Olivia
Online
Mathieu D.
@_mdeous_
Random infosec worker / Coffee addict / Rum lover
Paris, France
Joined April 2010
740 Following
825 Followers
9.1K Posts
reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first.
AWS Nitro Enclaves offer strong isolation for sensitive workloads but require careful security implementation. Learn how to avoid common pitfalls and harden your enclave deployments. https://t.co/aiDjLLfXN7
Discover how to determine the AWS account ID associated with access keys using sts
or by decoding the key itself. Learn these effective techniques for better AWS environment assessments. Dive into the details here: https://t.co/vBe8GEFETH
Following on from our #GitHub action exploitation series, @hugow_vincent discovered a new exploitation technique that allowed us to push arbitrary code onto the spring-security project using the Dependabot GitHub app.
https://t.co/y53ZVySc8C
@florent_viel Il y a Hiya (ce qui est utilise sur les Samsung) par contre en app standalone je ne sais pas ce que ca vaut
Bluetooth LE spam attack is now ported to dedicated Android app to push notifications for Android and Windows
For Android, is can advertise over 170 devices
https://t.co/mT6It2DjbW
OpenAI's security team noticed that a group reverse engineered and was abusing ChatGPT's internal API. Instead of shutting them down, they quickly replaced ChatGPT with CatGPT… and then lurked in the attackers' Discord to watch the chaos. Absolute legend. https://t.co/g1mloXtKCN
Excited to launch my first browser extension, DOMLogger++! Now available for both Firefox and Chromium! 🎉
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations 🔥
Check it out 👇
https://t.co/D9OiEIKQp3
1/5
PS If a viral report goes around saying there’s a vulnerability and you should turn off link previews, there’s really not a lot of cost to being cautious for a day or two. It’s not like someone is asking you to inject chlorine into your veins.
If you dont know why @xillwillx and #sub7 is trending in hacker land because you weren't born, this retrospective review by @DarkCoderSc is a good summary. It was the 1999 hackers preferred RAT tool that inspired the likes of DarkComet. https://t.co/wmnqMRPzHF
I'm dumping this before my talk at @bsidesct so I don't get distracted. Enjoy fuckers.
https://t.co/LnaE96R1z5
cc: @vxunderground
My team just released a Kubernetes attack path tool named KubeHound!
Release blog post (with examples)
https://t.co/v5TyHMfhMw
Website / docs: https://t.co/97ZWGd8u8W :D
Should be able to handle large k8s env!
Feedback welcome!
#ESETresearch uncovered a #Lazarus attack against an aerospace company in 🇪🇸, deploying several tools, most notably a publicly undocumented and sophisticated RAT we named LightlessCan. The attack is part of Operation DreamJob. @pkalnai https://t.co/VK9nGEn2Gp 1/6
In the spirit of "this talk could've been a tweet", I just pushed a button:
#BinDiff is now open source.
- Snapshot release, no major new functionality
- Release binaries later today or tomorrow
- This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)
Repeat after me: no amount of security awareness training will solve the social engineering problem. You might as well be relying on ancient chants and sacred crystals if this is the plan.
Thank you for coming to my TED talk...
New: I tracked the precise movements of an NYC subway rider. Saw what specific time they got on and at what station. It became obvious which station was nearest to their home.
This was all because of a 'feature' on the MTA website
Wide open to abuse https://t.co/334xmokeFB
Just published a little presentation "ST25TB series NFC tags for fun in French public transports" 🥝
It demonstrates why it's not a good idea to use chips without authentication (like SRT512 & ST25TB512-AT) for convenience transport tickets
> https://t.co/My91mnxg4Y
I wrote an article on bypassing BitLocker on a Lenovo laptop:
https://t.co/ZB5n7AGCXB
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers
✨
⭐
💫