Tim (Wadhwa-)Brown 

Interesting links of the week:

Strategy:

* https://c4model.com/ - using C4 to model software
* https://www.ncsc.gov.uk/whitepaper/advanced-cryptography - NCSC actively advocating to deprecate ROT13
* https://www.thecvefoundation.org/frequently-asked-questions - more on the CVE foundation
* https://jericho.blog/2025/04/24/cve-the-big-vote-of-no-confidence/ - @attritionorg gives his take on the CVE mess

Detection:

* https://kevintel.com/ - fresh intel for KEV
* https://mr-r3b00t.github.io/soc_chef/tools/timeline_creator.html - @UK_Daniel_Card's latest effort is for creating timelines
* https://th.reat.actor/blog/dhcp-fingerprinting - DCHP fingerprinting from one of my mentees

Bugs:

* https://x.com/gothburz/status/1915755189019017411 - RCE in SAP NetWeaver
* https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt - a nice *old* linker bug in OpenSSH

Exploitation:

* https://grep.app/ - bug hunt at scale
* https://symbol.exchange/grep - reverse engineer at scale
* https://blog.zsec.uk/common-tool-errors-kerberos/ - @zephrfish talks KRB5
* https://sensepost.com/blog/2020/avoiding-detection-via-dhcp-options/ - more on DHCP, courtesy of @RoganDawes

Nerd:

* https://dc4420.org/ - DC4420 is back \o/... thanks @marksteward
* https://new.fedidb.org/ - Fediverse statistics
* https://newsroom.arm.com/blog/evolution-of-arm-architecture-evolution-40-years - hats off for Sophie Wilson 🏳️‍⚧️ and gang

#security, #research

Home

C4 model

C4 model
May 1, 2025 at 7:29amWeb
Show threadmRr3b00t    ​🐘May 1, 2025
@timb_machine @attritionorg @zephrfish @RoganDawes @neilhimself
thanks mate! :)
Show threadmRr3b00t    ​🐘May 1, 2025

@timb_machine @attritionorg @zephrfish @RoganDawes @neilhimself

FYI mate I made loads more than just a timeline:

https://mr-r3b00t.github.io/soc_chef/

soc_chef

Security Operations Chef

soc_chef