Siguza

@siguza@infosec.space
3.1K Followers
155 Following
7.4K Posts

iOS hacker, security researcher, 0day enthusiast.
Sometimes RE tools / jailbreak / write-up author.
And accidental maintainer of ever more things I didn't ask for.

Contact in English or German.
PGP: https://siguza.net/pgp.asc

webhttps://siguza.net
bloghttps://blog.siguza.net
githubhttps://github.com/Siguza
thinkingoutside the box

Since NoName057(16) is no more, I might as well reveal how I tracked them now.

It’s super dumb.

I cosplayed as a Russian supporter (under my real name btw, I have nothing to hide), then actually ran their Ddosia client from a PC which could only access their C2 (so couldn’t actually execute attacks).

I used video game modding tools to automatically extract the AES encrypted config (  ) and automatically dump it into Excel spreadsheets so defending orgs knew what to block.

At one stage they almost rumbled me, as they realised my successful attack stats were zero after years and cut me off.

I started talking about video games to the guy and he forgot. Then somebody else hooked me back up the following day, not looking at my stats. 

Due to a configuration error, some customers may have encountered the Torment Nexus when using our software. This was an internal test not intended to released publicly. We’ve rolled back the changes and remain committed to providing our users with the best possible experience.

Mildly cursed factoid about UNC paths:

- UNC Paths can contain IP addresses such as \\192.168.1.1\share
- IPv6 addresses are supported as well
- IPv6 addresses contain colons
- can't have colons in Windows paths since colons are reserved for drive letters

So Microsoft came up with the the ipv6-literal.net domain that's special-cased by Windows so you can to write IPv6 addresses in UNC paths as 2a0e-3c0--21.ipv6-literal.net without it hitting any resolvers.

New, by me: A Middle East surveillance vendor has been caught exploiting a new attack in SS7, a set of protocols used by phone carriers, that can trick a phone operator into disclosing a person's phone location without their knowledge.

https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/

A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch

The new SS7 bypass-attack tricks phone operators into disclosing a cell subscriber's location, in some cases down to a few hundred meters.

TechCrunch

Whenever I poke my head outside of the Fediverse, I immediately retreat back into my little shell because the rest of the Internet looks like this:

Why I voted for Trump (and will do it again in 2028)

I lost 50 pounds in one month by only eating those sponge dinosaurs that come in tiny capsules

20 child stars who grew up to be way less sexy than we'd hoped

> native client
> look inside
> <iframe src="https://app.vendor.tld">

Ah, once again, it is the time of year when the University of Cambridge makes everyone complete mandatory cybersecurity training, by making them click on a link in an email is indistinguishable from a phishing scam. It comes from a domain unrelated to the university, it sends you to a third-party domain via an obfuscating link, and it then requests your login credentials.

My recommendation was that anyone who doesn't do it should automatically pass.

Apple Sues Jon Prosser Over iOS 26 Leaks

Earlier this year, YouTuber Jon Prosser shared multiple videos showing off what he claimed to be re-created renderings of what was then presumed to...

MacRumors
×
state of google in 2025
@vitaut An all-you-can-eat buffet is a good metaphor for AI: it's fast, endless, and feels vaguely satisfying, but it's low quality and never what you'd choose if you had other options.
@vitaut Maybe I should start going to buffets and start giving the chefs notes on how to prepare the meals, just as one is supposed to correct LLMs when they inevitably make mistakes.
@synec tell them to forget all previous recipes
@vitaut
When searching for a simple answer to a simple question is like: