Just a reminder, you can support infosec.exchange through liberapay: https://liberapay.com/Infosec.exchange/
It's been 5 years since the Italian hacker-for-hire contractor Hacking Team had its tools stolen and dumped online. Now a China-linked hacker group is reusing the defunct company's leaked UEFI #spyware to infect the deep recesses of victims' computers.
Happy #Caturday from my old friend, Thor ❤️🐈 ❤️
Save the date for the virtual Purple Team Summit on Friday, November 13, 2020.
This is a community driven event for the entire Purple Team from all levels including Executives to Students. We want to get Cyber Threat Intelligence, Red Team, Blue Team, SOC, Hunt Teams, Digital Forensics and Incident Response, and everything in between together for this free conference and workshops. More details coming soon.
The Call for Presentations is now open til October 18, 2020.
RaspAP lets you quickly get a WiFi access point up and running to share the connectivity of many popular Debian-based devices, including the Raspberry Pi. Our popular Quick installer creates a known-good default configuration that “just works” on all current Raspberry Pis with onboard wireless. A responsive interface gives you control over the relevant services and networking options...and lots more.
How to properly manage ssh keys for server access :: Päpper's Coding Blog — Have fun coding.
Every developer needs access to some servers for example to check the application logs. Usually, this is done using public-private key encryption where each developer generates their own public-private key pair. The public keys of each developer are added to the authorized_keys file on each server they should have access to.
Get ready for TikTok scams.
Hey. Short #introduction
My name is Michael, and I like to talk about all sorts of technologies, especially security-related ones. I had been active here for a while, but a fresh start never hurts, I guess.
I am currently getting used to i3wm on Debian, work on my blog and wiki, and plan to complete some certs soon.
Some things I want to do soonish: hosting an IRC server and start coding web apps and bots in Python (Flask)
Happy to be here again.
New Windows exploit lets you instantly become admin. Have you patched?
Zerologon lets anyone with a network toehold obtain domain-controller password.
I loved Pantera and Metallica when i was in high school (ack - >30 years ago!) and had a chance to listen to Metallica and felt long dormant neural pathways firing again, but damn that is some slow and boring music.
could someone please explain PreLoader.efi to me? from what i could find, it seems pointless. it's a bootloader signed with microsoft secureboot keys, but it will execute any binary the user adds to its hash database, which apparently doesn't require any kind of authentication. what prevents an attacker from e. g. modifying the kernel and then adding its hash?
A Mastodon instance for info/cyber security-minded people.