According to the Epstein files, he had a "personal hacker" working for him. The FBI document says Epstein's personal hacker was an "Italian citizen born in Calabria who developed zero-day exploits and offensive cyber tools and sold the tools to governments."
https://www.justice.gov/epstein/files/DataSet%2010/EFTA01683874.pdf
"[Redacted] sold a zero-day to Hebollah. [Redacted] was known as the first person to hack and find vulnerabilities in Blackberries and iOS. He was known for finding Firefox vulnerabilities. [Redacted] former company was acquired by CrowdStrike in fall of 2017 and was currently a vice president there."
"S//NF= was very good at finding vulnerabilities was friends with "old school" European hackers. "Received a trunk of cash from Hezbollah when was in Italy; drove the money to Switzerland and deposited it in another ba [redacted]. [redacted] owned a theater company in California and he used the theater company to launder his zeroday money
"Made six figures from the sale of his zero-days. He sold his tools to United Kingdom GCHQ and provided training to the organization. He also sold his zero-days to a Central African government, as well as Hezbollah for political reasons. The Italian Government asked for help, but [redacted] declined because he felt the Government was incompetent. Calabria was mob-controlled an did not have much loyalty for his birth country.
"[Redacted] sold his exploits to the United States and United Kingdom, but he would not sell to Asian countries because he a is racist. He was also anti-Semitic. [Redacted] was terrified of Russia, however, and would never travel there. He lived in Dubai at one time, and was acquainted with the [redacted] lived in Oman as well. He may have an Iranian and Israeli passport, in addition to his Vatican City passport"
Looks likely the top commenter here is correct about "Epstein's hacker":
RE: https://mastodon.social/@XC3LL/115990518822402879
Very valuable insight if you are into #redteaming
For researchers and those trying to disclose incidents responsibly or get help:
There is an international organization called FIRST.
From the FIRST Teams website:
"This is a list of the contact information for incident response teams participating in FIRST, the Forum of Incident Response and Security Teams. The teams are responsible for providing FIRST with their latest contact information for this page. The list is alphabetized by team name. All telephone numbers are preceded with the appropriate country code."
There are 829 teams listed. Some are government CERT teams, some are corporate incident response teams.
You might want to bookmark the site to speed up your attempt to contact these teams:
@cR0w Fursuits are a natural evolution to working in server rooms
I appear to have created a "sound card" for a 4-bit CPU.
As you do.
today’s one-sentence horror:
sudo has been largely maintained by a single person for ~30+ years
Finally had some time and llm subscription enough to refactor my asynchronous WinRM library awinrm.
It is based off of pywinrm, but has two key improvements: async and native (python) auth types including kerberos.
Available on Github and pip.
https://github.com/skelsec/awinrm/releases/tag/0.1.0