CryptoTester
A utility for playing with cryptography, geared towards ransomware analysis.
https://github.com/Demonslay335/CryptoTester
#CryptoTester
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
A utility for playing with cryptography, geared towards ransomware analysis.
https://github.com/Demonslay335/CryptoTester
#CryptoTester
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
GitHub
GitHub - Demonslay335/CryptoTester: A utility for playing with cryptography, geared towards ransomware analysis.
A utility for playing with cryptography, geared towards ransomware analysis. - Demonslay335/CryptoTester
π1
The EU's new Cyber Resilience Act is about to tell us how to code (and fine us hugely if we don't)
The EUβs new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online β the Biden administration has just released its National Cybersecurity Strategy that has similar aims.
tl;dr
The extremely short version: The EU is going to task a standardisation body to write a document that tells everyone marketing products and software in the EU how to code securely. This to further the EU Essential Cybersecurity Requirements. For critical software and products, EU notified bodies (which until now have mostly done physical equipment and process certifications) will do audits to determine if code and products adhere to this standard. And if not, there could be huge fines.
https://berthub.eu/articles/posts/eu-cra-secure-coding-solution/
#eu #cyberresillence
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The EUβs new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online β the Biden administration has just released its National Cybersecurity Strategy that has similar aims.
tl;dr
The extremely short version: The EU is going to task a standardisation body to write a document that tells everyone marketing products and software in the EU how to code securely. This to further the EU Essential Cybersecurity Requirements. For critical software and products, EU notified bodies (which until now have mostly done physical equipment and process certifications) will do audits to determine if code and products adhere to this standard. And if not, there could be huge fines.
https://berthub.eu/articles/posts/eu-cra-secure-coding-solution/
#eu #cyberresillence
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Bert Hubert's writings
The EU's new Cyber Resilience Act is about to tell us how to code - Bert Hubert's writings
First a round of thanks for the many people in industry and government who provided valuable links, background and insights! I could not have done this without your help! If you spot any mistakes, or have suggestions, please do contact me on [email protected]β¦
π1
πDarknet Diaries Ep. 65: PSYOP
Here's How the U.S. Military Hacks People's Brains
https://www.youtube.com/watch?v=zLWuuV0lBhU
#podcast #truecrime #darknetdiaries
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Here's How the U.S. Military Hacks People's Brains
https://www.youtube.com/watch?v=zLWuuV0lBhU
#podcast #truecrime #darknetdiaries
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
YouTube
Here's How the U.S. Military Hacks People's BrainsπDarknet Diaries Ep. 65: PSYOP
PSYOPs, or "Psychological Operations" are happening all around us, 24/7. Sometimes they're used in warfare against foreign enemies, and sometimes we know them by different names: Marketing, PR, spin, and propaganda. This is the story about information beingβ¦
π4π₯1
Mullvad becomes highest level of Tor Member (Shallot)
Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.
Contributing to communities and organisations that really strive to improve privacy and integrity online is important for Mullvad. Unfortunately, there are very few. Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.
We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.
https://mullvad.net/de/blog/2023/3/3/mullvad-becomes-highest-level-of-tor-member-shallot/
#mullvad #vpn #toor
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.
Contributing to communities and organisations that really strive to improve privacy and integrity online is important for Mullvad. Unfortunately, there are very few. Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.
We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.
https://mullvad.net/de/blog/2023/3/3/mullvad-becomes-highest-level-of-tor-member-shallot/
#mullvad #vpn #toor
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mullvad VPN
Mullvad becomes highest level of Tor Member (Shallot) | Mullvad VPN
Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.
π8β€4
OIG-23-17-Feb23.pdf
17.8 MB
Secret Service and ICE conducted illegal surveillance through fake cell towers
A newly-released report by the Department of Homeland Securityβs Office of the Inspector General (OIG) revealed that federal agencies, including Homeland Security Investigations (HSI) and Immigration and Customs Enforcement (ICE), used cell-site simulators (CSS) to illegally conduct surveillance.
CSS, aka Stingrays, are devices that mimic cell phone towers, duping mobile devices within a certain radius to connect to them instead of cell towers. Once connected to the CSS, law enforcement can conduct a search of the devices, in violation of basic constitutional freedoms.
https://reclaimthenet.org/secret-service-and-ice-conducted-illegal-surveillance-through-fake-cell-towers
PDF: https://docs.reclaimthenet.org/OIG-23-17-Feb23.pdf
#css #surveillance #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
A newly-released report by the Department of Homeland Securityβs Office of the Inspector General (OIG) revealed that federal agencies, including Homeland Security Investigations (HSI) and Immigration and Customs Enforcement (ICE), used cell-site simulators (CSS) to illegally conduct surveillance.
