Toots for hdm@infosec.exchange account

Written by HD Moore on 2025-01-31 at 22:51

The first episode of Where Warlocks Stay Up Late is out!

https://www.youtube.com/watch?v=7IHKRzGQeog

Digital Jesus/o.0, aka Matt Harrigan, turned a telecommunication product release into a 0-day, tipped off drug dealers about government surveillance, and emerged as a cybersecurity founder and CEO.

https://wherewarlocksstayuplate.com/

=> More informations about this toot | View the thread

Written by HD Moore on 2025-01-28 at 06:24

Great update from Stefan Viehböck on VxWorks’ password hashing (and 6.x EoL): https://sec-consult.com/blog/detail/a-missed-opportunity-addressing-weak-password-hashing-in-vxworks/

=> More informations about this toot | View the thread

Written by HD Moore on 2025-01-23 at 16:06

Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel: https://samcurry.net/hacking-subaru (via @samwcyo )

=> More informations about this toot | View the thread

Written by HD Moore on 2025-01-22 at 18:35

runZero Hour Episode 14 (0xE) is happening now, you can find the YouTube live feed here: https://www.youtube.com/watch?v=nvkGd31s46c

=> More informations about this toot | View the thread

Written by HD Moore on 2025-01-17 at 17:53

The @badkeys project added the leaked and decrypted keys from the Fortinet breach: "Overall, there were around 100,000 private keys in PKCS format and 60,000 in OpenSSH format" https://blog.hboeck.de/archives/908-Private-Keys-in-the-Fortigate-Leak.html

=> More informations about this toot | View the thread

Written by HD Moore on 2025-01-14 at 21:45

Austin Go(phers): it's almost that time again! Tomorrow (Weds/Jan15) is the January ATX Golang Meetup. Swing by for pizza, beer, and general nerdiness around Go -- 6:30pm at the Capital Factory (Antones):

https://www.meetup.com/atxgolang/events/305490307/

[#]golang

=> More informations about this toot | View the thread

Written by HD Moore on 2025-01-10 at 20:26

Orange Tsai & splitline's "WorstFit" research into Windows unicode "BestFit" encoding is 🔥 🔥 🔥 (and mostly unpatched)!

https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/

This work brings back memories of IIS and ASP (classic) unicode exploit-dev. For example, the letter "h" having alternate encodings of %c4%a4, %c4%a5, %c4%a6, %c4%a7, %d1%88, %d1%a8, %d4%a4, %d4%a5, %d4%a6, %d4%a7, %e2%84%8b, %e2%84%8c, %e2%84%8d, and %e2%84%8e

=> View attached media | View attached media

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-11 at 18:08

runZero Hour Episode 13 is streaming LIVE on Youtube!

https://www.youtube.com/watch?v=mi0lrEtb4eI

Join us to celebrate one year of runZero Hour with a special anniversary episode! To mark this special occasion, we’ve gathered an all-star panel of cybersecurity experts to look back on 2024's greatest security hits and ponder what's ahead in 2025.

We’ll also be hosting the live raffle for the mystery mini-machine crafted by our very own HD Moore and celebrating our t-shirt winners. It's gonna be an epic episode!

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-09 at 19:20

I love hacker toys, but don't love that they tend to sit on a shelf collecting dust for the majority of their lives. My goal for the runZero Hour anniversary "mystery machine" raffle was to provide something you actually want to use every day. Tune in Friday for the reveal and snag a limited runZero t-shirt if you sign up soon! https://www.runzero.com/research/runzero-hour/

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-05 at 16:04

watchTowr Labs keeps things spicy in their recent post on Mitel MiCollab vulnerabilities: "Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day" - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-04 at 17:56

My session on "The Unreasonable Effectiveness of Inside Out Attack Surface Management" is starting in a few minutes and will showcase some simple (but useful!) tricks for finding sneaky network exposures: https://dr-resources.darkreading.com/free/w_runz04/

Hope to see you soon!

=> View attached media

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-03 at 03:30

Hi folks! I'm thrilled to present runZero's latest applied research: "Inside Out Attack Surface Management". With IOASM you can immediately identify exposures that other approaches miss, with zero false positives, and no additional investment. Join me for a live demo on Wednesday, December 4th at 1PM EST: https://dr-resources.darkreading.com/free/w_runz04/

=> View attached media

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-02 at 01:59

At least they are using #golang https://www.ac3.com.au/resources/discovery-of-CVE-2024-2550/

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-01 at 18:28

It was much easier to replace my ESXi lab servers with Proxmox than to download a security update[1. see alt text] for ESXi post-Broadcom. Now ESXi runs as a scan target inside of Proxmox and all is well.

=> View attached media

=> More informations about this toot | View the thread

Written by HD Moore on 2024-12-01 at 17:58

Ben Reardon shared an awesome (and funny) post on the Corelight blog about his experience at the Black Hat USA NOC (2024) and his process for detecting runZero's SSHamble.com research scans in real-time. Rob and I had a great time chatting with Ben and getting to the see Black Hat NOC up close: https://corelight.com/blog/black-hat-usa-2024-noc-learnings

=> More informations about this toot | View the thread

Written by HD Moore on 2024-11-28 at 16:51

Happy Thanksgiving to my fellow US-ians. This is an annual reminder that Base64 can decode different input to the same output. "Secrets" decodes from U2VjcmV0cw==, U2VjcmV0cw=, U2VjcmV0cw, U2VjcmV0cx, U2VjcmV0c9, and sometimes U2V|jcm|V0c|9.

Base64 makes a bad hash or lookup key!

=> More informations about this toot | View the thread

Written by HD Moore on 2024-11-21 at 22:39

Hello Austin hackers! Tonight is the November AHA meetup (shifted back a week to avoid holiday overlap). Same place and time as usual (Mister Tramps, talks start at 7:00pm). Haven't been to an AHA before? Check out the meeting info (and bring a ~5-10m lightning talk): https://takeonme.org/ #infosec #hackers #atx

=> View attached media

=> More informations about this toot | View the thread

Written by HD Moore on 2024-11-16 at 12:13

Good morning RowdyCon! I'm excited to share some serious NumberWang[1] with the San Antonio hacker crowd. RowdyCon is open to ALL students in a degree programs based in San Antonio (online or in-person). Registration is available at https://www.rowdycon.org/

1. https://www.youtube.com/watch?v=0obMRztklqU

=> More informations about this toot | View the thread

Written by HD Moore on 2024-11-14 at 00:17

Austin Go(phers): it's that time again! Tonight is the November ATX Golang Meetup. Charles Southerland and I will both be speaking. Swing by for pizza, beer, and general nerdiness around Go. Tonight's meetup is at 7:00pm at the Capital Factory on floor 16 (in the "ACL" room):

https://www.meetup.com/atxgolang/events/301842149/

[#]golang #atx

=> More informations about this toot | View the thread

Written by HD Moore on 2024-11-12 at 01:52

Secure your IoT devices by (accidentally) encasing them in concrete. Fortunately this is a POE doorbell and doesn't require battery changes. It does prevent someone from easily getting to the reset button under the bottom lip; does this count as embedded security?

=> View attached media

=> More informations about this toot | View the thread

=> This profile with reblog | Go to hdm@infosec.exchange account