@[email protected]
82 Followers
338 Following
95 Posts
Twitter Profilehttps://twitter.com/MrBenChung
mrbenchungFeb 7, 2023
Richard BejtlichFeb 7, 2023
Some people wonder why I’m not that interested in the technical details behind most intrusions these days. The recent excellent reporting by @TheDFIRReport shows why. The intruders used scheduled tasks as the persistence mechanism. SCHEDULED TASKS, like what we Foundstone consultants taught students to look for in 2002. Sure, occasionally an intruder does something interesting, but almost universally, from tools, to tactics, to operations/campaigns, to strategy, to policy, it’s been SSDD *for decades.* And orgs still get owned, and govs say do better, and vendors do or don’t invest in “secure” products, and consultants and defenders scramble, and others undermine their work. Le sigh.
mrbenchungDec 17, 2022
b_fungDec 16, 2022
Does Twitter blocking Mastodon links constitute anticompetitive behavior against a nascent rival? I asked a couple of legal experts, including Bill Baer, the former antitrust chief at DOJ and FTC in two US administrations. Here's what they say: https://www.cnn.com/2022/12/16/tech/mastodon-twitter-links/index.html
mrbenchungNov 28, 2022
raptor Nov 27, 2022

Awesome @githubsecurity articles by @anticomputer on recognizing and exploiting the hidden attack surface of interpreted languages

Now you C me, now you don't: An introduction to the hidden #attack surface of interpreted languages
https://securitylab.github.com/research/now-you-c-me/

Now you C me, now you don't, part two: #exploiting the in-between
https://securitylab.github.com/research/now-you-c-me-part-two/

For historical context on the ret2dlresolve #xdev technique, see also Nergal's "The advanced return-into-lib(c) exploits"
http://phrack.org/issues/58/4.html

Now you C me, now you don’t: An introduction to the hidden attack surface of interpreted languages

Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.

GitHub Security Lab
mrbenchungNov 28, 2022
0xor0neNov 27, 2022

Very cool research about reverse engineering the NFC protocol used by Tesla Model Y and relaying it using a Proxmark device.
credits Josep Pi Rodriguez


White paper link: https://act-on.ioactive.com/acton/attachment/34793/f-6460b49e-1afe-41c3-8f73-17dc14916847/1/-/-/-/-/NFC-relay-TESlA_JRoriguez.pdf

#hacking #tesla #iot #nfc #infotech #cybersecurity #exploit #vulnerability #proxmark

mrbenchungNov 27, 2022
ComfyConAUNov 27, 2022

Videos are on their way from #ComfyConAU2022Too🎈​

The playlist is ready to go and will have videos added to it over the coming week(s) ... (nag @Shanna if its too slow)

https://www.youtube.com/playlist?list=PLg-aMs82kVNrINbvFqFO_kXPw3b4DdVqj

You can check out videos from @hal_pomeranz, @fr0gger, & @ppym so far 

ComfyConAU2022Too

YouTube
mrbenchungNov 27, 2022
Swissky Nov 27, 2022
Hack the Real Box: APT41’s New Subgroup Earth Longzhi
https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html
Hack the Real Box: APT41’s New Subgroup Earth Longzhi

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.

Trend Micro
mrbenchungNov 27, 2022
Show threadRicardo HarvinNov 23, 2022

@davidr It's deeply moving, complex, subtle, nuanced, big, loud, fun, serious...

It's really excellent, all around.

And the literal historic nature of such a big budget film being created and driven by a Black man who uses his clout to center and uplift Black women will resonate through the ages.

The world changing on the screen and behind the scenes.

#WakandaForever

mrbenchungNov 27, 2022
Astra Kernel Nov 27, 2022

Analysis on Docker Hub malicious images: Attacks through public container images

https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/

#KubernetesSecurity #ContainerSecurity
#docker #dockerhub #devops

Analysis on Docker Hub malicious images: Attacks through public container images – Sysdig

The Sysdig TRT performed an analysis of over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the containers images.

Sysdig
mrbenchungNov 21, 2022
Patrick DoneganNov 21, 2022
Hearing from a large MSP that quite a few large European customers are getting ready to ditch their cyber insurance when it comes up for renewal. No nation state threat actor coverage. Less ransomware coverage. Premiums going up. No longer worth it...
mrbenchungNov 20, 2022
I’m really hoping I don’t have to go to bird site anymore now that that stupid criminal orange racist narcissist grifting abusive lying fraudulent treasonous fucking dickhead is back. With his invective flowing again USA is measurably less safe. Elmo really wants to ram the clown car off the cliff. Or into the “freedom” pool.