Share this page!

Maddie Stone Profile picture
Twitter logo
6 Jan, 11 tweets, 6 min read
2021 was a wild year for 0-day exploitation detection. 2021 was also full of Google Project Zero & TAG publishing lots of good (in my biased opinion) stuff on 0-day exploits. 🧵ICYMI here they are:

#itw0days
1. In January, Project Zero published a 6 part series about a watering hole attack. The series covers the Chrome, Android, & Windows exploits, & the Android post-exploitation behavior of this attack.
Part #1: googleprojectzero.blogspot.com/2021/01/introd…
2. Also in January, @digivector of TAG published about a North Korean campaign targeting security researchers. While 0-day use was never confirmed, evidence suggested that the attackers did use 0-days in some cases.
blog.google/threat-analysi…
3. In February, I published a Year-in-Review of the 0-days used in the wild in 2020, "Déjà vu-lnerability" since 25% of the in-the-wild 0-days detected in 2020 were closely related to previously publicly disclosed vulns.
Blog: googleprojectzero.blogspot.com/2021/02/deja-v…
Pres:
4. In March, Project Zero followed up our in-the-wild series from January with an update on an additional watering hole attack from the same actors as the Jan series.

googleprojectzero.blogspot.com/2021/03/in-wil…
5. And in March, @digivector of TAG followed up with an update on the campaign targeting security researchers that they originally published about in January.

blog.google/threat-analysi…
6. In May, I keynoted AusCERT and gave my favorite talk of the year: "A World Where 0-day is Hard"

7. In July, @_clem1 and I published a TAG blog post on 4 different in-the-wild 0-days discovered by TAG.

blog.google/threat-analysi…
8. In November, @eryeh of TAG published a blog post on an XNU (macOS) privesc 0-day that she and @clecigne discovered as a part of a watering hole attack.

blog.google/threat-analysi…
9. In December, @i41nbeer published a detailed analysis of an NSO iMessage-based zero-click exploit in collaboration with Citizen Lab and Apple.

googleprojectzero.blogspot.com/2021/12/a-deep…
10. In 2021, we also moved our root cause analysis wiki to GitHub which meant it could become more of a community effort. Thank you to the 2021 non-Google contributors: @mmolgtm @jq0904 @amlweems @BouncyHat @dallasl1200! There are 12 RCAs for 2021 up!

googleprojectzero.github.io/0days-in-the-w…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Maddie Stone

Maddie Stone Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @maddiestone

Maddie Stone Profile picture
30 Jun 21
Here we go. I read NSO's 32 page "Transparency Report" published today so you don't have to. 🧵

It says nothing of substance. None of the "approvals" and "processes" and "misuse" and "human rights" that make up much of the report are defined.

nsogroup.com/wp-content/upl…
The few glimmers of details we get confirm to me we need to be concerned about who NSO's technology is being sold to & how it's being used.

I "live chatted" my reading of this to my teammates as my frustration & rage grew. There was so much. I'll limit this to just a few. 2/12
The main two points are:
1. We have strict processes to ensure our technology is not misused in ways that violate human rights.
2. We have no insight into how our customers use our technology.
🤔
This leads in to claims of how little misuse there is. 3/12
Read 12 tweets
Maddie Stone Profile picture
19 Jun 21
This thread from ~yr ago was a turning point for me. Not because the harassment stopped, but because I finally no longer dealt with all this bs predominantly alone. As illogical & irrational as it is, I think I felt shame every time I received one of these messages. 1/x
*I* must have been doing something wrong, *I* must have been less than if all these people took the effort to say these things to me. If colleagues weren’t dealing with this, then *I* must be the problem. I’m *drama*. These were the quiet thoughts. 2/x
And while each time I came out of it knowing those thoughts were incorrect, it was exhausting & took capacity to process the messages and get to that point. Capacity & energy I would have much preferred to spend elsewhere...like maybe my actual work. 3/x
Read 9 tweets
Maddie Stone Profile picture
15 Dec 20
Along with many others in infosec, I've always cautioned against any of the voice activated smart gadgets, largely thinking there's only marginal benefit for the risks of an always-on microphone.

Recovering from surgery with only one usable arm has completely changed my views.1/
Using voice control, which has required turning on the mics on my phone and home mini, has made my quality of life substantially better and even prevented physical pain. 2/
2 days post-op I was staying at family's house & had gone for a nap. I woke up & was completely tangled in the velcro straps from the sling and ice pack. Hair & a pillowcase were involved in the velcro nightmare too. 3/
Read 9 tweets
Maddie Stone Profile picture
31 Oct 20
Can't believe I'm voluntarily wading into this, but here we go.

When you share those full details, that's when I drop everything & get to work (and I usually pull in my teammates too 💁🏽‍♀️). It's not just another cool vuln, it's something being used to harm. 1/6
As an example, here's how I approach it as soon as the details are out:
-understand the root cause & exploit method
-think of potential detection methods & talk to the folks who can implement them if it's not us 2/6
-find variants that the attackers either already have (and may even be using) or could easily switch to and try to get them fixed at the same time as the original bug
-brainstorm fixes, mitigations, system improvements & share them 3/6
Read 6 tweets
Maddie Stone Profile picture
23 Oct 20
Today is the day we've been waiting for! Follow this thread as I highlight @DondiWest as part of the #ShareTheMicInCyber campaign. I am proud to give this talented #cybersecurity practitioner the spotlight. #BlackNatSec #BlackTechTwitter #Share the Mic in Cyber graphic. Says "#ShareTheMicInCy
@DondiWest is a #Cybersecurity Attorney @Microsoft where he tracks global cybersecurity laws and regulations in order to identify and mitigate legal risk stemming from compliance obligations. #sharethemicincyber Connect with Dondi on LinkedIn linkedin.com/in/dondi
Dondi is a proud #HBCU graduate & attended @aamuedu, earning a B.S. in Math w a focus in Applied Stats, & as an ugrad student, published research in regression analysis & number theory. As a student, Dondi went everywhere w his TI-82 graphing calculator, which he still has.
Read 27 tweets
Maddie Stone Profile picture
27 Aug 20
I’m really fucking tired. On average, about every week I receive some message about how I’m “unskilled”, “P0’s biggest mistake”, “not technical”. And about every other month one of these messages is posted very publicly or emailed to my managers. 1/7
This is nothing new since I first was an intern. It’s damn clear that the comments are bullshit. That the people taking the time to send me these msgs or create the anonymous accounts are telling a lot more about themselves than about me. But it’s still exhausting. 2/7
If you’re getting these messages too, it’s not about you. I’ve quite literally done everything these folks asked: I’ve done novel research at every level between a die on a CPU and applications. I have the CVEs. Large volumes of my work are publicly available...and yet. 3/7
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @maddiestone has new unrolls!

Check out other threads from @maddiestone!

Read all threads by @maddiestone

:(