CSS, aka Stingrays, are devices that mimic cell phone towers, duping mobile devices within a certain radius to connect to them instead of cell towers. Once connected to the CSS, law enforcement can conduct a search of the devices, in violation of basic constitutional freedoms.
https://reclaimthenet.org/secret-service-and-ice-conducted-illegal-surveillance-through-fake-cell-towers
PDF: https://docs.reclaimthenet.org/OIG-23-17-Feb23.pdf
#css #surveillance #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π₯4π2
Zippyshare - Inofrmation about the closure of the project
Hey Folks,
Weβve decided that weβre shutting down the project at the end of the month. Please make backups of your important files, you have about two weeks to do so. Until then, the site will run without any changes.
There are several reasons for the closure:
β Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore.
https://blog.zippyshare.com/
#zippyshare
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Hey Folks,
Weβve decided that weβre shutting down the project at the end of the month. Please make backups of your important files, you have about two weeks to do so. Until then, the site will run without any changes.
There are several reasons for the closure:
β Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore.
https://blog.zippyshare.com/
#zippyshare
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π±14π3
I Think I Found a Privacy Exploit in ChatGPT
tl;dr: I found that if you pass empty prompts to ChatGPT it spits back results anyway At first I thought they might be hallucinations but now I believe I'm also getting back other people's responses
https://tane.dev/2023/04/i-think-i-found-a-privacy-exploit-in-chatgpt/
#chatgpt #exploit #privacy
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
tl;dr: I found that if you pass empty prompts to ChatGPT it spits back results anyway At first I thought they might be hallucinations but now I believe I'm also getting back other people's responses
https://tane.dev/2023/04/i-think-i-found-a-privacy-exploit-in-chatgpt/
#chatgpt #exploit #privacy
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
tane.dev
I Think I Found a Privacy Exploit in ChatGPT
Either ChatGPT is good at hallucinating, or I found an exploit in their API that can expose private information
π17
Indian government gives itself the power to βfact-checkβ and delete social media posts
Journalists, opposition parties, and advocacy groups are worried what this βabsolute powerβ means for press freedom in India
The Indian government on April 6 announced a state-run fact-checking unit that will have sweeping powers to label any piece of information related to the government as βfake, false or misleadingβ and have it removed from social media. The country has tweaked its tech rules that now require platforms such as Facebook, Twitter, and Instagram to take down content flagged by the fact-checking body. Internet service providers are also expected to block URLs to such content. Failure to comply could result in the platforms losing safe harbor protection that safeguards them from legal action against any content posted by their users, said Indiaβs minister of information technology, Rajeev Chandrasekhar.
βThe amended rules now also make it obligatory on the intermediaries to not to publish, share or host fake, false or misleading information in respect of any business of the Central Government. [This] fake, false or misleading information will [be] identified by the notified Fact Check Unit of the Central Government,β the government said in a press release.
https://restofworld.org/2023/indian-government-fact-check-delete-social-media/
https://www.pib.gov.in/PressReleasePage.aspx?PRID=1914358
#india
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Journalists, opposition parties, and advocacy groups are worried what this βabsolute powerβ means for press freedom in India
The Indian government on April 6 announced a state-run fact-checking unit that will have sweeping powers to label any piece of information related to the government as βfake, false or misleadingβ and have it removed from social media. The country has tweaked its tech rules that now require platforms such as Facebook, Twitter, and Instagram to take down content flagged by the fact-checking body. Internet service providers are also expected to block URLs to such content. Failure to comply could result in the platforms losing safe harbor protection that safeguards them from legal action against any content posted by their users, said Indiaβs minister of information technology, Rajeev Chandrasekhar.
βThe amended rules now also make it obligatory on the intermediaries to not to publish, share or host fake, false or misleading information in respect of any business of the Central Government. [This] fake, false or misleading information will [be] identified by the notified Fact Check Unit of the Central Government,β the government said in a press release.
https://restofworld.org/2023/indian-government-fact-check-delete-social-media/
https://www.pib.gov.in/PressReleasePage.aspx?PRID=1914358
#india
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Rest of World
Indian government gives itself the power to βfact-checkβ and delete social media posts
Journalists, opposition parties, and advocacy groups are worried what this βabsolute powerβ means for press freedom in India.
π₯10π3π±2β€1
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms
The international mobile system is exposed and a loophole allows hackers, cybercriminals and states to geolocate targets and even hijack email and web accounts. Israelis can be found among the victims - and the attackers
https://www.haaretz.com/israel-news/security-aviation/2023-05-10/ty-article-magazine/.premium/global-surveillance-the-secretive-swiss-dealer-enabling-israeli-spy-firms/00000188-0005-dc7e-a3fe-22cdf2900000
#surveillance
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The international mobile system is exposed and a loophole allows hackers, cybercriminals and states to geolocate targets and even hijack email and web accounts. Israelis can be found among the victims - and the attackers
https://www.haaretz.com/israel-news/security-aviation/2023-05-10/ty-article-magazine/.premium/global-surveillance-the-secretive-swiss-dealer-enabling-israeli-spy-firms/00000188-0005-dc7e-a3fe-22cdf2900000
#surveillance
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π±5β€1π₯1
Google Unlocked
Google Unlocked is an open source browser extension, which unlocks hidden google search results.
