UK Prime Ministerial tenures since Milk-Snatcher Thatcher, approximated as lettuces

Keir Starmer
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬

Rishi Sunak
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬

Liz Truss
🥬

Boris Johnson
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬

Theresa May
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬

David Cameron
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬

Gordon Brown
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬

Tony Blair
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬

John Major
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬🥬🥬
🥬🥬🥬🥬🥬🥬🥬🥬

New report: #kbotne, or: Mirai learns WebSocket, naturally calls it /connectlol

Standard RFC 6455 upgrade on port 80, which is novel for a Mirai fork.

Everything around it is less careful: hex-encoded config strings recoverable with xxd, a process killer that mostly recognizes its own binaries, and persistence that writes itself to `/.kbotne/kbotne`. Stealth was not the design goal.

https://github.com/deepfield/public-research/blob/main/kbotne/report.md

#threatintel #DDoS

great idea:
a captcha that shows handwritten floppy disk labels in all the squares, with the instructions:

select all floppies that contain warez

TPMs: exist
Hardware attestation: exists
MFA: exists

Every package repo and cloud service: Yo let's put one-factor access credentials in plaintext inside our working folder.

We gotta start using the tools we have.