Monta Elkins

Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch An international law enforcement operation shut down a service called SocksEscort, which allegedly helped cybercriminals all over the world launch ransomware and DDoS attacks, as well as distribute ch...

Repeat after me: routers are computers running software that may be vulnerable.

#HardwareHacking

--

Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch share.google/8YDTmTcb3WTN...

I had a great time on Jim's podcast discussing malware analysis, reverse engineering, working at Dragos, and a little bit of my personal history.

www.youtube.com/watc...

Important notice for OT environments.

“Users have reported their devices were updated from Windows 11 version 24H2 to 25H2 without authorization.”

share.google/yFQ66466QPr5...

Memory bit flips cause up to 15% of Firefox crashes, asserts Mozilla engineer — figure inferred from 470,000 auto-submitted crash reports Some proportion of these bit flip-induced crashes will be due to a cosmic ray passing through.

Interesting.

What do you think?
--

Memory bit flips cause up to 15% of Firefox crashes, asserts Mozilla engineer — figure inferred from 470,000 auto-submitted crash reports | Tom's Hardware share.google/da5YE7ab1UxV...

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.

Today is a good day to check ALL of your edge protection.

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical share.google/GPrycC23G9i1...

Feds Used Online Advertising Data to Track the Public's Phone Locations An internal DHS document reveals how data collected by the advertsing industry could be used for government surveillance.

Location information provided by the apps you install on your phone is available for sale to anyone.

Feds Used Online Advertising Data to Track the Public's Phone Locations share.google/GeebTCOsGMdT...

Come join my Birds of a Feather (BOF) session at RSA where we discuss unexpected wireless hardware in our equipment. How to find it, what to do about it. It's a open discussion. I'd like to hear your thoughts.

path.rsaconference.com/flow/rsac/us...

#SANSInstitute #RSAC2026 #SansICS

Attackers keep finding the same gaps in security programs - Help Net Security Managed XDR threat report on attack activity, shows how identity compromise, 3rd party access, and ransomware drive real-world incidents.

Good security info here.

Maybe the basics aren't so basic after all?

Or just not particularly common.

Attackers keep finding the same gaps in security programs - Help Net Security share.google/1QGED52NW61q...

CISA orders federal agencies to replace end-of-life edge devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer re...

I would bet this is based on "experience" from intelligence agencies. Locations to affect operations is easier when the device has "forever days".*

*Forever day, kind of like a zero day except it will never be patched.

www.bleepingcomputer.com/news/securit...

Nitrogen can't unlock its own ransomware after coding error : Gang walks away with nothing, victims are left with irreparable hypervisors

Don't pay these attackers

Don't fund their second houses.

Don't make their boat payments.

Don't finance their retirement.

If you pay them, they will come.

Even if you pay them you still have to do the security.

And sometimes paying them doesn't work.

www.theregister.com/2026/02/04/n...

New video · Wednesday, Jan 7 🎬 Tap to view!

Working with RF and a commercial($$$) Faraday cage is tricky. My SDR radio is sealed inside. Watch as RF is radiated from me to the laptop traveling the USB cable into the Faraday cage and the SDR receiver.

photos.app.goo.gl/6GzoNdygezMn...

@sansinstitute.bsky.social
#HardwareHacking
#SEC617

These are the high scorers in my SCADA security class in D.C. last month. What a great bunch of folks!

@sansinstitute.bsky.social
#SANSICS
#ScadaSecurity

Denmark Orders Public Officials to Turn Off Their Bluetooth Due to High Risk of Being Spied on by U.S. Intelligence Denmark’s urgent Bluetooth crackdown reveals deep fears about invisible surveillance in a high-stakes geopolitical hotspot.

#Bluetooth #HardwareHacking

Denmark Orders Public Officials to Turn Off Their Bluetooth Due to High Risk of Being Spied on by U.S. Intelligence

share.google/nBgXDPRRKxaq...

Hardware Hacking Workshop at RSA.

Attend my hands-on hardware hacking workshop: program a microcontroller to attack a computer, and keep the device when you're done.

