European Parliament legislative resolution of 10 November 2022 on the proposal for a directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 (COM(2020)0823 – C9-0422/2020 – 2020/0359(COD))
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Mapping Detection Coverage - How exactly do I know if my detection will actually detect the thing I want to detect? We discuss the importance of testing telemetry coverage and using abstraction to build a representative sample set of Atomic tests to validate detection coverage.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
YouTube
DEATHCon 2022 - Mapping Detection Coverage
In this presentation, Jared Atkinson and Jonathan Johnson discuss the problem that many security professionals are facing today. How exactly do I know if my detection will actually detect the thing I want to detect? We discuss the importance of testing telemetry…
French National Strategic Review published - cyber features heavily
"In terms of hybridity, states are increasingly systematically using cyber as a weapon to defend their strategic interests or in the context of geopolitical tension. In addition to the development of offensive capabilities, sophisticated off-the-shelf, cyber-espionage weapons and tools are gradually being developed by private companies. This cyber-arms race increases the risk of escalation, the stages of which are not equally understood. Finally, cybercrime, a threat that has reached an unprecedented level of sophistication and disinhibition, constitutes a strategic challenge for our national security."
"They have diversified capabilities for deep strikes in the context of first entry, support to a coalition operation, retaliatory actions, or strategic warning. France is able to target and strike (kinetic or cyber) targets of interest."
https://preview.redd.it/jmyv6prjjoz91.png?width=1099&format=png&auto=webp&s=630129cf7be10cc78b6f795cf9c9d6741d92fbfb
Document:
http://www.sgdsn.gouv.fr/uploads/2022/11/national-strategic-review-intermediate-version-1.pdf
🗣digicat
🎖@malwr
"In terms of hybridity, states are increasingly systematically using cyber as a weapon to defend their strategic interests or in the context of geopolitical tension. In addition to the development of offensive capabilities, sophisticated off-the-shelf, cyber-espionage weapons and tools are gradually being developed by private companies. This cyber-arms race increases the risk of escalation, the stages of which are not equally understood. Finally, cybercrime, a threat that has reached an unprecedented level of sophistication and disinhibition, constitutes a strategic challenge for our national security."
"They have diversified capabilities for deep strikes in the context of first entry, support to a coalition operation, retaliatory actions, or strategic warning. France is able to target and strike (kinetic or cyber) targets of interest."
https://preview.redd.it/jmyv6prjjoz91.png?width=1099&format=png&auto=webp&s=630129cf7be10cc78b6f795cf9c9d6741d92fbfb
Document:
http://www.sgdsn.gouv.fr/uploads/2022/11/national-strategic-review-intermediate-version-1.pdf
🗣digicat
🎖@malwr
Another C# FUD implant (https://t.co/vsF1ZEKaGA) which enables Operators to send command via Gmail (Gmail-as-C2). github: https://github.com/reveng007/SharpGmailC2
🗣BabanSoumyanil
🎖@malwr
🗣BabanSoumyanil
🎖@malwr
reddit
Another C# FUD implant (https://t.co/vsF1ZEKaGA) which enables...
Posted in r/Malware by u/BabanSoumyanil • 32 points and 0 comments
Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux
🗣0xdea
If I recall correctly, the adversary strategy when meeting this kind of scheme is to continue to beat you until you're dead, even if you gave up all the secrets.
👤018118055
Maybe a stupid question, since a kernel module is needed, can't I just search for that on the target and then never trust the owner saying that only X layers of encryption are there instead of X+1? which of course can have worst results. Or is it "common sense" that the user has to modify the source and change names/parameters of the module to something else in order to hide it ?
👤ge_bil
So I can have a fake hidden volume filled with hentai and furry porn in case somebody uses the 5$ wrench technique, interesting 🤔🤣🤪
For research only, of course…
👤iamfromouttahere
🎖@malwr
🗣0xdea
If I recall correctly, the adversary strategy when meeting this kind of scheme is to continue to beat you until you're dead, even if you gave up all the secrets.
👤018118055
Maybe a stupid question, since a kernel module is needed, can't I just search for that on the target and then never trust the owner saying that only X layers of encryption are there instead of X+1? which of course can have worst results. Or is it "common sense" that the user has to modify the source and change names/parameters of the module to something else in order to hide it ?
👤ge_bil
So I can have a fake hidden volume filled with hentai and furry porn in case somebody uses the 5$ wrench technique, interesting 🤔🤣🤪
For research only, of course…
👤iamfromouttahere
🎖@malwr
Kudelski Security Research
Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux
Today we are excited to release Shufflecake, a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: w…
👍1🤣1