home.social

#sectoot — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sectoot, aggregated by home.social.

  1. Patience cant be a virtue in #infosec “hurry the f**k up” should be a virtue
    #sectoot

  2. Patience cant be a virtue in #infosec “hurry the f**k up” should be a virtue
    #sectoot

  3. Patience cant be a virtue in #infosec “hurry the f**k up” should be a virtue
    #sectoot

  4. Patience cant be a virtue in #infosec “hurry the f**k up” should be a virtue
    #sectoot

  5. Patience cant be a virtue in #infosec “hurry the f**k up” should be a virtue
    #sectoot

  6. Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
    #0day #Chrome #iOS

    • libwebp library is vulnerable to heap overflow and can lead to RCE.
    • Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
    • #Google assigned #CVE20235129 for Chrome 0day and also exploited
    • Millions of apps and software use this library. See list sofar in 🧵
    • #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
    • This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
  7. Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
    #0day #Chrome #iOS

    • libwebp library is vulnerable to heap overflow and can lead to RCE.
    • Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
    • #Google assigned #CVE20235129 for Chrome 0day and also exploited
    • Millions of apps and software use this library. See list sofar in 🧵
    • #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
    • This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
  8. Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
    #0day #Chrome #iOS

    • libwebp library is vulnerable to heap overflow and can lead to RCE.
    • Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
    • #Google assigned #CVE20235129 for Chrome 0day and also exploited
    • Millions of apps and software use this library. See list sofar in 🧵
    • #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
    • This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
  9. Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
    #0day #Chrome #iOS

    • libwebp library is vulnerable to heap overflow and can lead to RCE.
    • Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
    • #Google assigned #CVE20235129 for Chrome 0day and also exploited
    • Millions of apps and software use this library. See list sofar in 🧵
    • #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
    • This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
  10. Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
    #0day #Chrome #iOS

    • libwebp library is vulnerable to heap overflow and can lead to RCE.
    • Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
    • #Google assigned #CVE20235129 for Chrome 0day and also exploited
    • Millions of apps and software use this library. See list sofar in 🧵
    • #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
    • This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
  11. Great #keynote #BHUSA2023 by @Azeria

    Key takeaways:

    • Chatgpt was hastily released despite knowing its risks.
    • #Google was rightly delaying its model’s release but then came #openai
    • #AI usecases and capabilities are exploding
    • AI Risks are serious
    • Phishing will expand to phishing AI agents.
    • What we need as industry?
    • Forensic AI tooling to analyze AI actions
    • AI wont replace sec pros. It has introduced many risks related to LLMs that we need #infosec pros to understand and analyse.
    • Have #IAM solutions for AI agents and for internal and business data used by LLMs
    • Tech evolving without security isnt new to us, similarly we know how to study new systems and is a chance for security pros to identify new opportunities and foster new solutions
    • AI village at #defcon #bhusa has 100+ talks.

    #blackhat #BlackHat2023 #sectoot #infosec

  12. Great #keynote #BHUSA2023 by @Azeria

    Key takeaways:

    • Chatgpt was hastily released despite knowing its risks.
    • #Google was rightly delaying its model’s release but then came #openai
    • #AI usecases and capabilities are exploding
    • AI Risks are serious
    • Phishing will expand to phishing AI agents.
    • What we need as industry?
    • Forensic AI tooling to analyze AI actions
    • AI wont replace sec pros. It has introduced many risks related to LLMs that we need #infosec pros to understand and analyse.
    • Have #IAM solutions for AI agents and for internal and business data used by LLMs
    • Tech evolving without security isnt new to us, similarly we know how to study new systems and is a chance for security pros to identify new opportunities and foster new solutions
    • AI village at #defcon #bhusa has 100+ talks.

    #blackhat #BlackHat2023 #sectoot #infosec

  13. Great #keynote #BHUSA2023 by @Azeria

    Key takeaways:

    • Chatgpt was hastily released despite knowing its risks.
    • #Google was rightly delaying its model’s release but then came #openai
    • #AI usecases and capabilities are exploding
    • AI Risks are serious
    • Phishing will expand to phishing AI agents.
    • What we need as industry?
    • Forensic AI tooling to analyze AI actions
    • AI wont replace sec pros. It has introduced many risks related to LLMs that we need #infosec pros to understand and analyse.
    • Have #IAM solutions for AI agents and for internal and business data used by LLMs
    • Tech evolving without security isnt new to us, similarly we know how to study new systems and is a chance for security pros to identify new opportunities and foster new solutions
    • AI village at #defcon #bhusa has 100+ talks.

