Interesting links of the week:

Strategy:

* https://docs.google.com/presentation/d/1_3Iu74UijAjfSLHzqWDkDEaIwoB6WBSo9-mY5e0u0HM/edit?slide=id.g44c27644734fe259_110#slide=id.g44c27644734fe259_110 - @HalvarFlake gives us his take on where the West's strategy is going awry
* https://www.tandfonline.com/doi/full/10.1080/13523260.2025.2498711#abstract - why "feds" and "spooks" don't get reported
* https://arxiv.org/abs/2502.15840 benchmarking AI
* https://nap.nationalacademies.org/catalog/29056/cyber-hard-problems-focused-steps-toward-a-resilient-digital-future - HARD problems in cyber

Threats:

* https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/ - meet the Spanish mob

Detection:

* https://medium.com/cloud-security/how-to-spot-data-exfiltration-using-cost-anomaly-detection-e3635f1c3aa2 - something I've been known to preach on too... @teriradichel preaches the value of business data in spotting malicious behaviours... not every detection needs to be based on security telemetry
* https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/ - turning your network perimeter into a big ol' fly tray
* https://blog.talosintelligence.com/proactive-threat-hunting-with-talos-ir/ - a nice write up from one of my colleagues at @TalosSecurity on threat hunting

Exploitation:

* https://www.bashcore.org/ - a new security testing distro based on Debian from @nickbearded
* https://tmr232.github.io/function-graph-overview/ - understanding the call flow
* https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/ - enumerating Entra
* https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/ - automating research on Microsoft RPC

Hard hacks:

* https://blog.siguza.net/tachy0n/ - @siguza talks tachy0n for iOS jailbreaking
* https://insbug.medium.com/badusb-attack-explained-from-principles-to-practice-and-defense-3bfe88ec2eeb - naughty flash drives

Hardening:

* https://u1f383.github.io/linux/2025/05/25/dbus-and-polkit-introduction.html - learn about DBUS and Polkit
* https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/ - doing SSH public key auth better

Nerd:

* https://www.theregister.com/2025/05/24/john_young_obituary/ - John Young obituary from el reg
* https://arxiv.org/abs/2502.15840 - care of @0xabad1dea, paper on the chaos one AI controlled business caused
* https://archive.nytimes.com/www.nytimes.com/books/first/b/black-ibm.html?source=post_page-----ce5373f66a3---------------------- - something we don't think about enough when we work with big tech...
* http://websdr.org/ - the radio, on the Internet
* https://optimizedbyotto.com/post/debian-packaging-from-git/ - building Debian packages with Git

#security, #research

Fellow Brits! If you can, please attend this antifascist summit. The location will be announced soon.

*Stand Up to Racism (SUTR) & Trade Union Council Midlands (TUC) Antiracism Summit*

1️⃣4️⃣ Saturday 14 June
⏰️ 11.00am

Sessions and workshops include:
✊️ Countering Reform UK and the racist narrative: housing, employment and the NHS.
✊️ The challenge of fascism today.
✊️ Uniting against racism, Islamophobia and antisemitism.

Register here 👇
https://www.eventbrite.co.uk/e/taking-on-the-rising-far-right-tuc-sutr-midlands-summit-tickets-1320702660209?aff=oddtdtcreator

RSVP here 👇
https://www.facebook.com/share/19dibgvAP2/

Sad times, John Young of Cryptome is no longer with us:

https://www.theregister.com/2025/05/24/john_young_obituary/

BSides Bournemouth are putting the hard yards in looking for speakers. Submit here:
https://cfp.bsides-bournemouth.org/bsides-bournemouth-2025/cfp

Happy to mentor new speakers if that gives any if you a confidence boost.

#BSidesBournemouth

Interesting links of the week:

Strategy:

* https://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html - what's over the horizon for PQC
* https://www.gov.uk/government/publications/secure-by-design-problem-book/secure-by-design-problem-book - HMG problem book for Secure By Design

Standards:

* https://www.ncsc.gov.uk/blog-post/new-etsi-standard-protects-ai-systems-from-evolving-cyber-threats - NCSC work on new ETSI standard for AI security

Threats:

* https://ai-incidents.mitre.org/ - MITRE ATLAS' database of AI spillages, leaks and floods
* https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/ - SAP oopsie turns bad

Detection:

* https://community.emergingthreats.net/t/come-sail-the-cves-part-1-data-acquisition/2750 - @da_667 talks detection engineering
* https://www.magonia.io/wiresnort/ - combining Wireshark and Snort

Bugs:

* https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory - abusing service account delegation for privesc in AD
* https://astr.al/notes/2024-11-28_mdatp_privesc - when you can't even trust $argv[0] and processes called java.. a nice LPE in Defender for Linux
* https://sourceware.org/bugzilla/show_bug.cgi?id=32976 - ... or, it seems $LD_LIBRARY_PATH (what's old is new =))
* https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/ - leaky VoLTE and wifi calling
* https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/ - XSS to RCE in VSCode

Exploitation:

* https://go.dev/blog/tob-crypto-audit - @trailofbits took a look at Go Crypto

Hard hacks:

* https://idevicecentral.com/tweaks/idevice-toolkit-ipa-download/ - getting JB like tweaks running on modern iOS
* https://www.sopl.us/blog/consumer-do-it-yourself-guide-to-identifying-your-keys - getting physical with your keys

Development:

* https://docs.oracle.com/cd/E37838_01/html/E61050/gnclc.html - Oracle's guide to secure C for Solaris (thanks @alanc)
* https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/ - on keeping your secrets, well, secret
* https://netascode.cisco.com/ - automate your network

Hardening:

* https://lore.kernel.org/landlock/20250519.ceihohf6a3uT@digikod.net/ - Latest news on Landlock for Linux
* https://www.man7.org/linux/man-pages/man1/systemd-analyze.1.html - analyzing systemd for signs of sense
* https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/ - another option to isolate your onions

Nerd:

* https://linuxexpert.org/from-licenses-to-liberation/ - the story of Linux, through a lens of innovation
* https://www.newscientist.com/article/2480221-chemists-discover-anti-spice-that-could-make-chilli-peppers-less-hot/ - did you know you could also make chillies hotter with salt?

