JM

Look what's happening at the French Embassy in Washington DC.

'Did you even say thank you?'

Hopefully work is temporarily outsourced to the other four eyes 🤞🏻

As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to pause cyber and information operations against Russia as Trump seeks to bring Putin to the negotiating table to end war in Ukraine.

SecDef has ordered a pause on offensive cyber and info operations while the US & Moscow are in talks, though planning for operations continues, according to sources. While such a pause is not unusual, the move comes as Trump accommodates Putin in his designs on Ukraine.
wapo.st/4kjGtrI

We are experiencing an assault on science unparalleled by anything I’ve seen in my life. It’s not one issue or another anymore, the entire institution is under attack by the most powerful individuals in the country.

This Friday, where will you be?

standupforscience2025.org

Why this matters:
1. While NSA doesn't have to stand down, many service members working *at* NSA work for their individual services, addressing their intelligence priorities. The national mission broadly benefits from this. These members likely must stand down. 1/
therecord.media/hegseth-orde...

r-tec Blog | Bypass AMSI in 2025 This blog post will shed some light on what's behind AMSI (roughly, but hopefully easy to understand) and how you can still effectively bypass it - more than four years later.

This is a really cool post if interested in Redteam and bypassing AVs.. en.r-tec.net/r-tec-blog-b...

Lazarus targets nuclear-related organization with new malware Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

“Lazarus group evolves its infection chain with old and new malware” #threatintel #cybersecurity
securelist.com/lazarus-new-...

Screenshot of a password box, with example "Nine+twelve=21"

New password generation algorithm just dropped, get cracking.

Russian government spies targeted Ukraine using tools developed by cybercriminals | TechCrunch Researchers say a hacking group linked to the FSB used tools developed by a cybercrime group to target Ukraine's Army and Border Guard.

“Russian government spies targeted Ukraine using tools developed by cybercriminals” #nationalsecurity #intel #infosec

techcrunch.com/2024/12/11/r...

Told Assad I am not mad and to prove it I've given him apartment with large windows & scenic views.

Would you like to work with great folks to secure something important? LinkedIn security is hiring -- with more roles coming, including a Sr. Director for Risk and Compliance. I'd love to work with you!

No jerks, please.

US alleges China hacked calls of 'very senior' political figures, official says The U.S. believes that an alleged sweeping Chinese cyber espionage campaign known as Salt Typhoon targeted and recorded telephone calls of "very senior" American political figures, a White House official said on Saturday.

(Should not be a surprise :) “US alleges China hacked calls of 'very senior' political figures, official says” #nationalsecurity #cybersecurity
www.reuters.com/world/us-all...

Breaking: The House Permanent Select Committee on Intelligence has released an unclassified report into the IC and its work on Havana Syndrome, or Anomalous Health Incidents. From the first lines of the executive summary: "It appears increasingly likely…that a foreign adversary is behind some AHIs."

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indi...

A Russian APT hacked the infrastructure and tools of other APTs and cybercriminal groups to conduct cyber espionage attacks in South East Asia. Great @microsoftsecurity.bsky.social report. #infosec www.microsoft.com/en-us/securi...

Guidance Urges Visibility and Device Hardening against PRC-Affiliated Threat Actor FORT MEADE, Md. – The National Security Agency (NSA) joins the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and others in releasing

“Guidance Urges Visibility and Device #Hardening against PRC-Affiliated Threat Actor” #infosec #cybersecurity

www.nsa.gov/Press-Room/P...

U.S. officials urge Americans to use encrypted apps amid cyberattack that exposed live phone calls Officials from the FBI and CISA said it was impossible to predict when the telecommunications companies would be fully safe from interlopers.

The irony, it burns.

Yes, there are tradeoffs to end to end encryption, but it's wild for the FBI to start agreeing with basically the entire security community that it's an often-necessary security message.

www.nbcnews.com/tech/securit...

