Ivan Kwiatkowski’s Tweets

Oct 13, 2021

I've been working on this for 5 years, and it's finally out! I wrote a dark fantasy book (no computers involved), and it's the hardest thing I have ever done. I'm extremely proud of the final result. (But it's in French, for now.) lechantducygne.fr/gestalt/

142

Leaked: The Altrnativ world of cybersurveillance

SEKOIA.IO

@sekoia_io

#Karkadann (#Candiru) domains, mostly typosquatting Azeri websites. #ThreatHunting ⤵️ checkhotel[.]net vergisorgula[.]com koronamiyim[.]com opinionlimit[.]org seffafxeber[.]com parkdev[.]net captivelogin[.]net olkem[.]net

Great

investigation on Alternativ, another shady private-intel IT company based in France: politico.eu/leaked-altrnat The founder has deep political connections. The situation in Europe when it comes to cybermercenaries is shameful and unacceptable.

politico.eu

Leaked: The Altrnativ world of cybersurveillance About this series: As co-founder of the French search engine Qwant, Eric Leandri was heralded as a champion of digital privacy and an example of Eur…

Dec 7

On Dec 14, we organize a webinar to study the cybersecurity aspects of the war in Ukraine: kas.pr/56gv In particular,

@craiu

@vignus

and

@VRadunovic

will discuss the nature of cyberwar. Also watch out for the upcoming paper, which I helped write!

Costin Raiu

@craiu

Dec 5

If you're into reverse engineering, this will rock your world:

Quote Tweet

I wrote an IDA plugin that queries #ChatGPT and explains decompiled functions. It's still very bleeding edge, but you can find the code here and try it out: github.com/JusticeRage/Ge (Yes, the video was performed on a very basic case for simplicity's sake.)

Show this thread

0:10

48.2K views

Dec 5

Wondering what you'll be doing when you're done replacing yourself with a Python script that sends your work to #ChatGPT? I got you covered. Did you know you can role play with it? It's exactly as amazing as it sounds.

New feature added moments ago:

@OpenAI

's #ChatGPT now automatically renames variables in the pseudocode view. (Video slightly edited to cut loading times.) Keep in mind that this is only the work of a single week-end! This thing is only getting started.

0:25

1.6K views

Follow-up: I wrote a plugin that performs this directly from IDA: twitter.com/JusticeRage/st Also, since this blew up, I might as well plug the fantasy novel I wrote (in French), because why not: lechantducygne.fr/gestalt/

Quote Tweet

Show this thread

0:10

48.2K views

This is a follow-up of the last few days' experiments: twitter.com/JusticeRage/st I'm still figuring out exactly how much we can do here. There may be a way do do a decompilation plugin too, but it will require more work to integrate with IDA. I'll post more as I discover more!

Quote Tweet

Dec 2

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

Show this thread

0:10

48.2K views

432

1,482

Fun fact about AI: you can also plug one into the other. Here's #ChatGPT feeding

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

1,073

4,827

A lot of the value I bring to any company comes in the form of entertainment, specifically through an endless stream of salty emails. AI just made me obsolete. All hail our new robot overlords.

330

Brendan Dolan-Gavitt

@moyix

Nov 30

ChatGPT exploits a buffer overflow 😳

1,319

6,362

Previous articles of the series: Part 1: kaspersky.com/blog/crypto-ac Part 2: kaspersky.com/blog/crypto-ac I'll set up a page listing all translations shortly.

Crypto, really. Part II: non-fungible tokens

In this second part of the series, we’re going to dive deep into Ethereum and its novelties: smart-contracts, DAOs and NFTs.

The final part of my 🔥🔥🔥 series on #blockchains & #cryptocurrency has finally been released. kaspersky.com/blog/crypto-ac This is the most important one in my opinion: crypto is a mess, but it would be worse if it weren't. My analysis of the embedded politics and future of crypto.

Crypto, really. Part III: cryptocurrency politics, and the future

In the final part of the series, we take a look at cryptocurrency politics, the future, and the metaverse.

I'm in no rush to leave, but if everything goes down in flames, you can also find me here: infosec.exchange/@justicerage I'll collect my thoughts on Twitter's situation and post them soon.

infosec.exchange

Ivan Kwiatkowski :ida: (@[email protected])

26 Posts, 20 Following, 176 Followers · Senior Security Researcher at Kaspersky's GReAT. Writer. Would-be musician. Maintainer of Manalyze. Trolling on a purely personal capacity.

Eric Capuano ⬡ @[email protected]

@eric_capuano

Nov 19

Incredible work by the

@googlecloud

team on developing detection signatures for nearly all major versions of Cobalt Strike… This is one of the most comprehensive CS Beacon yara collections I’ve seen yet.

cloud.google.com

Making Cobalt Strike harder for threat actors to abuse | Google Cloud Blog

A new initiative from Google Cloud and Cobalt Strike’s vendor has made it easier to find and block cracked versions of the popular red team software.

177

373

Nov 18

OH today: FTX pulled the incredible feat of causing a medical examiner to barf

Quote Tweet

jonwu.eth

@jonwu_

Nov 17

I just read FTX's Chapter 11 First Day Affidavit. In it, the appointed restructuring CEO John Jay Ray III, who oversaw Enron's bankruptcy proceedings, calls FTX's case the worst of his career. Its contents are shocking. Here are the highlights:

Show this thread

Replying to

1:54

766.4K views

598

3,362

10.2K

Nov 9

I really hope there will still be crypto exchanges left by the time we release Part III of my series of articles on cryptocurrencies.

Quote Tweet

Ledger

Prometheus of the Plebs

@ledgerstatus

Nov 8

Sam deleted these tweets?

Glenn Greenwald

@ggreenwald

Nov 7

Please watch this detailed explanation from former CIA analyst Frank Snepp about how the newspapers and magazines you were taught to regard as mainstream and reliable have always eagerly served as disinformation megaphones for the CIA and the US Security State. That's still true.

Quote Tweet

Edward Snowden

@Snowden

Nov 7

The most important video of the year was filmed in 1983.

Show this thread

4:03

5.6M views

489

9,034

23.7K

To be fair, anti-cheat usually only has a single process to protect, which its developers fully own. EDR and endpoint solutions have to defend whole systems that they have zero control over, which is a much more difficult task. We welcome constructive feedback from game hackers!

Quote Tweet

GuidedHacking

@GuidedHacking

Nov 7

bypassing anticheat is harder than bypassing EDR infosec is cucked by cheat engine users your entire industry is a joke

GitHub - oct0xor/mgs2sos: This mod lets you play MGS2: Substance with the 3rd person camera (and...

Boris Larin

@oct0xor

Nov 5

Kept you waiting, huh? Its the 20th anniversary of Metal Gear Solid 2: Substance, and as promised, here's a mod that lets you play it with the 3rd person camera from Metal Gear Solid 3: Subsistence!

github.com

This mod lets you play MGS2: Substance with the 3rd person camera (and game controls) from MGS3: Subsistence - GitHub - oct0xor/mgs2sos: This mod lets you play MGS2: Substance with the 3rd person c...

370

1,135

Medical and humanitarian IT infrastructure should be safeguarded from cyber-attacks. I think this is the lowest common denominator we need to agree on. The Red Cross proposes clearer signaling for such machines and I genuinely hope it sees adoption (including from attackers)

Quote Tweet

ICRC

@ICRC

Nov 3

Cyber operations are a reality of armed conflict and can cause real harm. We are proposing a digital emblem that would signal protection for digital infrastructure of medical facilities and identify the Red Cross/Crescent Movement in cyberspace. How would it work?

Show this thread

1:53

7.9K views

The Brofessor

@Glacius_

Nov 3

Hey :) New blog post detailing Raccoon V1 management infrastructure (victim storage location, Telegram update server, etc), MaaS infrastructure location + link to CC2BTC marketplace. Once again, feedback warmly-welcomed 😄

Quote Tweet

TEAM CYMRU - S2

@teamcymru_S2

Nov 3

BLOG POST: In this blog post we examine the upstream management infrastructure of Raccoon V1, including insight into the operators' wider business model - with connections to the #CC2BTC marketplace identified. #RaccoonStealer team-cymru.com/post/inside-th

Edward Snowden

@Snowden

Nov 2

The obsession with platforms prostrating themselves before advertisers has always been misplaced, because on any scale longer than one bad news cycle, advertisers go where the audience is. Optimize platforms for people, not brands, because people have a choice. Brands don't.

Quote Tweet

Balaji

@balajis

Nov 1

"The censorship squad understands fickle ad revenue is a weakness" A move to subscriptions partially blunts this attack. TWTR rev: ~$5B/year Proposed subscription: ~$100/year/person You need 50M/300M users to subscribe to fully *replace* ads. Too high. But 5M/300M is possible… twitter.com/micsolana/stat…

142

1,206

5,846

Glenn Greenwald

@ggreenwald

Oct 31

This is some of the most important reporting of the year, on the very close relationship of the most powerful centers of state and corporate power to control the flow of information on the internet. It should headline every show and - even though it kills them - be in NYT & WPost

Quote Tweet

Lee Fang

@lhfang

Oct 31

Docs show Facebook and Twitter closely collaborating w/ Dept of Homeland Security, FBI to police “disinfo.” Plans to expand censorship on topics like withdrawal from Afghanistan, origins of COVID, info that undermines trust in financial institutions. interc.pt/3Dq6TDB

Show this thread

151

2,338

6,804

American data spies will never care where the servers are

DHH

@dhh

Oct 28

"American companies will never be able to resist the demands of their intelligence services. It doesn't matter if their servers are in Virginia, Paris, or on the damn moon. Europe should either come to terms with that reality or raise a real privacy wall."

world.hey.com

In the two years since the European Court of Justice invalidated the Privacy Shield concept, European companies have been scrambling to pretend to comply with the ruling, without changing anything...

123

Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.

Benkøw moʞuƎq

@benkow_

Oct 24

[CSIS TechBlog] Chapter 1 — From Gozi to ISFB: The history of a mythical malware family. Let's break down what happened around ISFB the last 10 years.

medium.com

Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…

118

196

Jeff Esposito

@jeffespo

Oct 17

A few weeks back, I had the chance to sit down with

‎Transatlantic Cable Podcast: Ethics in the Time of Cyberwar on Apple Podcasts

and

@Kaspersky_Gov

to discuss ethics in the time of #cyberwar for a #podcast

podcasts.apple.com

‎Show Transatlantic Cable Podcast, Ep Ethics in the Time of Cyberwar - Oct 11, 2022

Hacking with Go: Part 2 with Ivan Kwiatkowski (Go Time #251)

Go Time

@GoTimeFM

Oct 13

💥 New episode of Go Time 💥 📌 Hacking with Go: Part 2 🤩 featuring

🎙 with

🗂 #golang #infosec 💚

We’re once again exploring hacking in Go from the eyes of security researchers. This time, Natalie & Ian are joined by Ivan Kwiatkowski (a.k.a. Justice Rage)!

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

has been investigating the targeting of #Zimbra Collaboration Suite (ZCS) instances using CVE-2022-41352 and identified approximately 1,600 ZCS servers worldwide that are likely compromised as a result of this CVE. #volexintel 1/4

If you're managing a Zimbra installation and haven't applied the latest patch yet, start looking for webshells now. Exploitation is massive. More details here:

securelist.com

We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in...

Kaspersky France

@kasperskyfrance

Oct 7

🎙️ #CyberPop - Dans ce nouvel épisode, nous recevons

, Chercheur au GReAT Kaspersky, pour parler blockchains, cryptomonnaies et NFT et voir si les promesses formulées par ces technologies ont bien été tenues. 📲 En savoir plus ▶️ kas.pr/t5oe

Volexity

@Volexity

Oct 5

A recent post by Vietnamese cybersecurity company GTSC detailed findings from a #MicrosoftExchange breach that stemmed from CVE-2022-41040 and CVE-2022-41082.

@Volexity

ties this to a CN threat actor it tracks that targets organizations using #OWA and #Zimbra. #volexintel 1/7

144

Leonid Bezvershenko

@bzvr_

Oct 4

Beware of links from popular YouTube videos, as they may contain #malware. We found such a video (64K views, 180K subscribers) that has a link to a Tor Browser installer in the description. That installer comes with a previously unknown spyware that we dubbed #OnionPoison. [1/4]

120

235

The first

Cyber Power Index paper was a bloated mistake. The methodology was illbegotten, concepts poorly defined, and results patently inaccurate. Why would they publish another one?!

"Having worked in the security industry for over 10 years now, I feel obligated to inform you that anyone who seriously considers migrating real-life technologies into a write-once environment is a stark-raving lunatic." My (hot) take on smart contracts:

Crypto, really. Part II: non-fungible tokens

In this second part of the series, we’re going to dive deep into Ethereum and its novelties: smart-contracts, DAOs and NFTs.

Sep 28

Part I is still available here: kaspersky.com/blog/crypto-ac It's now translated in many languages (including DE, FR, ES, BR-PT, etc.). Hit me up if you can't find the links!

Crypto, really. Part I: blockchains and cryptocurrencies

Everything you’ve always wanted to know about crypto on the whole, and NFTs in particular, and also why I’m not a fan of such tech, to say the least.