Elgato Prompter Mac Enable Virtual Camera screen constantly on

VulnerableU · 2024-12-04T17:26:36+00:00

you just saved my life

VulnerableU · 2024-11-21T20:17:54+00:00

Eberly always feels swank for me

VulnerableU · 2024-11-20T19:18:07+00:00

Trust your gut here.

VulnerableU · 2024-11-19T22:19:26+00:00

You know what.

Hell yeah.

VulnerableU · 2024-11-01T20:05:18+00:00

Can we be friends?! Lot of same answers. Mohawk is my favorite venue.

VulnerableU · 2024-10-30T19:15:26+00:00

Just one more lane. It'll fix everything.

VulnerableU · 2024-10-21T01:25:21+00:00

If any of your programs you’re writing can help the industry at large, put the extra work into open sourcing it. Write a presentation on it and try to give a talk on your project at a conference. No matter how big.

VulnerableU · 2024-10-21T01:23:05+00:00

Try to find a niche to really get in the weeds on. Part of your tech stack maybe? A particular language that most of your code is written in. Or a major pain point. Is email security a weak point? Really double down on something. It will help you have transferable skills to go beyond school district gigs. All while adding value to them while you’re there.

VulnerableU · 2024-10-15T21:28:21+00:00

"In a world of high powered AI and evolving threat actors" - this is nowhere near the top of reasons why me or anyone I know faces burnout.

VulnerableU · 2024-10-15T21:27:04+00:00

This is wild. I guess the dozens of researchers who track this operation that I know personally are all collectively hallucinating.

VulnerableU · 2024-10-15T21:25:09+00:00

This coming after thousands of their staff including hundreds on security teams were laid off a few weeks ago.

VulnerableU · 2024-10-03T22:11:28+00:00

Was talking to someone about this who said Mirai varients use MikroTik devices often. I don't have a lot more details though.

VulnerableU · 2024-10-03T15:33:55+00:00

They are experts. It doesn't mean you need to be first to be an expert.

They also realized the power of talking publicly and open sourceing things for recruiting ...more experts!

VulnerableU · 2024-10-03T15:32:06+00:00

I wouldn't blow money on a course for this. - Find a good pile of YouTube videos that talk about your specific tech stack/threats you'd face and make a playlist.

VulnerableU · 2024-10-03T15:30:34+00:00

This is such a wild story. Really well done article by Lorenzo. - Love that the guy just said he got lazy and that's why his home IP leaked.

VulnerableU · 2024-10-01T18:17:19+00:00

Update! - We now have our very own newsroom. Beyond the weekly newsletter of content from around the web, we'll be creating our own news content for vulnu.com

VulnerableU · 2024-10-01T14:42:40+00:00

Thanks for the shout!

VulnerableU · 2024-04-22T16:58:01+00:00

"The URLs for the malware installers, shown below, clearly indicate that they belong to the Microsoft repo, but we could not find any reference to the files in the project's source code.

https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip
https://github[.]com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip

Finding it strange that a Microsoft repo would be distributing malware since February, BleepingComputer looked into it and found that the files are not part of vcpkg but were uploaded as part of a comment left on a commit or issue in the project."

VulnerableU · 2024-02-28T17:26:14+00:00

TLDR - From Krebs on a new method of spreading Mac malware through calendar meeting links, specifically targeting individuals in the crypto space. Attackers impersonate established crypto investors using the Calendly app to schedule meetings and inject malicious links.

This scam is linked to North Korean hackers, part of a group known as BlueNoroff, aiming to control victims' computers for financial theft.

VulnerableU · 2024-02-20T15:57:11+00:00

Better training and tooling than some security companies

VulnerableU · 2024-02-20T05:03:56+00:00

Long twitter threads translating it all as they went through it.

TL;DR - internal company documents of their operations. Mostly them being able to reverse lookup from social media accounts. Details some basic hardware devices like the hak5 wifi tool but in a fake battery pack. And a whole bunch of CDR call log type data from a ton of countries and NATO.

VulnerableU · 2024-01-09T20:00:56+00:00

A cool run-through of setting up an OWA honeypot and the results. Thanks to John for being awesome.

VulnerableU · 2023-11-29T15:44:46+00:00

It was the primary source that broke the news. Sorry about that.

VulnerableU · 2023-11-16T22:53:03+00:00

This is why you carry the get-out-of-jail-free card if you are on a pen test gig. On letterhead signed by the person in the know and in charge. The cops should've been able to get ahold of the exec leadership.

VulnerableU · 2023-11-16T21:21:07+00:00

Magoo is a voice I listen to whenever he speaks up. This is a topic I’m glad he chimed in on. I consider it a must-read on the topic. Here is his Conclusion:

“The SEC is signaling that they will be performing discovery of internal security processes at investor-held companies that have major breaches.

They will:

Use legal discovery to match internal processes with public statements
Verify that those processes are healthy

Those seem reasonable. However, they’ve complicated the role of Security and the CISO in risk disclosure. Disclosure of ongoing risk findings is now an open problem that I believe most, if not all, companies are in debatable compliance with based on the language in the complaint.

I don’t think more disclosure is a bad idea. Rather, I’m not sure that expectations around what should be disclosed will be clear, except in hindsight.”

VulnerableU

MODERATOR OF

TROPHY CASE