GitHub - rasta-mouse/process-inject-kit: Port of Cobalt Strike's Process Inject Kit Port of Cobalt Strike's Process Inject Kit. Contribute to rasta-mouse/process-inject-kit development by creating an account on GitHub.

#CobaltStrike ‘s Process Inject Kit from C to C++ BOF templates.. courtesy Rasta Mouse #redteam #infosec #cybersecurity

github.com/rasta-mouse/...

Capture The Flag (CTF) Get ready to elevate your DFIR skills with our exciting DFIR Labs Capture The Flag (CTF) competition! This event will immerse you in real-world intrusion scenarios, crafted to evaluate various face…

“DFIR Labs Capture The Flag (#CTF) competition” #infosec #cybersecurity fun in December
thedfirreport.com/services/dfi...

Dissecting JA4H for improved Sliver C2 detections Background On November 18, 2024, Palo Alto Networks announced the discovery of two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474, in the operating system that powers their firewall device...

“Dissecting JA4H for improved Sliver #C2 detections” #cybersecurity #infosec #dfir
#detection

blog.webscout.io/dissecting-j...

Release 20 · GrapheneOS/PdfViewer Notable changes in version 20: improve app compatibility by trying to load data with no MIME type passed improve zoom gesture by scrolling during zooming to keep focus in the same place instead of...

Secure PDF Viewer app version 20 released:

github.com/GrapheneOS/P...

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

#GrapheneOS #privacy #security #pdf #android

GRUB LUKS Bypass and Dump Recently I needed to get the data off of a LUKS encrypted partition on a Virtual Machine that “wasn’t mine” and I’d never done it before.

GRUB LUKS Bypass and Dump, #linux #cybersecurity #infosec

remyhax.xyz/posts/luks-v...

YouTube video by Black Hat Practical LLM Security: Takeaways From a Year in the Trenches

If you missed my blackhat talk on the security of LLM applications, it's up on youtube now:

m.youtube.com/watch?v=Rhpq...

UK Sends Kyiv More Storm Shadows as Starmer Pledges Support The UK government recently supplied Ukraine with dozens more Storm Shadow cruise missiles, according to people familiar with the matter, a first under Prime Minister Keir Starmer, who has pledged cont...

“The UK government recently supplied Ukraine with dozens more Storm Shadow cruise missiles, according to people familiar with the matter, a first under Prime Minister Keir Starmer” www.bloomberg.com/news/article...

New tech brings new vulnerabilities. Introducing CWE-1427: Improper Neutralization of Input Used for LLM Prompting,
Externally-provided data used to build prompts provided LLMs, but the way they are constructed causes the LLM to fail to distinguish between user-supplied inputs and system directives

Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence | Google Cloud Blog When used for malware analysis, Gemini now has capabilities to address obfuscation, and obtain insights on IOCs.

Great post about malware analysis #cybersecurity #infosec #dfir
cloud.google.com/blog/topics/...

Putin's Nuclear Meltdown | Geopolitics Decanted by Silverado Dmitri Alperovitch talks all things nukes with Dr. Jeffrey Lewis, an expert in arms control and nuclear and missile nonproliferation, currently a professor at the James Martin Center for Nonproliferat...

Putin’s Nuclear Meltdown: My Geopolitics Decanted chat with @armscontrolwonk.bsky.social about implications of Russia’s nuclear doctrine changes, Oreshik missile launch, the real Putin redlines, Iran’s resumption of warhead design work and China’s nuke buildup
podcast.silverado.org/episodes/put...

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

“The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access” #threatintel #dfir #cybersecurity #infosec

www.volexity.com/blog/2024/11...

I attended a meetup in Seattle and got to spend time with @bnewbold.net and @pfrazee.com from the Bluesky engineering team.

I walked away with an understanding of the role DIDs and PDSs play in the grand scheme of things, and why the most exciting work sits higher up the stack. I almost unretired.