Saint Irénée
Toulouse
Météo 34°C ciel dégagé

Space & Security News

The Age of Integrity

Date inconnue

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by...

Lire plus

White House Bans WhatsApp

Date inconnue

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of...

Lire plus

What LLMs Know About Their Users

Date inconnue

Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all. Here’s a prompt you can use to give you a...

Lire plus

HTB: Retro

Date inconnue

Retro starts with an SMB share and note about a trainee account that uses the username as the password. From there, I’ll find a machine account that’s old and has the pre-Windows 2000 password set. That account allows me access to ESC a...

Lire plus

Scans for Ichano AtHome IP Cameras, (Mon, Jun 23rd)

Date inconnue

Ichano's "AtHome Camera" is a bit of a different approach to home surveillance cameras [1]. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The...

Lire plus

Largest DDoS Attack to Date

Date inconnue

It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video...

Lire plus

HTB: Titanic

Date inconnue

Titanic offers a website and a Gitea instance with the source code. I’ll look at the source to identify a directory traversal / file read vulnerability. I’ll use that to read the Gitea DB and crack a hash from the users table. That password works...

Lire plus

ADS & Python Tools, (Sat, Jun 21st)

Date inconnue

Ehsaan Mavani talks about Alternate Data Streams (ADS) in diary entry "Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary]". I'm taking this as an opportunity to remind you that Python tools on Windows and an NTFS disk,...

Lire plus

Administrator Protection

Date inconnue

Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an understanding of how this technology works and how it interacts with existing offensive tooling. While this technology is just a thin wrapper around a...

Lire plus

Surveillance in the US

Date inconnue

Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of...

Lire plus

Aucun article de sécurité disponible