Shmoocon 2019, John O’Neil's 'Five-Sigma Network Events (And How To Find Them)' →
Medieval Diseases Find New Vector In United States: The Homeless
via Anna Gorman writing at The Atlantic (along with Kaiser Health News) are sounding the klaxxon horns in warning of an astonishing fact in the United States: The influx of infectious diseases in the homeless populations of several states. This my friends, is a true and deadly emergency.
And then, there's this...
Shmoocon 2019, Adir Abraham's 'Reversing SR IOV For Fun and Profit' →
Shmoocon 2019, Ariel Zelivansky's 'Writing A Fuzzer For Any Language With American Fuzzy Lop' →
Shmoocon 2019, Adam Everspaugh's 'Un-f*$#ing Cloud Storage Encryption' →
Shmoocon 2019, Wendy Knox Everette's 'Incident Response And The Attorney Client Privilege' →
Shmoocon 2019, Christian Paquin's 'Post-Quantum Crypto: Today’s Defense Against Tomorrow’s Quantum Hacker' →
Shmoocon 2019, Matt Blaze's 'It’s 2019 And Special Agent Johnny Still Can’t Encrypt' →
Dark Web Two-Step
Jason Rivera (a Director at CrowdStrike) and Wanda Archy (a Supervisor in RSM's security practice, targeting the Dark Web), writing at Small Wars Journal, in a remarkable tour de force of darkness - in this case, the darkness relates to the so-called Dark Web, and it's apparent suitability for nation-based and non-nation-actor warfare. I can assurte you, Mr. Rivera's and Ms. Archy's paper (in the form of a post) should be considered as today's Must Read.
"Warfare has always and will always continue to evolve – it is therefore prudent for national security professionals to be aware of this evolution and familiarize themselves with the various technological intricacies that will continue to shape the evolution of warfare. The Dark Web, like other emerging technologies, is one of those technological intricacies. " - Jason Rivera and Wanda Archy writing at Small Wars Journal
Shmoocon 2019, Evan Jensen's & Rudy Cuevas' 'iPhone Surgery For The Practically Paranoid' →
Shmoocon 2019, Andrew Wong's & Phil Vachon's 'Social Network Analysis: A Scary Primer' →
Alleged Peoples Republic of China Hack Targets 27 Universities, US & Canadian Maritime Military Secrets Ostensibly The Loot
Shannon Liao, writing for The Verge, has posted an interesting piece detailing an alleged Peoples Repbublic of China operation targeting United States Department of Defense data relevant to research at those universities (reportedly, the Massachusetts Institute of Technology, University of Washington {in Seattle, Washington} and University of Hawaii were listed as targeted institutions). Originally via Dustin Volz, writing for The Wall Street Journal (Paywall).
"The group has been given various nicknames by security researchers, like Temp.Periscope, Mudcarp, or Leviathan. Its connection to the Chinese government is unclear, but because the group appears to be targeting US military data, analysts believe the Chinese government is a likely sponsor. The same was reportedly behind the hacking of a US Navy contractor last June. " - via Shannon Liao, writing for The Verge
Shmoocon 2019, Tarah Wheeler's & Roy Iversen's Équipe Rouge: The Ethics Of Prosecuting An Offensive Security Campaign' →
Shmoocon 2019, Nicole Schwartz' 'Specialists Versus Jack-Of-All-Trades' →
Windows 10, IoT Core Test Subsystem Permits Device Control Seizure
Why of Why Did I Take The Blue Pill... via BleepingComputer writer Sergiu Gatlan comes research output by SafeBreach security research Dor Azouri, that the tests are focused on the ARM based release, and not the x86-64 product. More information is available at the project's Github site. Additionally, Dor's white paper detailing the project is available under the title "SirepRAT: RCE as SYSTEM on Windows IoT Core", a truly outstanding security project; and a H/T to Sergiu Gatlan - for his original superb reporting.