Twitter whistleblower Peiter "Mudge" Zatko raises concerns over security threats at platform - CNN
https://www.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html
Twitter whistleblower Peiter "Mudge" Zatko raises concerns over security threats at platform - CNN
https://edition.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html
Whistleblower: Twitter misled investors, FTC and underplayed spam issues - Washington Post
https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/
New Iranian APT data extraction tool
https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/
Twitter whistleblower Peiter "Mudge" Zatko raises concerns over security threats at platform - CNN
http://www.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html
How to Detect OAuth Access Token Theft in Azure
https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe
https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe
GitHub - WithSecureLabs/chainsaw: Rapidly Search and Hunt through Windows Event Logs
https://github.com/WithSecureLabs/chainsaw
Donie O'Sullivan on Twitter: "#BREAK A former Twitter executive, its head of security, has turned whistleblower. He alleges grave security problems at the company that he says are a risk to national security and democracy. His first TV interview here: https://t.co/QU823RBnN1 https://t.co/krh7WVOrhe" / Twitter
https://twitter.com/donie/status/1562020176278716416
Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2) – bohops
https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/
Kaspersky Employees Say They Were Asked to Resign Because They Wanted To Leave Russia
https://www.vice.com/en/article/88q8ak/kaspersky-employees-say-they-were-asked-to-resign-because-they-wanted-to-leave-russia
my_vulnerabilities/CVE-2022-22715 at master · k0keoyo/my_vulnerabilities · GitHub
https://github.com/k0keoyo/my_vulnerabilities/tree/master/CVE-2022-22715
Masky release (v0.0.3) | Zak's blog
https://z4ksec.github.io/posts/masky-release-v0.0.3/
New 'Donut Leaks' extortion gang linked to recent ransomware attacks
https://www.bleepingcomputer.com/news/security/new-donut-leaks-extortion-gang-linked-to-recent-ransomware-attacks/
GitHub - daem0nc0re/TangledWinExec: C# PoCs for investigation of Windows process execution techniques investigation
https://github.com/daem0nc0re/TangledWinExec
People · Twitter · GitHub
https://github.com/orgs/twitter/people?query=Al+Sutt
A Famed Hacker Is Grading Thousands of Programs — and May Revolutionize Software in the Process
https://theintercept.com/2016/07/29/a-famed-hacker-is-grading-thousands-of-programs-and-may-revolutionize-software-in-the-process/
Zero Day Initiative — But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 2)
https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2
ETHERLED: Air-gapped systems leak data via network card LEDs
https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/
Whistleblower: Twitter misled investors, FTC and underplayed spam issues - Washington Post
https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/?itid=hp-top-table-main
Project Rebranding to OWASP MAS · Discussion #2180 · OWASP/owasp-mstg · GitHub
https://github.com/OWASP/owasp-mstg/discussions/2180
Donie O'Sullivan on Twitter: "NEW: First time Twitter CEO @paraga weighs in on whistleblower story. Sending this message to staff this morning. https://t.co/WY4TCqbA5q" / Twitter
https://twitter.com/donie/status/1562069281545900033
GitHub - epixoip/hmac-bcrypt: The hmac-bcrypt password hashing function
https://github.com/epixoip/hmac-bcrypt
Kim Zetter on Twitter: "Twitter says Mudge is “disgruntled employee,” who was fired for poor performance/leadership. But there’s probably no security exec with more ethics, more credibility than Mudge. He worked for gov for years, his wife is former NSA. I wrote about them here: https://t.co/jzIHY8U2F1" / Twitter
https://twitter.com/kimzetter/status/1562045006520627200
Wendy Nather on Twitter: "Bravo @dotMudge. That's it. That's the tweet. https://t.co/lEQCOZRRJ8" / Twitter
https://twitter.com/wendynather/status/1562071674840915969
GitHub - google/hashr
https://github.com/google/hashr
French hospital hit by $10M ransomware attack, sends patients elsewhere
https://www.bleepingcomputer.com/news/security/french-hospital-hit-by-10m-ransomware-attack-sends-patients-elsewhere/
Generate your own hash sets with HashR
https://osdfir.blogspot.com/2022/08/generate-your-own-hash-sets-with-hashr.html
Attack Surface Management Series - EP2 - Shodan - YouTube
https://youtu.be/D_wuxfwjZB0
Request for Mock Interview and/or Resume Review at Blue Team Con Career Village 2022
https://docs.google.com/forms/d/e/1FAIpQLSeRvLhXpDYrjC0Y3qWUzPyyv8rqw2n4dm9k_3rG12mNrOVZcw/viewform?usp=sf_link
Kim Zetter on Twitter: "It was clear when Mudge left Twitter something was wrong. Now he’s blowing whistle. Says company doesn’t properly delete data, too many staff access central controls/sensitive info; senior execs cover up vulns; some staff may be working for foreign intel https://t.co/U0We4XtD09" / Twitter
https://twitter.com/KimZetter/status/1562035002107301888
inversecos ᐡ ꒳ ᐡ on Twitter: "1\ #ThreatHunting: Detecting OAuth Token Theft in Azure / M365 This technique is STILL being abused by Chinese APT groups. This blog covers several methods of detecting this technique😈. It's also a good reminder to always perform browser forensics ;) https://t.co/O86XVZYz2J https://t.co/tsPqE6zivT" / Twitter
https://twitter.com/inversecos/status/1561984322844131328