RE: https://infosec.exchange/@briankrebs/116676272178217559

AS213999 and AS209847, both associated with WorkTitans, were already on the #GAYINT naughty ASN list.

https://intel.gayint.org/blocklists

For those of you struggling to pay for garbage CTI, and those without a CTI budget at all, what kinds of things would be beneficial and actionable for you? I'm especially interested in nonprofits, small municipalities, and the like. IDGAF about the corpos who have the resources to do better but don't.

Edit: I am not looking to do some startup or whatever to target a new market segment. I am not looking to profit. I am looking to generate discussion and possibly fill a gap in the community if possible.

#GAYINT #threatIntel #CTI

New bot just dropped!  

This bot checks CVE descriptions for the string `../`[1] & posts any new here.

Posts contain one CVE as well as the description & some (sometimes vendor-themed) #directorytraversalmemes . Posts are at most hourly & unlisted, working through the backlog as required. Expect about 1-2 posts per day on average.

@nyanbinary will gladly accept new memes (generic or vendor specific).

[1]: "But nyan, why don't you use CWE-22 and children": Because thats >800 this year so far & this is a shitpost bot, not actual threat intel, you want to go to #GAYINT for that. The bot repo contains a "library" including a function to filter for these if you actually care.

Edit: This bot now uses a set of CWEs + string search for ../ because SOME CNAs (*cough* Linux) couldn't behave themselves & added ../ in description strings to describe paths.

Happy Wednesday. Here, have a list of about 3500 domains that are part of a Chinese domain reseller network.  

https://blog.gayint.org/intel/resellerDomains20260513.txt

#GAYINT #threatIntel