Weaponizing source code 🧨 vulnerabilities 🧬 publishing research 🧪 maintaining open source ordnance on GitHub 🚀 Made Docker-OSX/iOS discord.gg/mx8pPw39Yg

Joined June 2020
Now that’s swag 😂😂😂
After lot of struggles ❤️ received my reward from redbull.
1
0
0
3
Sick.Codes retweeted
🚨ONGOING: we are investigating systems infected with a malicious version of the npm package UAParser.js (7 million weekly downloads). The hijacked package delivers a malware loader and a cryptominer. IOCs below:
13
475
46
1,130
Show this thread
Sick.Codes retweeted
NEW: CISA warned today about the compromise of a major JavaScript/npm library with millions of weekly downloads -The library, called UAParser.js, was compromised with a cryptominer -Library author said their account was hijacked therecord.media/malware-foun…
12
440
66
674
Show this thread
Sick.Codes retweeted
Conti statement re: REvil and the gang's "Honestly earned money."
8
26
16
66
Low-key: - this vulnerability was closed as informative first. - we discussed the actual attack scenario, risks, and caveats. - vuln was reopened and triaged as critical
0
1
0
12
Sick.Codes retweeted
The US seizing the Tor sites of the REvil gang over the weekend has had some interesting effects on ransomware groups today Just earlier, the Conti gang published a long-winded announcement on the matter Among the highlights, they call their activity as "the art of pen-testing"
19
99
28
280
Show this thread
Sick.Codes retweeted
Hey @Stanford, can someone from your network security team contact us? Thanks.
38
31
14
346
Sick.Codes retweeted
uhhhhhh...
CURRENT ACTIVIY: On October 24, 2021, Network Time Protocol servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive. Learn more: bit.ly/30IR0s1
2
3
1
5
Incredible research via @mysk_co —>The accelerometer in your phone can act as a rudimentary listening device through sensing vibrations<— Yes. It can be used to eavesdrop verbal conversations 😳... arxiv.org/pdf/1907.05972.pdf Usual suspects: Instagram, Facebook and WhatsApp track
Ok, @instagram constantly reads the accelerometer, but only when user is in DM. Instagram joins Facebook and Whatsapp in this practice. This might be entirely harmless. But but can also breach your privacy. You can learn more in this thread 👇
4
16
1
34
If you fall asleep with Facebook open, the app could in theory detect that you are sleeping through the gyroscope/accelerometer... Very interesting stuff @mysk_co! No permissions required to detect vibrations when you’re - walking - running - cycling - swimming - making love?
2
1
0
11
Extremes... Could easily deduct routine correlation “attacks” sans location data... the phone knows. Anyone else use their phone in the shower? How many steps to the office? Taking the train? The phone knows! youtube.com/Gh2eykOHyOE Super cool stuff @mysk_co
We prepared this video to illustrate why access to the accelerometer should get a permission in iOS. Unrestricted access to accelerometer data can breach user privacy. We used Facebook as an example in the video. #Cybersecurity #Privacy #iOS youtube.com/Gh2eykOHyOE
Show this thread
0
1
0
6
Sick.Codes retweeted
I can't be sure that the notice is invalid, but if is, that means Apple can forbid anyone to use number 1703174298. I've simply posted an IP address that I've found on Google to show that someone at Foxconn made a mistake, yet they attack me for that. lumendatabase.org/notices/25…
0
5
1
18
Sick.Codes retweeted
First GitHub, now Twitter. @apple is attacking me for posting a link (actually an IP address) to the website which hosts their documentation. And the website is still publicly available (google "Atlas is a toolbox" in quotes). How messed up is that!?
13
134
18
458
http://1703174298/ If apple owns the copyright to the number one billion seven hundred three million one hundred seventy-four thousand two hundred ninety-eight, which would be the only reason to DMCA this tweet, the whole copyright system is fucked up beyond any repair.
They DMCA'd my tweet which contained just the IP address where they host the docs. Is that even legal?
1
26
1
64
Sick.Codes retweeted
Recently vx-underground replaced us. Our replacement? Alibaba (China) Technology Co. [+] samplesvxug.oss-us-east-1.al….: 47.253.30.237 [+] papersvxug.oss-us-east-1.ali….: 47.253.30.251 With regards from the USA, tcp.direct
5
11
1
40
Show this thread