The extension scans hidden search results that were censored by Google due to complaints. Use it wisely.
https://github.com/Ibit-to/google-unlocked
#google #search #osint
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Google Unlocked is an open source browser extension, which unlocks hidden google search results.
The extension scans hidden search results that were censored by Google due to complaints. Use it wisely.
https://github.com/Ibit-to/google-unlocked
#google #search #osint
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
GitHub
GitHub - Ibit-to/google-unlocked: Google Unlocked browser extension uncensor google search results
Google Unlocked browser extension uncensor google search results - Ibit-to/google-unlocked
π2
Media is too big
VIEW IN TELEGRAM
How to be Invisible Online (and the hard truth about it)
Don't be fooled ... Occupy The Web (OTW) tells us the hard truth about being anonymous online. The brutal truth: Will using your neigbors wifi keep you anonymous? Can you hide from the NSA? Can you hide from Google and other companies? Will Tor help you? Will Proxy Chains help? Which phone do you need to use - Android or iPhone or something else? Which operating system - Windows, macOS or Linux? What is the truth? What do you need to use?
https://www.youtube.com/watch?v=LEbAxsYRMcQ
#video #otw #invisible #online
π₯@cRyPtHoN_INFOSEC_IT
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
Don't be fooled ... Occupy The Web (OTW) tells us the hard truth about being anonymous online. The brutal truth: Will using your neigbors wifi keep you anonymous? Can you hide from the NSA? Can you hide from Google and other companies? Will Tor help you? Will Proxy Chains help? Which phone do you need to use - Android or iPhone or something else? Which operating system - Windows, macOS or Linux? What is the truth? What do you need to use?
https://www.youtube.com/watch?v=LEbAxsYRMcQ
#video #otw #invisible #online
π₯@cRyPtHoN_INFOSEC_IT
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
π7β€2
HyperDeceit
This repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.
https://reversing.info/posts/hyperdeceit/
https://github.com/Xyrem/HyperDeceit
#hyperdeceit
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
This repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.
https://reversing.info/posts/hyperdeceit/
https://github.com/Xyrem/HyperDeceit
#hyperdeceit
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Xyrem Engineering
Exploiting Windows' vulnerabilities with Hyper-V: A Hacker's swiss army knife
In this blog, we explore how to leverage the implementation of the Hyper-V virtualization technology to exploit and attack Windows systems and learn what measures should be taken to mitigate this vulnerability. Join us as we explore the world of Windows hackingβ¦
π1
research paper on anti-cheat measures.pdf
444.4 KB
Another research paper on anti-cheat measures for all the game hackers out there!
https://repositorio-aberto.up.pt/bitstream/10216/142935/2/572983.pdf
#anticheat #research #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
https://repositorio-aberto.up.pt/bitstream/10216/142935/2/572983.pdf
#anticheat #research #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π1
Two_bugs_with_one_PoC_Rooting_Pixel_6_from_Android_12_to_Android.pdf
16.3 MB
Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13
https://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf
#MobileSecurity #AndroidSecurity #root #pixel #poc #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
https://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf
#MobileSecurity #AndroidSecurity #root #pixel #poc #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Compromised from Within: The Unauthorized Restoration of TorGuardβs Telegram Channel
This is the comprehensive, substantiated account of how TorGuardβs deleted Telegram Channel was improperly resurrected and handed over to a known fraudster, by a paid insider at Telegram. We bring forth irrefutable evidence, shedding light on this disturbing violation, which calls into question the integrity of Telegramβs internal security mechanisms.
https://medium.com/@TorGuard/compromised-from-within-the-unauthorized-restoration-of-torguards-telegram-channel-dce4c5836
#telegram #torguard
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
This is the comprehensive, substantiated account of how TorGuardβs deleted Telegram Channel was improperly resurrected and handed over to a known fraudster, by a paid insider at Telegram. We bring forth irrefutable evidence, shedding light on this disturbing violation, which calls into question the integrity of Telegramβs internal security mechanisms.
https://medium.com/@TorGuard/compromised-from-within-the-unauthorized-restoration-of-torguards-telegram-channel-dce4c5836
#telegram #torguard
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Medium
Compromised from Within: The Unauthorized Restoration of TorGuardβs Telegram Channel
This is the comprehensive, substantiated account of how TorGuardβs deleted Telegram Channel was improperly resurrected and handed over to aβ¦
π±2
Compromised from Within (Part 2): Telegram Support Finally Responds
In this follow-up post, we clarify misunderstandings about channel deletion on Telegram, learned through interactions with Reddit users, Telegram Support, and Telegram CEO Pavel Durov. It appears you canβt delete channels with over 1K subscribers β only Telegram Support can, shedding new light on our previous βunauthorized channel restorationβ misunderstanding.
