Someone sent me a note the other day that a funeral service for their late friend was being used to start a new Meta group that claimed to offer live streaming of the service.

But of course, those who clicked the link were sent to fake video streaming websites that try to collect payment information before supposedly letting you watch the service.

A little digging showed that not only are there hundreds of these fake funeral streaming groups, but all of them are tied back to some brainiacs in Bangladesh who naturally exposed their identities and operation by trojaning their own PCs.

What's crazy is how the fake funeral streaming groups on Meta are just one tiny microcosm of the scams these dudes in Bangladesh are doing.

Also, now I feel like showering after spending a few hours back on Meta. Eww.

It's been a while since HyperDbg's first release, and we realized our initial assumptions for the command parser won’t fully meet new demands. After redesigning and extensive testing, HyperDbg v0.10.1 now comes with a brand-new parser! 💫😼

Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.10.1

Can anyone help me understand why the Linux kernel sets the SS register segment on x86-64/amd64? The architecture doesn't seem to require it, but it does anyway. I have seen some issues with DOSEMU, signals, and even the sysret not working properly regarding SS, but I didn't see a clear explanation.

"Google, Amazon, and Microsoft control seventy-five percent of the cloud computing market. Meta and Google own half of the fiber optic cables supplying internet services across continents."

…

"So what did GAMM do? They convinced us that our notetaking apps require an internet connection and forty thousand dollar GPUs located on a server three hundred miles away."

https://www.fromjason.xyz/p/notebook/any-technology-indistinguishable-from-magic-is-hiding-something/

I created a threat actor profile for the Chinese state-sponsored APT41: https://infosec.press/screaminggoat/apt41 aka Earth Baku, RedGolf, Wicked Panda/Spider, Winnti Group, BARIUM, Brass Typhoon, Double Dragon, Bronze Atlas, Axiom, BlackFly, GreyFly...

THIS IS WHY WE NEED ONE SINGLE COMMON NAME. Winnti/APT41 activity spans so far back (2010) that some of the links are dead or the reporting companies got bought out. Remember FireEye? Their reports were rebranded as Mandiant after 2021, who got bought by Google Cloud in 2022.

Just FYI, Intrusion Truth is an unknown blog who's scarily accurate. They might be a Western hack and leak intelligence operation. EDIT2: Also the possibility of a disgruntled insider, or even a competitor like i-SOON.

I hope you find this useful. Let me know what other information you'd want to see in a threat actor profile. I'm nowhere close to being done collecting references. It's 3:53am so I'll work on it some more later.

EDIT: 5:30pm and I am tentatively done. A few links are dead and I used web.archive.org to display the archived copy. This is the most comprehensive list that I know of, pooling information from malpedia, MITRE, EDTA, Wikipedia and elsewhere. It even contains a list of exploited CVEs, some of which will be reported to CISA to add to the KEV Catalog.

#china #threatintel #cyberespionage #apt41 #winnti #IOC #chengdu404 #brasstyphoon #infosec #cybersecurity #mss

Frida 16.5.0 adds native breakpoint and watchpoint APIs. There was some attempts to implement those in DWARF and #r2frida already, but having them in the stock SDK makes them way more comfortable to use and stable https://frida.re/news/2024/09/06/frida-16-5-0-released/ #frida

NSA's No Such Podcast: How We Found Bin Laden: The Basics of Foreign Signals Intelligence
Current and former senior NSA officials, who were involved in the search for Osama bin Laden after the September 11, 2001 terrorist attacks, describe NSA's role in the foreign signals intelligence to help find him. You can read the transcript as a 15 page PDF

#nsa #september11 #sigint #intelligence #osamabinladen

Zig's Memcpy, CopyForwards and CopyBackwards

https://www.openmymind.net/Zigs-memcpy-copyForwards-and-copyBackwards/

Discussions: https://discu.eu/q/https://www.openmymind.net/Zigs-memcpy-copyForwards-and-copyBackwards/

#programming #ziglang

Hmm, "apps" in #Outlook what could go wrong?!

My talk on Webkit's JIT compilation at Off-By-One con is up! https://www.youtube.com/watch?v=9rt9ErQKnf8

https://bird.makeup/@offbyoneconf/1830604853573562638

IDA Pro is moving to a subscription model on 30 Sep 2024.

NOW is the time to obtain or renew your perpetual (non-subscription) license.

IDA Pro 8.x will be the last non-subscription version.

#IDAPro #reversing #infosec

Had to verify. And yes. Kernighan and Ritchie really did this. TIL :)

The Internet Archive lost its appeal in the Hachette case. What a huge, devastating loss for all of us.

#InternetArchive

I always wanted to have IDA's graph-overview for source-code.
So I created a small VS-Code extension to do that for me.

https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview

It currently supports Go and C; adding more languages should be relatively straightforward.

#vscode #golang