Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tal Be'ery Profile picture
Tal Be'ery
@TalBeerySec
Security Research Manager. Co-Founder, CTO @ZenGo. Advisor @ZeroNetworks. x-VP Research Aorato, acq by @Microsoft. 9 times @BlackHatEvents speaker.
Jun 4 4 tweets 2 min read
1/ There is a bigger security lesson here, applied to infosec too:
We often dismiss (e.g. lower CVSS) attack vectors that require proximity.
However, in many cases all it takes to make such attacks feasible is a carrier to bridge the distance
@thegrugq @dinodaizovi @ImposeCost 2/ In this case the "local" FPV drones attack was made possible with trucks that bridged the thousands of KMs separating Ukraine and the attacked Russian airbases (and relaying the control protocol over 4G/LTE).

Infosec examples below: Image
Jan 17, 2024 8 tweets 3 min read
1/ A technical writeup on @Meta’s @WhatsApp privacy issue:
WA leaks victim devices’ end-to-end encryption (E2EE) identity information (mobile device + up to 4 linked devices) to any user, by design, even if blocked and not in contacts.
medium.com/@TalBeerySec/h… 2/ for example it can be applied on Hamas leaders (which obviously I did not have previous communication with)
Mar 14, 2022 7 tweets 3 min read
1/ A (over-?) simplified summary 🧵 of #Ethereum data signing methods evolution.
data signatures are used for off-chain use cases ("sign in to app") or verified by smart contracts (e.g. ERC20 permit to save gas)
#web3 Image 2/ Eth_sign (legacy): in the beginning, client could sign anything, which of course could allow attackers to serve valid on-chain transactions as data for the victims to sign
Jan 25, 2021 8 tweets 8 min read
1/ Solving the root cause of #GoldenSAML attacks, recently used in #Sunburst attacks.
Don't of scale security "UP", burying #SAML's private key deeper in HSM,
scale it "OUT": distribute it w/ modern crypto (#TSS #MPC)+ service architecture, as we do for #cryptocurrency @ZenGo 2/ Advanced attackers (#APT) steal long term secrets ("the stamp") that allow them to issue access tokens and thus access all services in victims' environment, bypassing all security, including multi-factor auth (#MFA,#2FA)
Jan 23, 2021 4 tweets 4 min read
Abusing #ADFS for #GoldenSAML attack, heavily used by #Sunburst attackers.
To get context, see the fabulous '19 talk @WEareTROOPERS by @doughsec @BakedSec of @Mandiant @FireEye (the irony..)
Slides: slideshare.net/DouglasBiensto…
Nov 5, 2020 5 tweets 2 min read
1/ IT politics is part of the "physics" of the security problem, much like friction, noise and air resistance in the physical world.
An often overlooked aspect of security solutions is that they empower CISOs to mitigate issues without asking others for help 2/ Per the "Kerberoasting" example mentioned by @jaredhaight, the naive solution would be to just ask service account owners to upgrade password strength.
However, the CISO may have a security solution that monitors Kerberos requests to the DC and blocks massive harvesting
Feb 3, 2020 6 tweets 3 min read
1/ I just published Hitting a CurveBall Like a Pro!
Using #wireshark to detect and hunt #curveball exploits by following the NSA advisory
link.medium.com/JarIb0qQM3 2/ detecting non-standard elliptic curve params
Nov 26, 2019 5 tweets 3 min read
1/ Adding details from #NSO Group request for injunction against #Facebook
#NSOgroup 2/ The gist of it: Facebook breached their TOS as it allows blocking only in cases the blocked user actually violated the TOS and requires informing the blocked user