I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable.
Today, we published this Field Guide to incident response for civil society and media, which I’ve been working on for the past year or so and which I am pretty excited about internews.org/resource/fie...
Yes, for sure. Otherwise does the project even exist?? I tried briefly playing a bit with Dall-E but didn't get any satisfying results :(
We are looking forward to integrating formats such as dfiq.orgtimesketch.orgturbinia.plumbing, and misp-project.org!
Please feel free to use (and tell us when you do! we love hearing about people's use-cases), file lots of bugs, and feel free to contribute: guides, documentation, even cool screenshots, everything is welcome.
The changes in the codebase have been massive (remember, it's only 2 people working on this): 480 commits to the API server. 139 commits to the frontend SPA.
This version marks the start of a focus shift away from classic CTI and towards a platform for DFIR teams wishing to integrate CTI in their pipelines for incident response, threat hunting, and detection, and to be able to collate "forensics intelligence" to share with other teams
This has been years in the making, literally. @Sebdraven and I are happy to announce the release of #Yetiyeti-platform.iogithub.com/yeti-platform/yeti#DFIR#infosec#CTI#cybersec
The talk I have at @hack_lu about Yeti and our vision of the future of forensics intelligence is online! We're already getting lots of FRs, which we'll do our best to implement before our official release EOM. Hope I made @Sebdraven proud 🥹 #dfir#infosec
I haven't had time to talk about it, but @sebdraven and I are giving a talk this week at #HackLupretalx.com/hack-lu-2023...#DFIR#infosec#CTI
