@[email protected]
2K Followers
1.5K Following
240 Posts
I do Cloud Security
Websitehttps://www.cirriustech.co.uk/
LinkedInhttps://uk.linkedin.com/in/graham-gold
GitHubhttps://github.com/goldjg
Ko-Fihttps://ko-fi.com/cirriustech
 2d ago
Kampai!
 4d ago
Sleep not found
 4d ago
Simon Zerafa4d ago
Kinda cool that the Artemis landing parachutes were sponsored by Tunnocks šŸ˜‰šŸ¤·ā€ā™‚ļø
 5d ago

Is anyone else being sick of vendors dismissing clear reports of security issues as ā€œIntended Behaviourā€/ā€œBy Designā€ and ā€œnot a security issueā€œ?

Iā€™ve even had two claim itā€™s ā€œtheoreticalā€ or ā€œnot reproducibleā€ despite screenshots and syntax for a POC tool and advice that there is a private repo for the exploit tool they can be added do.

Lazy triage?

This isnā€™t aimed at a single vendor. A friend and I have reported one to 4 major vendors who are all vulnerable to the same issue and attack vector and the response from 3/4 so far is as above. Which means that then the other vendor presumably responds in the same way, we will end up disclosing because if we donā€™t, someone with less scruples/morals will find it and use it anyway - if in fact it has not already been widely used because itā€™s incredibly simple to do and to deceive defences that just arenā€™t looking at this attack before at all.

 Apr 8
Just Tokyo things
 Apr 6
Konnichiwa!
Show thread Apr 3
@sassdawe fine until it rains lol
 Apr 2
Ummā€¦ how?!
 Apr 2

RE: https://infosec.exchange/@cirriustech/116327853523673428

Parts 2 and 3 are live now (I was gonna make you wait a week between each post butā€¦)

https://cirriustech.co.uk/blog/agent-harness-abuse-part-2/

https://cirriustech.co.uk/blog/agent-harness-abuse-part-3/

Show thread Apr 1
@bobthomson70 šŸ‘€