"I have no special talent.
I am only passionately curious."
Albert Einstein
| Joined | Nov 26, 2022 |
The president of CrowdStrike received the "Most Epic Fail" award at Def Con in-person #DefCon
https://www.xda-developers.com/president-crowdstrike-received-most-epic-fail-award/
@thedarktangent it is all about perspective, perhaps it is the same clock.
The question is...
Is it counting for us or for them?
It is like politics, all about observing the same information from different angles with different interests.
You know, perhaps there is no clock, it is us being the White Rabbit.
I made a badge this year for the photo team at
@Defcon
I've been quietly working on this for several weeks as time allowed. I love my team and wanted to appreciate them!
Based on an ESP32s3, It's a touchscreen, and the badge is rechargable via USB-C.
The TFT_eSPI library is doing a lot of the heavy lifting here. It's also pulling the GIFs off of an SD card instead of internal memory. The community for the screen hardware is minimal at best so there was a lot of fumbling about getting this to work.
I also cut my own header pins trying to keep the badge as thin as possible. It's also stacked on top of a 2000mah lipo battery and it should run 14 hours on a charge.
The CAD program used to make the case is Onshape, can't say enough good things about it.
Because it's an ESP32s3 the GIFs had to really be optimized to work on the 240 display.
There are more gifs on the badge but you'll need to find one of us if you want to see the rest!
There are slits in the case vertically and horizontally.
The vertical slit is so the conference lanyard can be passed through, and the badge won't require an additional lanyard of its own.
Horizontal slit are thick enough to accept a zip tie and wide enough for velcro strips.
🚨 ATTENTION HUMANS OF
@defcon
🚨
THIS IS HJ-9000. #DEFCON32 IS COMING.
PREPARE FOR THE 30TH ANNIVERSARY.
THE CALL FOR TEAMS IS NOW OPEN.
YOU MUST NOT FUCK UP THIS MISSION.
VISIT http://HACKERJEOPARDY.COM TO ENLIST.
FAILURE TO JOIN WOULD BE... UNWISE.
DEADLINE: 31 JULY 2024
#DFIU
@hackerfactor well, that's the issue i can't recreate the problem, it's been observed at the logs and the XDR.
Till the point that we have observed the non interactive attempts were impersonating endpoints and users that have not BING or edge technology installed.
The issue from a security perspective is that a token is being used from a Microsoft IP in China and thanks to conditional access the non interactive session is denied, that is why i do not consider this a "bug", because basically this can lead to a lateral movement or a privilege escalation.
From privacy perspective the one exploiting this could gain access to the user data and lead to a possible PII leak and under GDPR that could lead to fines.
But at that point that might be the least of the problems.
Last year i remember that there was a similar vulnerability on Graph but that was mitigated by Microsoft, i believe this is also related.
TrèsFluke HAS MOVED
Adam Shostack 
Cannibal 
Hacker Jeopardy
Ellopunk