#HardwareHacking
#SANS

I am alternately amazed by AI's grunt work and appalled by its stupidity.

It always teases me in programming projects by getting to 80% done very quickly and 100% done frequently never...

I'm excited about getting my new bread rack put together in my below ground lair.  It’s giving me more space for upcoming projects.

#HardwareHacking
#BelowGroundLair
#LaBORatory

#HarwareHacking, a little out of the ordinary. A Wall-e robot repair.

#walle
#Robot
#Repair

www.linkedin.com/pulse/hardwa...

Hat tip to @randirain.bsky.social

China holds the GPS advantage over the US. Here’s why, and how to solve it. - Breaking Defense US strategic planners must confront an uncomfortable truth, writes Sean Gorman in this op-ed: A core pillar of American military and civilian power is far more vulnerable than many assume.

China using a more redundant approach to PNT, position navigation and timing, including ground stations as opposed to only space-based "GPS" as most countries do.

breakingdefense.com/2026/01/chin...

In Washington DC teaching a cyber security class for critical infrastructure.

My workshop after class was a lot of fun and a big hit.

A participant said: "The highlight? Monta Elkins's hands-on workshop, where we programmed a $4 microcontroller to execute USB HID attacks. "

The FBI is asking for help with 'unjammable' drones – but we don't yet know how they'll be used The FBI wants information from companies who can supply drones which use fixed optic fiber connections.

Curious.

FBI looking for unjammable drones.

The FBI is hunting for 'unjammable' drones – and these flying cameras use one very old-school trick to stop remote attacks | TechRadar share.google/i43iIVcIQHfF...

I hear there's a really good talk happening Tuesday night, live and online. :)

#HardwareHacking.

Sign up here:

www.sans.org/orlando-fall...

Shutdown Sparks 85% Increase in US Gov't Cyberattacks Attackers are pouncing on financially strapped US government agencies and employees. And the effects of this period might be felt for a long time.

"Shutdown Sparks 85% Increase in US Gov't Cyberattacks"

share.google/cfhUcXE7JlIK...

How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA WIRED recently demonstrated how to cheat at poker by hacking the Deckmate 2 card shufflers used in casinos. The mob was allegedly using the same trick to fleece victims for millions.

Hardware hacking always wins.

Hacking a casino card shuffling machine.

#HardwareHacking

www.wired.com/story/how-ha...

:0

Cache poisoning vulnerabilities found in 2 DNS resolving apps At least one CVE could weaken defenses put in place following 2008 disclosure.

If you've been in my classes, we've talked about this.

--

Cache poisoning vulnerabilities found in 2 DNS resolving apps - Ars Technica share.google/61TQ9VlXy6iJ...

FERC 2025 CIP Audit Findings: DER Impact Ratings, Vendor Oversight Gaps, and Cloud Compliance Risk — AMPYX CYBER FERC’s latest CIP audit lessons for 2025 highlight three rising compliance risks. Entities are undercounting DERs in GOP control center impact ratings, outsourcing compliance work without adequate ove...

Electric sector critical infrastructure protection audit issues in 2025.

--

FERC 2025 CIP Audit Findings: AMPYX CYBER share.google/WY1HSRXdnBcP...

@ampyxcyber.com

www.facebook.com/share/r/16bt...

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software Cisco fixes CVE-2025-20352 SNMP flaw exploited in the wild, risking remote code execution or DoS.

Repeat after me: switches are computers running software that may be vulnerable.

If you've ever been in one of my classes you already know this.

#HardwareHacking

Cisco Warns of Actively Exploited SNMP Vuln Allowing RCE or DoS in IOS Software

share.google/W7KPY69grqZ1...

Come join me at SANS Cyber Defense Initiative in Washington DC and learn about security controls for critical infrastructure.

We'll have a blast!

My UV glasses to harden my clear fingernail polish w/ UV light. The polish insulates and tacks down the small wires I soldered.

RP2040 with a 1.28" color LCD display.

No good place to grab 3.3V volts except directly on the voltage regulator output pin. :(

#HardwareHacking