ProTip: Don’t buy Broadcom stock. Missing licenses, support 800 number goes to voicemail. Not great.

We found a Remote Code Execution (RCE) vulnerability in @Ollama - one of the most popular AI inference projects on GitHub. Here is everything you need to know about #Probllama (CVE-2024-37032) 🧵👇

Abusing Active Directory Certificate Services Part 1: blackhillsinfosec.com/abusing-active… Part 2: blackhillsinfosec.com/abusing-active… Part 3: blackhillsinfosec.com/abusing-active… Part 4: blackhillsinfosec.com/abusing-active…

After our Polyfill publication, someone launched a DDoS attack against our infra. We restored our primary services, but now the attack has shifted to our payment provider who has temporarily suspended us. x.com/sansecio/statu…

Nobody is being appreciative of the fact regreSSHion hit on a Monday not a Friday.

Wonder what CrowdStrike stock will do today? -10% in pre-markets #CRWD #SPY

Are we *sure* the CrowdStrike crash wasn't deliberate? They pushed a file full of NULL bytes to their agents which caused the BSoD...

Leaked footage of CrowdStrike's legal department this morning

Enough bad news, anyone know of any IT teams recovering from this debacle in heroic or especially clever ways?

We somehow missed a semi-undocumented CrowdStrike EDR disable* technique that was unveiled in 2022. It requires administrative access. This makes it more difficult to perform in enterprise environments. Jonas L discovered the CrowdStrike minifilter did not catch NtCreateFile

CrowdStrike Preliminary Post Incident Review (PIR) is released: crowdstrike.com/falcon-content…

The "Illicit Consent Grant Attack", showcased for Microsoft 365 / Azure Active Directory Entra ID / whatever you call it now, with a rogue app to install leveraging Oauth permissions to do your dirty work in a cloud tenant: jh.live/Bd3Tv_n9Kh4

.DuckDuckGo should offer an option to exclude Cloudflare websites from search results for The Tor Project users.

HELP!

SUDO_KILLER: identify and exploit sudo rules’ misconfigurations and vulnerabilities within sudo meterpreter.org/sudo_killer-id…

DuckyScript payload executing in a single video frame thanks the addition of “USB Overclocking” on the OMG Cable. The terminal window here was completely closed, not minimized! And it was a reverse shell that started running in the background but could apply to most payloads.

🤝 Kick off the evening with great conversations and new connections! Our pre-keynote reception is the perfect place to mingle with industry experts before diving into @danielmiessler’s transformative session on AI in security. #SANSNetworkSecurity #SANSLiveTraining

Telegram quietly updates FAQ, removing: "All Telegram chats and group chats are private amongst their participants. We do not process any requests related to them."

ChromeKatz: Dump cookies and credentials directly from Chrome/Edge process memory github.com/Meckazin/Chrom…

Playing with AD CS. Cert template with ESC1… Domain User -> Ask for SAN in cert -> DA So cool….