Tim (Wadhwa-)Brown 
Interesting links of the week:
Strategy:
* https://owasp.org/Top10/2025/0x00_2025-Introduction/ - a new OWASP top 10 is born
* https://www.cmorg.org.uk/sites/default/files/2025-11/CMORG%20-%20Dynamic%20Scenario%20Library%20v1.1%20-%20Final%20-%20October%202025%20-%20TLP%20CLEAR.pdf - if the UK HMG risk register tickled your interest, you'll like this
* https://www.ncsc.gov.uk/files/motivating-small-organisations-take-action.pdf - NCSC research paper on resilience for small businesses
* https://ramimac.me/security-vendor-research-sins - on the sins of security research
* https://mr-r3b00t.github.io/soc_chef/tools/kill_chain_tool.html - @UK_Daniel_Card's at it again, this time modelling probability in the attack tree
* https://www.pwc.co.uk/services/crisis-and-resilience/define-your-minimum-viable-company-now-to-survive-next-shock.html - boo! how to avoid a shock
Threats:
* https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/ - commercial grade droid poison
* https://www.zetland.dk/historie/svNwC3c5-aOPVxA4K-224e5 - have your tried turning your bus off and then on again?
* https://this.weekinsecurity.com/thousands-of-north-koreans-have-secretly-infiltrated-us-and-european-companies-as-remote-it-workers/ - the North Koreans have a real work ethic that's second to none
* https://www.nviso.eu/blog/nviso-analyzes-vshell-post-exploitation-tool - a new post-exploitation tool from .cn
Detection:
* https://isovalent.com/blog/post/tetragon-security-standard/ - Tetragon does detection... I keep telling people we bought more than a micro-segmentation tool
* https://tetragon.io/docs/getting-started/execution/ - getting started with Tetragon
* https://isovalent.com/blog/post/mitre-attack-tetragon/ - mapping @mitreattack to Tetragon
* https://deepwiki.com/timb-machine/linux-malware - wiki'ifying the linux-malware project
* https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/ - inside the great firewall
* https://medium.com/@cyberengage.org/tracking-lateral-movement-named-pipes-scheduler-services-registry-and-dcom-event-ids-4f4670e70172 - lateral movement in the pipes
* https://cloud.google.com/blog/topics/threat-intelligence/privileged-account-monitoring - check yaw privilege, yells cloud
Bugs:
* https://ssd-disclosure.com/lpe-via-refcount-imbalance-in-the-af_unix-of-ubuntus-kernel/ - another way to smash a socket
* https://aisle.com/blog/cve-2025-10230-the-cvss-100-vulnerability-that-hid-in-samba-for-13-years - fun little SMB bug that may make you WINSe
Exploitation:
* https://sud0ru.ghost.io/yet-another-dcom-object-for-command-execution-part-1/ - abusing DCOM for execution
* https://www.youtube.com/watch?v=Fu3laL5VYdM - @lauriewired talks trusting trust
* https://tonygo.tech/blog/2025/how-to-attack-macos-application-xpc-helpers - attacking OS X XPC
Hard hacks:
* https://www.waveshare.com/wiki/USB-TO-LoRa-xF - messing with LORA
Nerd:
* https://www.tuhs.org/ - the UNIX heritage society
* https://blogs.perl.org/users/mauke/2025/11/a-polymorphic-quine.html - a quine in Perl
* https://www.5g-vinni.eu/wp-content/uploads/2019/02/5g-vinni_d2.1_annex_a1_norway.pdf - interesting HLD
* https://nickvsnetworking.com/ - this blog from @nickvsnetworking on telecomms is fucking gold
😍
d4rkshell 