Manuel D'Orso @cirku17@infosec.exchange
- Keybase
- cirku17
Ⓐ INTJ • Infosec analyst • Metaveillance practitioner • Crypto-anarchism enthusiast • Fellow at Cyber Saiyan
Italy
Joined May 2019
WordPress 5.2.4 Security Release Breakdown
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
RT @ORARiccardo@twitter.com
"Dance like no one is watching, encrypt like everyone is." Ho parlato con @edok_lotosov@twitter.com dei TransCyberian CryptoParty https://www.vice.com/it/article/vb5xbd/transcyberian-cryptoparty-intervista-xenia-ermoshina
Securing Docker Containers https://0x00sec.org/t/securing-docker-containers/16913
RT @Secjuice@twitter.com
Security researcher and OSINT practioner @n0mad42@twitter.com has put together this awesome #osint beginner guide to detecting firewalls and gateways.
https://www.secjuice.com/osint-detecting-enumerating-firewalls-gateways/
RT @evaristegal0is@twitter.com
Così i partiti manipolano l’opinione pubblica online: un problema globale https://www.agendadigitale.eu/cultura-digitale/cosi-i-partiti-manipolano-lopinione-pubblica-online-un-problema-globale/
Manuel D'Orso
boosted
Working on compiling a Ryuk/Grim Spider layer for the MITRE ATT&CK navigator, based on available OSINT, in case anyone wants to help out.
Manuel D'Orso
boosted
~Open Source Security Tool of the Day~
Nebulo is a free, open-source, non-root and small sized DNS changer utilizing dns-over-https and dns-over-tls to bring privacy and security to your phone.
It is fast, contains no ads or tracking and offers a lot of flexibility.
https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md
Vendor related - Intelligence From Internet Background Noise
Analysis of an Exploited #NPM Package || Jarrod Overson
https://www.youtube.com/watch?v=2cyib2MgvdM&feature=youtu.be
Manuel D'Orso
boosted
Blog post: CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins - https://iwantmore.pizza/posts/cve-2019-10392.html
Reading: 3 min
Published: 09/12/2019
Getting started with the "semantic wiki for threat intel" project:
https://semancti.inelemento.it/index.php?title=Main_Page.
Name's SemanCTI, still empty for now but I'll try to put up sample pages with some real intel.
Finding Cyber Threats with ATT&CK™-Based Analytics
https://www.mitre.org/sites/default/files/publications/16-3713-finding-cyber-threats%20with%20att%26ck-based-analytics.pdf
Uncovering #IoT Threats in the Cybercrime Underground
https://documents.trendmicro.com/assets/white_papers/wp-the-internet-of-things-in-the-cybercrime-underground.pdf
Manuel D'Orso
boosted
As cybersecurity issues have mounted, dual-use technologies have proliferated. These technologies can be used for legitimate and socially beneficial purposes. However, they can also undermine human rights depending on how they are deployed. For example, network traffic management technology such as deep packet inspection (DPI) and Internet filtering tools can be used legitimately for traffic management.
A huge database of Facebook users’ phone numbers found online – TechCrunch
@infosechandbook 🔗 https://mastodon.at/users/infosechandbook/statuses/102738432428099346
-
Facebook 
– 419+ million phone numbers found online:
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
#facebook #phonenumbers #leak #public #security #infosec #cybersecurity
Modern Threat Hunting And Response: How TTPs Are Changing The Game - Webcast https://www.sans.org/webcasts/modern-threat-hunting-response-ttps-changing-game-110797
RT @philvenables@twitter.com
Vulnerability Management. A thread.
I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of vuln. mgmt. should be contextualized into enterprise risk/control. But still worth a short thread.......
1/13
DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules
https://www.youtube.com/watch?v=Dz0C55Azn1Y
- Keybase
- cirku17
Ⓐ INTJ • Infosec analyst • Metaveillance practitioner • Crypto-anarchism enthusiast • Fellow at Cyber Saiyan
Italy
Joined May 2019
