18.11.2024 02:32 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
Week in OSINT 202417 This week's episode of WiO covers topics from cruise ships to custom search, and from sins to secrets! Now that I've got the very

Hello Monday, and hello #OSINT enthusiasts! Here is your short, weekly overview of hopefully interesting topics from the world of open source investigations:

H/T: @kirbstr.bsky.social @cqcore.bsky.social @bellingcat.com

sector035.nl/articles/202...

29.04.2024 06:11 β€” πŸ‘ 10    πŸ” 7    πŸ’¬ 0    πŸ“Œ 1
Preview
deck.blue Get the most out of Bluesky with a multi-column layout

More Bluesky tools - deck.blue is like tweetdeck, but for bluesky

08.11.2024 10:42 β€” πŸ‘ 66    πŸ” 25    πŸ’¬ 10    πŸ“Œ 6
Preview
Abusing Ubuntu 24.04 features for root privilege escalation | Snyk With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privi...

snyk.io/blog/abusing...

16.11.2024 16:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Sky Follower Bridge Instantly find and follow the same users from your 𝕏 followers on Bluesky

www.sky-follower-bridge.dev

16.11.2024 16:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

We have now hit 16 million users. We're looking like we might onboard another million today, we'll see. Regardless we'll be far past 16.5 million I'm quite certain.

14.11.2024 18:03 β€” πŸ‘ 3271    πŸ” 290    πŸ’¬ 141    πŸ“Œ 58
Preview
Everything I know about the XZ backdoor Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveries

boehs.org/node/everyth...

29.03.2024 23:19 β€” πŸ‘ 14    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

30.03.2024 17:13 β€” πŸ‘ 688    πŸ” 276    πŸ’¬ 7    πŸ“Œ 15
Post image

Interesting way to use LEGBA (github.com/evilsocket/l...) #bruteforce tool from twitter.com/evilsocket - enumeration valid emails for G Suite domain.
Read more about LEGBA:
www.evilsocket.net/2023/11/02/E...

03.11.2023 00:32 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - google/trillian: A transparent, highly scalable and cryptographically verifiable data store... A transparent, highly scalable and cryptographically verifiable data store. - GitHub - google/trillian: A transparent, highly scalable and cryptographically verifiable data store.

Somehow I didn't know this existed until today github.com/google/trill...

29.10.2023 09:17 β€” πŸ‘ 20    πŸ” 2    πŸ’¬ 3    πŸ“Œ 0
Post image

Today I updated my tool collection once again (over 60+ links from tweets over the last seven months).

Total now:

1284 links
138 sections
more than 250 000 visits
3.7K stars
435 forks
Almost 2,5 years of work (since April 2021)

github.com/cipher387/os...

#osint #socmint #geoint

12.09.2023 23:52 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
CVE-2023-2868 | AttackerKB On May 30, 2023, Barracuda Networks published an advisory for CVE-2023-2868, an easily exploitable remote command injection vulnerability affecting several ver…

We just published our detailed analysis of CVE-2023-2868, a shell command injection vulnerability in the #Barracuda Secure Email Gateway appliance. Big props to my co-worker Curtis Fielding for putting all this together!

#infosec #vulnerability #exploit #PoC #rapid7

05.07.2023 19:48 β€” πŸ‘ 4    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

@a37f5b is following 20 prominent accounts