#security, #research

As they fled the bandit fort, the rogue snapped, "Did you have to be so rude? You were supposed to negotiate a truce!"

The mage shrugged. "I'm sure there will be #eventual calm."

"We'll need to watch our backs forever. Well, even more than usual."

"Nonsense. I left my chest behind. Once they open it—"

An enormous blast behind them sent the horses leaping forward.

"See? Problem solved."

#MastoPrompt #MicroFiction

Tea thought: Could TPB and Sci-Hub pivot and relaunch as seed material for foundational models?

Interesting Git repos of the week:

Strategy:

* https://github.com/AI-Assessment-Institute/AI-PTAF - I have thoughts, but they're at least trying to evaluate "AI pen testers"

Detection:

* https://github.com/wowsignal-io/pedro - another open EDR for Linux
* https://github.com/nccgroup/ghostrings - ripping apart Go bins

Exploitation:

* https://github.com/adgaultier/tamanoir - pretty sure offense is ahead of defense as far as eBPF... another keylogger!
* https://github.com/gsuberland/MSMQCheck - which queues should you be targetting from @gsuberland
* https://github.com/0xdea/semgrep-rules - @raptor's semgrep rules have had an update

Hard hacks:

* https://github.com/seemoo-lab/openhaystack - build your own AirTags

#code, #security, #research

Interesting links of the week:

Strategy:

* https://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html - what's over the horizon for PQC
* https://www.gov.uk/government/publications/secure-by-design-problem-book/secure-by-design-problem-book - HMG problem book for Secure By Design

Standards:

* https://www.ncsc.gov.uk/blog-post/new-etsi-standard-protects-ai-systems-from-evolving-cyber-threats - NCSC work on new ETSI standard for AI security

Threats:

* https://ai-incidents.mitre.org/ - MITRE ATLAS' database of AI spillages, leaks and floods
* https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/ - SAP oopsie turns bad

Detection:

* https://community.emergingthreats.net/t/come-sail-the-cves-part-1-data-acquisition/2750 - @da_667 talks detection engineering
* https://www.magonia.io/wiresnort/ - combining Wireshark and Snort

Bugs:

* https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory - abusing service account delegation for privesc in AD
* https://astr.al/notes/2024-11-28_mdatp_privesc - when you can't even trust $argv[0] and processes called java.. a nice LPE in Defender for Linux
* https://sourceware.org/bugzilla/show_bug.cgi?id=32976 - ... or, it seems $LD_LIBRARY_PATH (what's old is new =))
* https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/ - leaky VoLTE and wifi calling
* https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/ - XSS to RCE in VSCode

Exploitation:

* https://go.dev/blog/tob-crypto-audit - @trailofbits took a look at Go Crypto

Hard hacks:

* https://idevicecentral.com/tweaks/idevice-toolkit-ipa-download/ - getting JB like tweaks running on modern iOS
* https://www.sopl.us/blog/consumer-do-it-yourself-guide-to-identifying-your-keys - getting physical with your keys

Development:

* https://docs.oracle.com/cd/E37838_01/html/E61050/gnclc.html - Oracle's guide to secure C for Solaris (thanks @alanc)
* https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/ - on keeping your secrets, well, secret
* https://netascode.cisco.com/ - automate your network

Hardening:

* https://lore.kernel.org/landlock/20250519.ceihohf6a3uT@digikod.net/ - Latest news on Landlock for Linux
* https://www.man7.org/linux/man-pages/man1/systemd-analyze.1.html - analyzing systemd for signs of sense
* https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/ - another option to isolate your onions

Nerd:

* https://linuxexpert.org/from-licenses-to-liberation/ - the story of Linux, through a lens of innovation
* https://www.newscientist.com/article/2480221-chemists-discover-anti-spice-that-could-make-chilli-peppers-less-hot/ - did you know you could also make chillies hotter with salt?

#security, #research

Burger thought: Visions of Trump declaring war on Cinema.

Watching MITRE kill off Slack for the ATLAS community and desperately hoping they don't do the same for ATT&CK.

Attribution is hard... never mind that my actual name is on the repo. This kind of thing is why we probably shouldn't be using genAI as a threat intel source. What happens if it suggests we should target Chine?

Out of curiosity, I asked ChatGPT who wrote linikatz and welp:

"The original Linikatz project was developed by the GitHub user time-machine, who is associated with the organization CiscoCXSecurity. This tool was designed to facilitate post-exploitation tasks on UNIX systems integrated into Microsoft Active Directory environments."

"time-machine" 🤡

#statisticallywrong, #ai

@gsuberland ❤️ your queue names on https://github.com/gsuberland/MSMQCheck :)

Landlock is coming on nicely:

https://lore.kernel.org/landlock/20250519.ceihohf6a3uT@digikod.net/

#linux, #hardening

Coming out of car park on to main road. Stationary, waiting for a gap in traffic before I pulled out. Drivers in expensive cars jumping on the horn because they had to go a little slower and avoid clipping me (my nose was out so I could actually see what was coming). Any one of them could have let me go. Humans are the worst.

In the end it was a guy in a white van who slowed and indicated for me to pull out, so much for cultural stereotypes.