cicada πŸ‘ΊπŸ‘ΊπŸ‘Ί's Avatar

cicada πŸ‘ΊπŸ‘ΊπŸ‘Ί

@tengusec.tokyo

TenguSec founder and sometimes hacker in tokyo https://tengusec.tokyo

27
Followers 56
Following 21
Posts 17.11.2023
Joined
Posts Following

Latest posts by cicada πŸ‘ΊπŸ‘ΊπŸ‘Ί @tengusec.tokyo

I guess this site got popular?

28.11.2024 07:19 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

30.03.2024 17:13 πŸ‘ 687 πŸ” 275 πŸ’¬ 7 πŸ“Œ 13
Post image
07.01.2024 23:32 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

⚠️ Confirmed: Metrics show that connectivity has collapsed on leading #Ukraine internet operator Kyivstar, as the company reports that it is facing a 'powerful' cyberattack; the incident affecting fixed-line and mobile services is ongoing at the present time πŸ“‰

12.12.2023 12:35 πŸ‘ 3 πŸ” 6 πŸ’¬ 1 πŸ“Œ 0
Preview
Exploit Microsoft DHCP Servers in AD Domains to Spoof DNS Records No auth required

New blog post is up

open.substack.com/pub/tengusec...

10.12.2023 05:54 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Sneakers Computer Press Kit : Universal City Studios : Free Download, Borrow, and Streaming : Intern... Released in conjuction with the computer hacking movie Sneakers (1992), this floppy-based computer press kit contained many of the aspects of regular movie...

archive.org/details/Snea...

10.12.2023 05:10 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

I can spare 1TB for a few weeks, if it helps.

10.12.2023 04:47 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Your Google Workspace Enterprise Standard for your account burke-communications.com has been scheduled for suspension and will soon be canceled, and your data will be lost Hello, We’ve noticed that your account burke-communications.com has been using more storage than currently available to you. For this reason we placed your account in a β€œread-only” state. Learn more about what happens when you exceed storage limits. Because you have not taken the necessary steps to free up or get more storage, we will suspend your Google Workspace Enterprise Standard subscription in 7 days on December 16, 2023. If you take no action your Google Workspace Enterprise Standard subscription will be canceled. You can export all your organization's data before the subscription is canceled. You will be notified prior to your subscription being canceled. Once your subscription has been canceled, you will lose all your data and cannot recover it. Sincerely, The Google Workspace Team

Your Google Workspace Enterprise Standard for your account burke-communications.com has been scheduled for suspension and will soon be canceled, and your data will be lost Hello, We’ve noticed that your account burke-communications.com has been using more storage than currently available to you. For this reason we placed your account in a β€œread-only” state. Learn more about what happens when you exceed storage limits. Because you have not taken the necessary steps to free up or get more storage, we will suspend your Google Workspace Enterprise Standard subscription in 7 days on December 16, 2023. If you take no action your Google Workspace Enterprise Standard subscription will be canceled. You can export all your organization's data before the subscription is canceled. You will be notified prior to your subscription being canceled. Once your subscription has been canceled, you will lose all your data and cannot recover it. Sincerely, The Google Workspace Team

So I paid Google a lot of money for a long time for a plan that included unlimited storage. They then unilaterally ended that plan, but assured me my data would remain safeβ€”just in read-only mode.

Today they informed me I have seven days to move the entire archive offsite. It's 150 TB.

09.12.2023 17:26 πŸ‘ 448 πŸ” 137 πŸ’¬ 36 πŸ“Œ 32

Please, with C, sell me something!

09.12.2023 18:12 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
The New Essential Guide to Electronics in Shenzhen Everything you need to navigate the world's largest electronics market

For someone who wants to visit Shenzhen in the near future, this guide looks awesome!

www.crowdsupply.com/machinery-en...

09.12.2023 05:24 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

The Wrong Stuff xkcd.com/2865

09.12.2023 01:42 πŸ‘ 2271 πŸ” 337 πŸ’¬ 53 πŸ“Œ 24

But it's 8 am.....

06.12.2023 23:05 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
CSS Data Exfiltration Techniques For when you can inject HTML/CSS, but that pesky CSP gets in the way...

New blog about CSS Exfiltration Techniques

open.substack.com/pub/tengusec...

06.12.2023 02:40 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

γŠη–²γ‚Œζ§˜γ§γ—γŸ

δΏΊγ‚‚ι£ŸγΉγŸγ„γͺγƒΌ

ζ¬‘ε›žγ€ε°‘γ—δΈŠγ’γ¦γγ γ•γ„γ­πŸ‘Ί

04.12.2023 10:30 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Have you tried not being expelled?

01.12.2023 17:27 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Exposing the Flaws: Decoding the BLUFFS Attacks on Bluetooth's Secrecy Protocol An analysis of BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

Coming soon!

Post time: 1701486310

Exposing the Flaws: Decoding the BLUFFS Attacks on Bluetooth's Secrecy Protocol
An analysis of BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

open.substack.com/pub/tengusec...

01.12.2023 04:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Stable Channel Update for Desktop The Stable channel has been updated to 119.0.6045.199 for Mac and Linux andΒ  119.0.6045.199 /.200 for Windows ,Β  which will roll out over th...

Also: update, yo

chromereleases.googleblog.com/2023/11/stab...

01.12.2023 03:35 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Apple security releases This document lists security updates and Rapid Security Responses for Apple software.

Update, yo

support.apple.com/en-us/HT201222

01.12.2023 03:33 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
DNS Under Siege: Unraveling the National-Scale Cache Poisoning Threat An analysis of "TRAP; RESET; POISON - Taking over a country Kaminsky style," authored by Timo Longin and the SEC Consult Vulnerability Lab

DNS Under Siege: Unraveling the National-Scale Cache Poisoning Threat
An analysis of "TRAP; RESET; POISON - Taking over a country Kaminsky style," authored by Timo Longin and the SEC Consult Vulnerability Lab

open.substack.com/pub/tengusec...

01.12.2023 03:12 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Tonight is 2600 at Beemars at 7pm. See y'all there.

01.12.2023 02:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
It Sure Looks Like a Hacking Campaign Messed Up People's Spotify Wrapped Lots of people who've never heard of Lil Durk are finding out Spotify thinks he's their favorite musical artist.

lmao

www.vice.com/en/article/e...

01.12.2023 02:19 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

@ytcracker.bsky.social Hello sir, perhaps you can learn this skill from us

open.substack.com/pub/tengusec...

30.11.2023 13:53 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
A cybersecurity analyst

A cybersecurity analyst

30.11.2023 13:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
How to Exit Vim (REAL WORKING 2023) Hotel California for your CLI

Our new Substack post is up!

open.substack.com/pub/tengusec...

30.11.2023 13:49 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Python is just a snake and nothing can convince me otherwise

30.11.2023 13:41 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0