Olivia
Online
Zach Grace'--
@ztgrace
I make strings that do bad things.
MKE
Joined May 2013
487 Following
766 Followers
1.8K Posts
Finally got around to finishing my first blog post. If you are doing AWS detection engineering, you may find this useful.
https://t.co/n71KcbDgXT
RT @orange_8361: Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! Highlights include:…
Living Off the Pipeline
https://t.co/SHxp92nOwz
Binarly is the only company that developed the generic detection of XZ backdoor implantation and released a free detection tool and public API access (https://t.co/VeNtPledKh).
Current statics: 📈5000+ scans, 🚨76 unique variants of the #XZbackdoor detected!
Most of the other detection tools we have seen have focused on simple version checks, hash-based detection of the backdoored component, or YARA rules of the hardcoded unique string constants. All of these could lead to massive alert fatigue and false positives at scale by overloading security teams.
Who to follow
Lee Chagolla-Christensen
@tifkin_
I like making computers misbehave. Does stuff at https://t.co/YsrVyTjOY7.
https://t.co/UsRIholZ3M
Scott Sutherland
@_nullbind
Security Researcher @NetSPI | PowerUpSQL Author
@[email protected]
@christruncer
Deputy Chief, Red Team, CISA && BJJ && Veil Framework / Open Source Dev, @christruncer.bsky.social
Anybody else wish that the underhanded coding competitions were still a thing? After all the XZ shenanigans I'd love to see some underhanded buildscript techniques. Though I still want C and a million other languages too.
What kind of prize would be enough to entice folks?
I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-)
https://t.co/CvKo3xPRkP
Can't wait for the first dynamo table that gets exposed and exfilled. 😨 Are we really sure knowing account ID's isn't important?
https://t.co/6jrR4bqDHC
Today we’re releasing weAudit, the VSCode extension we use during secure code reviews to collaboratively take notes and highlight code regions. https://t.co/e0ZnmknQjU
🗺️ TrailDiscover: Mapping CloudTrail events to Incidents
@Flekyy90 has released https://t.co/C8ZwOeRQ1h, an open-source mapping of 256 CloudTrail events to 50 known security incidents.
51.5% of included events have been used in the wild!
https://t.co/drMnl2yXnX
😈 Hacking Terraform State for Privilege Escalation
@dagrz demonstrates how an attacker with access to modify a Terraform State file can insert a malicious provider that will execute code on the next `terraform init`
+ mitigation guidance
https://t.co/iGbx2KyIeb
My method for spinning up replica domains and labs with ease! From client centric domains useful for testing evasive payloads; to testing the newest techniques in a range.
PoisonedRAG: Knowledge Poisoning Attacks to Retrieval-Augmented Generation of Large Language Models
(non-peer-reviewed)
"we propose PoisonedRAG , a set of knowledge poisoning attacks to RAG, where an attacker could inject a few poisoned texts into the knowledge database such that the LLM generates an attacker-chosen target answer for an attacker-chosen target question"
"our attacks could achieve 90% attack success rates when injecting 5 poisoned texts for each target question into a database with millions of texts"
paper: https://t.co/ODVX31d1xv
code: https://t.co/4Vu5gzekhE
container breakout / runc vuln https://t.co/TmxPkbkPym More details on CVE-2024-21626 Here: https://t.co/zg391SDQtg
We've witnessed attackers using new attack techniques in AWS:
• Creating a large number of ECS clusters for crypto mining
• Using EC2 Instance Connect for lateral movement
• Using AWS Resource Explorer for enumeration
https://t.co/AQgLB5K0Tp
This is by far the most interesting vulnerability I’ve found - a critical misconfiguration in GitHub’s runner images repository! Here is the full detailed write up:
https://t.co/25BxESuIj4
Did you hear, the November MilSec is just over a week away! 🎉
This month's MilSec Meet will be on Thursday, Nov. 9, at Pistol Pete's. If you're around Brookfield, don't miss out!
See you next week! RSVP here 👇
🔗https://t.co/APfVuU7jKR
#MilSec
Given that @pdnuclei has posted a full PoC for CVE-2023-46747, we're sharing the full F5 RCE blog post now. Link is https://t.co/6CWJ01Chk4. Shout outs to @iamnoooob @rootxharsh for getting the PoC in < 72 hours and to @OrangeTsai for the inspiration! #f5 #cve202346747 #nuclei
@iagox86 @praetorianlabs CVE-2023-46747 was issued for the vulnerability and https://t.co/TtWKD4h0zu is the hotfix.
F5 BIGIP is vulnerable to a smuggling request vulnerability that an attacker can exploit to achieve unauthorized RCE. Our vulnerability research team responsibly disclose this to F5, which released a hotfix today. https://t.co/dSMv9w6ga9 #vulnerabilityresearch #f5 #cve
How to decode the AWS account id from AWS key id
https://t.co/Q0URWCjIch
standing on the shoulders of giants: @0xdabbad00 @__steele
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers