Mark LZ

@[email protected]
246 Followers
228 Following
426 Posts
You may know me from such logs like: all.pcap, and firewall.log -- research@censys
Twitterhttps://twitter.com/strcpy
Mark LZApr 24
Censys now speaks the MCP protocol. And it's absolutely bonkers how many of these things let you RCE
Show threadMark LZApr 13
@ghostsarespooky Yeah, I flipped the fuck out.
Mark LZApr 13
Gnome should consider renaming processes that cause high CPU. tracker-miner-fs-3 is a TERRIBLE name to see in top.
Mark LZApr 8
jeez. Sonnet + binaryninja is freaking scary.
Mark LZApr 2
apparently i have the src to the VoidLink 3.0 rootkit (Arsenal team dump). I don't even know if this is interesting. All the Checkpoint research seems to be around "v1.0"
Mark LZApr 2

It's absolutely insane and terrifying that you can never get into contact with anyone at a company in an emergency.

This pretty big company has 99% chance of being compromised, and their data is just sitting out there, but nobody at this company responds. Engineers, security staff, CTO... zero response.

They even have a security.txt (as in it doesn't 404), but it's empty.

This is why companies get ransomed. Because if they don't see it, it isn't real.

Mark LZMar 30

@cyberlyra, the number of dumb, crazy things on the internet is absolutely mind-blowing. old, antiquated protocols; protocols that are supposed to be multicast-only but are routed over unicast; databases with terabytes of data exposed without authentication. I've seen a situation where hundreds of water treatment plants were just sitting out there, active drone data, GPS data, telecom call detail records, serial ports to major ISPs that log you right into routers, botnets that propagate through Jenkins servers.

If you name something that shouldn't be on the internet, I've probably seen it on the internet.

Water utilities mitigate equipment flaws after researchers find widespread exposures

Censys researchers said hundreds of water treatment facilities have taken steps to protect against malicious cyber intrusions.

Cybersecurity Dive
Mark LZMar 30
@jackryder and they are being lied to and manipulated. It's gross.
Mark LZMar 30
@cyberlyra I have a system for $job that automatically discovers, downloads, and classifies suspicious open directories
Mark LZMar 30

Over the weekend, one of my systems tagged an open directory as russian (language), and I went and looked and saw a very interesting telegram bot:

def generate_post(news):
prompt = f"""
Act as the Admin of the "American Patriot" Telegram channel. Style: Q-community/conspiracy insider.
Interpret news as proof of covert military operation vs Deep State.

CRITICAL RULES:
1. LANGUAGE: Output MUST be in English only. This is an American Patriot channel.
2. PURE AMERICAN ENGLISH: You must write in 100% authentic American English. Do not use any Russian words, slang, or foreign languages.
3. Random start: πŸ˜ŽπŸ‡ΊπŸ‡ΈπŸ•ŠοΈβš‘οΈ OR πŸ˜ŽπŸ‡ΊπŸ‡ΈπŸ¦…β˜ οΈ OR πŸ‡ΊπŸ‡Έβš‘οΈ OR πŸ˜ŽπŸ‡ΊπŸ‡ΈπŸπŸ—‘οΈ
4. VARIATION: Randomize length (short cryptic vs mid-length analytical).
5. NO REPETITION: Avoid "5D Chess". Use varied buzzwords: White Hats, Cabal, Awakening, Reset, Disclosure, Cleanup.
6. Tone: Triumphant, urgent, and focused on the US Republic.
7. End with a unique short phrase + links.

News: {news['title']} - {news['desc']}
Link: {news['link']}
Channel: @americanpatriotus
"""