A thing I do at Dragos (not a plug, just thought you might find interesting), is elaborate functional and crown jewel analysis of industrial facilities where I spend days interviewing staff to figure out all the horrible things that could happen and what device could cause them.
Like I literally spend days of my life figuring out what PLC on what shelf could cause places to explode under specific operational and security conditions
It's interesting. I found out how to spoil eggs en masse and also cause cataclysmic chemical chain reactions.
Fun Fact: The first widely-documented attack against a digital industrial control system which caused a major physical disaster was at a sewage treatment plant in Australia.
Homeboy was mad he didn’t get hired on after his contract and used his insider knowledge to dump a metric shitton of well, shit.
This was years before Aurora and Stuxnet and AyPeeTees.
Good morning to all of you well rested infosec folks who are just now waking up to this newest catastrophe :)
Fine, fine, I’ll be nice. While you were sleeping, Google security notified of a long term (allegedly DPRK) SE campaign targeting infosec researchers on Twitter, ingratiating themselves into the community with minor research and blogs, then sending them malicious links and code.
The list of accounts is in the blog and 3 or 4 accounts were very active, messaged and drew in a ton of researchers, and successfully got some to execute malicious code in the name of exploit research. My thread is full of stories and screenshots. They hit a ton of people.
Stop blaming users for security issues caused by *your security team* failing to give them widely usable and secure ways to perform their part of the *mission of your organization*.
*the mission of your organization is likely not keeping malware out.
JFC... with regards to this Facebook phone data leak I see people blaming users for SIM hijacking, even even locks don’t reliably prevent it at carriers, and blaming them for using SMS 2FA, even though most banks still don’t offer another MFA method.
So what CTF stuff did I see at @HackingEsports today that I can pass on to other young hackers in training?
1) There is a *fabulous* and global next generation of hackers out there growing up, and we should be really proud of their hard work and sportsmanship. I definitely am!!
2) No matter what, don't give up, and don't quit the CTF.
Nobody knows everything about hacking or cybersecurity. Even if you're struggling with a CTF, just relax and learn what you can. The point isn't to be first place.
3) Learn when to move on. Today's Windows-based challenge stalled all the participants up for a bit. The difference between the people who finally got flags first and those who got them later was a decision to move to a new host or tool when one wasn't working or going anywhere.
Gee golly, we just got Illinois back to almost manageable COVID-19 stats, and are keeping our ICUs slightly over a 20% threshold. Guess that means allow high school wrestling again (when a bunch of new mutations are floating around).
BuT LeSleY KiDs CaNT lIve wiTHouT sPOrts
jfc I was supposed to
go
overseas
to test
to become a professional martial arts instructor in 2020
after a decade of intense study
I get what missing out feels like.
Can we please just work together to kick this virus so that then we can do all the athletics?!