Exactly four years since Russia’s full-scale invasion of Ukraine, Bellingcat’s Volunteer Community looks back at the data we have collected on civilian harm during this time - documenting attacks on cities and the near-total destruction of rural villages. www.bellingcat.com/news/2026/02...
Russia’s Matryoshka bots begin Epstein-themed disinfo campaign, focusing false claims against Ukraine and France
theins.press/en/news/289109
I rarely post here, but when I do... I just updated my Volatility autoruns plugin to be compatible with Volatility 3 (long overdue!) Here's the goodies: github.com/tomchop/vola... #dfir #forensics #cybersecurity
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
Qilin targeting a French critical infrastructure again.
It's time to change how you think about SaaS integrations.
The Salesloft attack shows how GitHub → AWS → Drift → Salesforce created an attack highway defenders never saw coming.
Jared Atkinson's analysis details the patterns we should look out for. ghst.ly/4ngDQrD
4 research institute march together hand in hand for diversity and inclusion in science © Franck Aubry
© Franck Aubry
© Franck Aubry
🌈 United for diversity in science 🌈
Researchers from Institut Pasteur joined the 2025 Pride March alongside @institutcurie.bsky.social, Les Cordeliers Research Center, @institutcochin.bsky.social @institutimagine.bsky.social
👩🔬 Because diverse labs make better science.
#DiversityInScience
North Koreans reportedly host fake Zoom meeting featuring multiple deepfake colleagues. Target’s microphone doesn’t work so the colleagues talk them through installing malicious fix. www.huntress.com/blog/inside-...
La Société Générale revient sur le TT, je crois qu'il y a des bons profils à recruter au CERT :) #JUSTSayin
French scams over SMS now requiring human interactions likely to protect from automated remediation and better identify vulnerable targets
Mapping Hidden Alliances in Russian-Affiliated Ransomware
dti.domaintools.com/mapping-hidd...
cip.gov.ua/ua/news/anal...
Ukrainian CERT published a synthesis on 3 years of war time defensive activity that is well worth reading.
New from 404 Media: Flock, the license plate reader company that has cameras all across the U.S., is now building a massive people lookup tool using hacked data. The plan is to "jump from LPR to person." Won't require a warrant. This is according to leak we obtained.
www.404media.co/license-plat...
This DTEX report on North Korea's hacking capabilities, along with Viginum's Russian info op report from last week, are probably the best reports of the year so far
You MUST read it!
PDF: reports.dtexsystems.com/DTEX-Exposin...
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-t...
Let me know should you need to test on another system.
@drazuread.com Hi, Entra Connect Sync now uses a MSA account for its service by default. Is Get-LSASecrets handling MSA accounts already or just gMSA?
AD sync itself is still performed by a MSOL_ account.
Thank you!
AADInternals 0.9.8
Microsoft Entra Connect Sync 2.4.131.0
pastebin.com/UU4u7YZR
Dear Americans, what have you done…
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
« Active Directory Hardening Series - Part 4 – Enforcing AES for Kerberos » techcommunity.microsoft.com/blog/coreinf...
« LSA SECRETS: REVISITING SECRETSDUMP » by @synacktiv.com www.synacktiv.com/lsa-secrets-...
An eye-opening blog post on ads-based tracking: « Everyone knows your location: tracking myself down through in-app ads » timsh.org/tracking-mys...
Windows Recycle Bin - The known and the unknown bebinary4n6.blogspot.com/2025/01/wind...
Achievement unlocked, my first blog with SpecterOps 🤗 This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didn’t want to leave sat on Notion. buff.ly/4j41VQU
Leaked API keys is a huge issue. GitHub detects around 7,000 tokens in public repos **every month**! www.linkedin.com/feed/update/...
Could anyone in this business explain to me how a random app can share PII with 800+ companies?
New #AADInternals version is finally out now:
▪ Moved endpoint related stuff to new module: AADInternals-Endpoints
▪ Added blue team stuff
▪ Added red team stuff
See full change log at: aadinternals.com/aadinternals...
