Denzel

@[email protected]
9 Followers
122 Following
18 Posts
Software engineer with Microsoft Threat Protection, specializing in low-level cybersecurity, operating systems, and systems programming.
LinkedInhttps://www.linkedin.com/in/denzelfarmer/
Denzel1d ago
Ian Campbell 🏴2d ago

RE: https://mastodon.social/@Viss/116290947146967308

oh this one's cruel

Show threadDenzelMar 18

@Edent Shopping around for a power company? Is this some sort of European joke that I’m too American to understand?

Everyone knows you get exactly one monopolistic nightmare of a company and you enjoy it.

Show threadDenzelFeb 26

@bagder Yeah, I do sometimes have that complaint especially when I watch their videos on things I don’t know as much about (eg physics).

Sometimes feels like detail for the sake of demonstrating that the problem is complex rather than detail for the sake of teaching the viewer.

Show threadDenzelFeb 26

@bagder I actually spent some time talking the writers of that video through the technical details of the backdoor, since they came across a lecture I gave about it just after it was discovered (if anyone wants more depth / less polish: https://youtu.be/Q6ovtLdSbEA).

I think their video is definitely a bit dramatic and geared towards a less technical (or at least less cyber-focused) audience, but was impressed with how much they cared about getting the minutiae right.

Realistically, most of their viewers won’t care about ifunc or dynamic linker audit hooks, but it does keep things interesting for the cyber folks watching.

Deep Dive into XZ Utils Backdoor - Columbia Engineering, Advanced Systems Programming Guest Lecture

YouTube
DenzelFeb 26
daniel:// stenberg://Feb 26

I found this Veratasium documentary on the xz Jia Tan backdoor adventure quite good and surprisingly detailed:

https://www.youtube.com/watch?v=aoag03mSuXQ

The Internet Was Weeks Away From Disaster and No One Knew

YouTube
DenzelFeb 26
AndyFeb 26

That is a very good summary of what happened with the xz backdoor.

https://www.youtube.com/watch?v=aoag03mSuXQ

The Internet Was Weeks Away From Disaster and No One Knew

YouTube
Show threadDenzelFeb 26

@G33KatWork Cool to see this published, and pop up on my feed! I actually consulted with the writers of that video on the tech details of the backdoor.

If you’d like a much less polished (but more technical) explanation, I gave a lecture about a month after it happened: https://youtu.be/Q6ovtLdSbEA

Deep Dive into XZ Utils Backdoor - Columbia Engineering, Advanced Systems Programming Guest Lecture

YouTube
Show threadDenzelJan 17
@synlogic4242 @pinkflawd Looks like IDA pro graph mode to me. Pretty much the defacto disassembler that reverse engineers use for analyzing binaries.
DenzelDec 31
@da_667 Cut the smart plug a break, being part of a Russian bot net is hard work
Show threadDenzelDec 31

@Sempf Not sure how I feel about the advice to “move away from traditional firewalls and vpns” in favor of “zero trust networking”.

Seems they base this advice in data showing many attacks start with VPNs, but isn’t that just because VPNs and firewalls are the only public-facing software on the network? Kinda like suggesting removing vault doors in a bank because “most thieves enter via the door” and “safety deposit boxes should be locked anyways”.

I’m not convinced that doing away with these technologies will make anything better, you’re just increasing attack surface.

Behind VPNs and firewalls we obviously should still aim for “zero trust” for depth of defense.