Jeff Stice-Hall

@[email protected]
109 Followers
181 Following
167 Posts
CEO/Principal Consultant - Security for Digital Maelstrom. (he/him) Coder/hacker/builder/breaker.
Jeff Stice-HallDec 30
Show threadKevin BeaumontDec 30

MongoDB have a blog out about #MongoBleed

Notably:

- Internal find at MongoDB

- they notified customers of the issue and patch availability on December 23rd

- A security vendor published technical details on December 24th, Christmas Eve

- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day

That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.

Jeff Stice-HallDec 30
Kim Crawley (she/her) 😷🍉Dec 30

Digital Safety in a Dangerous World is officially published now!

I poured my heart into this book. Thank you, everyone.

https://www.kickstarter.com/projects/kimcrawley/digital-safety-in-a-dangerous-world/posts/4576687

https://books2read.com/u/meQk7V

Jeff Stice-HallOct 14
Joseph CoxOct 14

A lawyer was explaining to court why he used AI when he was then caught using AI in that explanation of why he was using AI (earlier)

https://www.404media.co/lawyer-using-ai-fake-citations/

Lawyer Caught Using AI While Explaining to Court Why He Used AI

The attorney not only submitted AI-generated fake citations in a brief for his clients, but also included “multiple new AI-hallucinated citations and quotations” in the process of opposing a motion for sanctions.

404 Media
Jeff Stice-HallOct 14
Show threadTaggart Oct 14

Okay that is legitimately sick:

LinkPro modifies the /etc/ld.so.preload configuration file to specify the path of the libld.so shared library that it embeds, with the goal of hiding various artifacts that could reveal the backdoor's presence.

Once libld.so is loaded at the execution of a program, for example /usr/bin/ls, it hooks (before glibc) several libc functions to modify results that could reveal the presence of LinkPro. Here is the observed behavior for the hooked functions:

  • fopen and fopen64: if the process tries to open /proc/net/tcp, /proc/net/tcp6, /proc/net/udp, or /proc/net/udp6. These files provide information on active TCP/UDP connections. If so, the real fopen function is executed. Then, the malicious library retrieves the content of these files and removes LinkPro's network traces. Indeed, any line containing port 2233 (LinkPro's listening port) as a source or destination is deleted. Finally, if the process tries to open a file named ld.so.preload, a "No Such File Or Directory" error is returned.

Modifying LD_PRELOAD is a well-known TTP (T1574.006). However, most detections will be about the environment variable, not the .so files themselves being mutated. Of course, this all requires root to accomplish, but this kind of stealthy persistence is exactly what basic detection tools will miss.

Jeff Stice-HallSep 22, 2025
Augie RaySep 19, 2025
This is from the United States Holocaust Memorial Museum. Just thought I'd post it here for no particular or current reason.
Jeff Stice-HallSep 15, 2025
ForbesAug 27, 2025

Shadowrun Anarchy 2.0 Offers A Leaner, Meaner Classic Cyberpunk RPG
https://www.forbes.com/sites/robwieland/2025/08/27/shadowrun-anarchy-20-offers-a-leaner-meaner-classic-cyberpunk-rpg/?utm_source=flipboard&utm_medium=activitypub

Posted into Innovation @innovation-forbes

Shadowrun Anarchy 2.0 Offers A Leaner, Meaner Classic Cyberpunk RPG

A new rules light version of the classic cyberpunk fantasy game Shadowrun is currently crowdfunding. I asked the designers about their sleek take on the rules.

Forbes
Jeff Stice-HallSep 13, 2025
Molly WhiteSep 13, 2025

Ashley Rindsberg and Fox News are furious at Wikipedia editors for “attacking” Charlie Kirk by... listing the viewpoints he prominently and publicly advocated

#USpol #USpolitics

Jeff Stice-HallSep 13, 2025
Show threadBrianKrebsSep 13, 2025

BTW #3 is probably worth paying attention to here: 3. Safety Considerations
Due to the highly sensitive nature of these leaked materials, we strongly advise anyone who chooses to download and analyze them to take proper operational security precautions. It may be possible that these files may contain potentially risky content and accessing them in an insecure environment could expose you to surveillance or malware.

Please consider analyzing these files only in an isolated (virtual) machine without internet access.

Jeff Stice-HallSep 13, 2025
BrianKrebsSep 13, 2025

The Great Firewall of China has apparently experienced a great data spill. > 500gb of source code, work logs and internal communication records were leaked. Some light reading for the weekend /s

https://gfw.report/blog/geedge_and_mesa_leak/en/

Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak

The Great Firewall of China (GFW) experienced the largest leak of internal documents in its history on Thursday September 11, 2025. Over 500 GB of source code, work logs, and internal communication records were leaked, revealing details of the GFW's research, development, and operations.

GFW Report
Jeff Stice-HallSep 8, 2025
Kevin BeaumontSep 8, 2025

That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.

Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.

The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.