    #blackhat #BlackHat2023 #sectoot #infosec

  14. Great #keynote #BHUSA2023 by @Azeria

    Key takeaways:

    • Chatgpt was hastily released despite knowing its risks.
    • #Google was rightly delaying its model’s release but then came #openai
    • #AI usecases and capabilities are exploding
    • AI Risks are serious
    • Phishing will expand to phishing AI agents.
    • What we need as industry?
    • Forensic AI tooling to analyze AI actions
    • AI wont replace sec pros. It has introduced many risks related to LLMs that we need #infosec pros to understand and analyse.
    • Have #IAM solutions for AI agents and for internal and business data used by LLMs
    • Tech evolving without security isnt new to us, similarly we know how to study new systems and is a chance for security pros to identify new opportunities and foster new solutions
    • AI village at #defcon #bhusa has 100+ talks.

    #blackhat #BlackHat2023 #sectoot #infosec

  15. Great #keynote #BHUSA2023 by @Azeria

    Key takeaways:

    • Chatgpt was hastily released despite knowing its risks.
    • #Google was rightly delaying its model’s release but then came #openai
    • #AI usecases and capabilities are exploding
    • AI Risks are serious
    • Phishing will expand to phishing AI agents.
    • What we need as industry?
    • Forensic AI tooling to analyze AI actions
    • AI wont replace sec pros. It has introduced many risks related to LLMs that we need #infosec pros to understand and analyse.
    • Have #IAM solutions for AI agents and for internal and business data used by LLMs
    • Tech evolving without security isnt new to us, similarly we know how to study new systems and is a chance for security pros to identify new opportunities and foster new solutions
    • AI village at #defcon #bhusa has 100+ talks.

    #blackhat #BlackHat2023 #sectoot #infosec

  16. Cant believe #infosec is filled with a lot of toxicity these days.
    If the environment was pwned via eternal blue, that env was doomed already. No amount of dfir tooling or MSSP could have helped.
    Any good faith pentest company would have raised alarm bells after point 3 and stopped the pentest. Good for you if client allowed it but it wasnt needed IMO.
    Bragging about it does not do any good to do defenders.
    #sectoot

  17. Cant believe #infosec is filled with a lot of toxicity these days.
    If the environment was pwned via eternal blue, that env was doomed already. No amount of dfir tooling or MSSP could have helped.
    Any good faith pentest company would have raised alarm bells after point 3 and stopped the pentest. Good for you if client allowed it but it wasnt needed IMO.
    Bragging about it does not do any good to do defenders.
    #sectoot

  18. Cant believe #infosec is filled with a lot of toxicity these days.
    If the environment was pwned via eternal blue, that env was doomed already. No amount of dfir tooling or MSSP could have helped.
    Any good faith pentest company would have raised alarm bells after point 3 and stopped the pentest. Good for you if client allowed it but it wasnt needed IMO.
    Bragging about it does not do any good to do defenders.
    #sectoot

  19. Cant believe #infosec is filled with a lot of toxicity these days.
    If the environment was pwned via eternal blue, that env was doomed already. No amount of dfir tooling or MSSP could have helped.
    Any good faith pentest company would have raised alarm bells after point 3 and stopped the pentest. Good for you if client allowed it but it wasnt needed IMO.
    Bragging about it does not do any good to do defenders.
    #sectoot

  20. Cant believe #infosec is filled with a lot of toxicity these days.
    If the environment was pwned via eternal blue, that env was doomed already. No amount of dfir tooling or MSSP could have helped.
    Any good faith pentest company would have raised alarm bells after point 3 and stopped the pentest. Good for you if client allowed it but it wasnt needed IMO.
    Bragging about it does not do any good to do defenders.
    #sectoot

  21. This is great to spot those #ssrf. It allows you to identify processes making #IMDSv1 calls with cool #eBPF magic
    Super handy for instances that cant move to #IMDSv2
    github.com/aws/aws-imds-packet
    #aws
    #sectoot

  22. This is great to spot those #ssrf. It allows you to identify processes making #IMDSv1 calls with cool #eBPF magic
    Super handy for instances that cant move to #IMDSv2
    github.com/aws/aws-imds-packet
    #aws
    #sectoot

  23. This is great to spot those #ssrf. It allows you to identify processes making #IMDSv1 calls with cool #eBPF magic
    Super handy for instances that cant move to #IMDSv2
    github.com/aws/aws-imds-packet
    #aws
    #sectoot

  24. This is great to spot those #ssrf. It allows you to identify processes making #IMDSv1 calls with cool #eBPF magic
    Super handy for instances that cant move to #IMDSv2
    github.com/aws/aws-imds-packet
    #aws
    #sectoot