https://medium.com/@TorGuard/compromised-from-within-part-2-telegram-support-finally-responds-a30b7e66e859
#telegram #torguard
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
In this follow-up post, we clarify misunderstandings about channel deletion on Telegram, learned through interactions with Reddit users, Telegram Support, and Telegram CEO Pavel Durov. It appears you canβt delete channels with over 1K subscribers β only Telegram Support can, shedding new light on our previous βunauthorized channel restorationβ misunderstanding.
https://medium.com/@TorGuard/compromised-from-within-part-2-telegram-support-finally-responds-a30b7e66e859
#telegram #torguard
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Medium
Compromised from Within (Part 2): Telegram Support Finally Responds
In this follow-up post, we clarify misunderstandings about channel deletion on Telegram, learned through interactions with Reddit usersβ¦
π₯4π3
TavernaPaterson-SnappingSnapSync.pdf
448.9 KB
Snapping Snap Sync: Practical attacks on Go Ethereum sync nodes
https://appliedcrypto.ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/research/TavernaPaterson-SnappingSnapSync.pdf
#ethereum #snapsync #attacks #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
https://appliedcrypto.ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/research/TavernaPaterson-SnappingSnapSync.pdf
#ethereum #snapsync #attacks #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π1
File Archiver In The Browser
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain.
Introduction
Last week Google released several new top-level domains (TLDs) including .dad, .phd, .mov and .zip. Many members of the security community began posting about concerns they had with TLDs that can be mistaken for file extensions, specifically, .mov and .zip. The intention of this article isnβt to discuss my opinion on the topic, instead, Iβll be showcasing how it can be used to enhance phishing engagements.
With this phishing attack, you simulate a file archiver software (e.g. WinRAR) in the browser and use a .zip domain to make it appear more legitimate.
https://mrd0x.com/file-archiver-in-the-browser/
#tlds #poc #phishing
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain.
Introduction
Last week Google released several new top-level domains (TLDs) including .dad, .phd, .mov and .zip. Many members of the security community began posting about concerns they had with TLDs that can be mistaken for file extensions, specifically, .mov and .zip. The intention of this article isnβt to discuss my opinion on the topic, instead, Iβll be showcasing how it can be used to enhance phishing engagements.
With this phishing attack, you simulate a file archiver software (e.g. WinRAR) in the browser and use a .zip domain to make it appear more legitimate.
https://mrd0x.com/file-archiver-in-the-browser/
#tlds #poc #phishing
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π3β€1
Media is too big
VIEW IN TELEGRAM
Documenting the rise of facial recognition in the UK
Facial recognition surveillance turns us into walking ID cards, and treats members of the public like suspects in a high-tech police line up.
Our new detailed report, Biometric Britain: The Expansion of Facial Recognition Surveillance, lays out how police, retailers, tech companies and even some schools are investing huge sums of money into this intrusive technology.
https://bigbrotherwatch.org.uk/campaigns/stop-facial-recognition/#report
https://www.youtube.com/watch?v=bX-Yxy1ESAQ
#surveillance #uk
π₯@cRyPtHoN_INFOSEC_IT
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
Facial recognition surveillance turns us into walking ID cards, and treats members of the public like suspects in a high-tech police line up.
Our new detailed report, Biometric Britain: The Expansion of Facial Recognition Surveillance, lays out how police, retailers, tech companies and even some schools are investing huge sums of money into this intrusive technology.
https://bigbrotherwatch.org.uk/campaigns/stop-facial-recognition/#report
https://www.youtube.com/watch?v=bX-Yxy1ESAQ
#surveillance #uk
π₯@cRyPtHoN_INFOSEC_IT
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
π±5β€2π2
sec23fall-prepub-261-xia-qi.pdf
1.8 MB
Near-Ultrasound Inaudible Trojan (NUIT): Exploits your speaker to attack your microphone
https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf
#nuit #trojan #ultrasound #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf
#nuit #trojan #ultrasound #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π4
MullvadVPN - Removing the support for forwarded ports
Today we announce that we no longer support port forwarding. New port forwards will no longer be supported, and existing ports will be removed 2023-07-01.
https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/
#mullvad #vpn
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Today we announce that we no longer support port forwarding. New port forwards will no longer be supported, and existing ports will be removed 2023-07-01.
https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/
#mullvad #vpn
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mullvad VPN
Removing the support for forwarded ports | Mullvad VPN
Today we announce that we no longer support port forwarding. New port forwards will no longer be supported, and existing ports will be removed 2023-07-01.
π5π±3