The MattChrobok’s Podcast

Don’t forget your swords: one for men, the other for… Monsters that lurk online!
Sources:
https://zurl.co/H5yjx
#cybersecurity #witcher #Ciri #Geralt #cdprojektred #shorts

It began with internet issues and a cash register that stopped working. Then, the traffic lights stopped doing their job, a manhole overflowed and phone coverage was busted.
#blackout #energy #Portugal #Spain

🪆 APT29 — the cyber espionage group linked to Russia’s Foreign Intelligence Service — took control of Orion, a SolarWinds software. At the time, it was the largest-ever supply chain attack, a highly complex operation that led to some truly astonishing consequences. This is the second episode in this series of tales from the dark corners of cyberspace, where I explore cybercriminal groups with ties to global intelligence agencies.
Sources:
📣 It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US
https://www.theregister.com/2021/04/15/solarwinds_hack_russia_apt29_positive_technologies_sanctions/
🐤 Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
🗑️ OS Credential Dumping, MITRE ATT&CK
https://attack.mitre.org/techniques/T1003/
🕵🏻 Russian cyberspies targeted the Slovak government for months
https://therecord.media/russian-cyberspies-targeted-slovak-government-for-months
🤔 What Is Cobalt Strike and How Does It Work?
https://www.cynet.com/network-attacks/cobalt-strike-white-hat-hacker-powerhouse-in-the-wrong-hands/
🇫🇷 France warns of Nobelium cyberspies attacking French orgs
https://www.bleepingcomputer.com/news/security/france-warns-of-nobelium-cyberspies-attacking-french-orgs/
😶‍🌫️ FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
https://www.microsoft.com/en-us/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
🖲️ Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/blog/tracking-apt29-phishing-campaigns
💾 Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/
☑️ MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
https://www.microsoft.com/en-us/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/
🇵🇱 NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine
https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine
🇷🇺 CERT Polska i SKW ostrzegają przed działaniami rosyjskich szpiegów
https://cert.pl/posts/2023/04/kampania-szpiegowska-apt29/
🔎 Kampania szpiegowska wiązana z rosyjskimi służbami specjalnymi
https://www.gov.pl/web/baza-wiedzy/kampania-szpiegowska-wiazana-z-rosyjskimi-sluzbami-specjalnymi
🧑‍💻 Midnight Blizzard conducts targeted social engineering over Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
💥 APT29 Attacks Embassies Using CVE-2023-38831
https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/november/APT29 attacks Embassies using CVE-2023-38831 - report en.pdf
👍🏻 AlessandroZ / LaZagne @ GitHub - PublicCredentials recovery project
https://github.com/AlessandroZ/LaZagne
Relevant xkcd: https://xkcd.com/1573/
© All trademarks, logos and brand names are the property of their respective owners.
All company, product and service names used in this website are for identification purposes only.
Use of these names, trademarks and brands does not imply endorsement.
My socials:
Instagram @mattchrobok https://www.instagram.com/mattchrobok/
Twixxer @ChrobokMatt https://twitter.com/ChrobokMatt
Mastodon https://infosec.exchange/@mateuszchrobok
LinkedIn @mateuszchrobok https://www.linkedin.com/in/mateuszchrobok/
TikTok @mattchrobok
Facebook https://www.facebook.com/mattchrobok
Chapters:
00:00 Intro
01:09 2021 StellarParticle
05:22 2021 Diplomats
08:37 2022 Trello
13:56 2023 ADFS
17:14 2023 Difference
20:06 2023 TeamCity
21:42 What To Do And How To Live?
#APT29 #SVR #Russia #Moscow #Kremlin

The British government has demanded that Apple give them unlimited access to iCloud user data stored in the cloud. With a backdoor.
Sources:
https://zurl.co/sJxYH
https://zurl.co/nOfhT
#Apple #UK #iCloud #privacy

👂 Can an employer snoop on their employees' network traffic and how? Does encryption protect against such voyeurism? Is it even legal?
I will do my best to answer these questions. Let’s go!
Sources:
❓What is a router?
https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-router/
🛜 My home network: Ubiquiti UniFi gear, fiber gigabit Internet, CAT6 and CAT3 wiring
https://jeffwilcox.blog/2018/04/seattle-network/
🔐 Data Loss Prevention (DLP)
https://www.imperva.com/learn/data-security/data-loss-prevention-dlp/
🇬🇧 The UK's data protection legislation
https://www.gov.uk/data-protection
📟 Electronic Communications Privacy Act of 1986 (ECPA)
https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285#0-0
💉BSNL is injecting code on to your browsers, and here's what it does. #SaveTheInternet
https://internetfreedom.in/taking-a-closer-look-at-bsnls-code-injections-savetheinternet-2/
🤔 What is Deep Packet Inspection? How it Works and Why It Is Important
https://www.endpointprotector.com/blog/what-is-deep-packet-inspection-how-it-works-and-why-it-is-important/
🔍 Deep inspection
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/122078/deep-inspection
🇪🇬 Egypt launches deep-packet inspection system
https://www.theverge.com/2014/9/17/6350191/egypt-launches-deep-packet-inspection-with-help-from-an-american
📩 Regex validation of email addresses according to RFC5321/RFC5322
https://stackoverflow.com/questions/13992403/regex-validation-of-email-addresses-according-to-rfc5321-rfc5322
📑 unknown scripts are running and redirecting on click to unknown websties
https://stackoverflow.com/questions/51064933/unknown-scripts-are-running-and-redirecting-on-click-to-unknown-websties
🖥️ Technical Tip: Blocking and monitoring Tor traffic
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Blocking-and-monitoring-Tor-traffic/ta-p/196239
📊 Analyzing Tor traffic through Deep Packet Inspection?
https://security.stackexchange.com/questions/237082/analyzing-tor-traffic-through-deep-packet-inspection
Relevant xkcd: https://xkcd.com/208/
© All trademarks, logos and brand names are the property of their respective owners.
All company, product and service names used in this website are for identification purposes only.
Use of these names, trademarks and brands does not imply endorsement.
My socials:
Instagram @mattchrobok https://www.instagram.com/mattchrobok/
Twixxer @ChrobokMatt https://twitter.com/ChrobokMatt
Mastodon https://infosec.exchange/@mateuszchrobok
LinkedIn @mateuszchrobok https://www.linkedin.com/in/mateuszchrobok/
TikTok @mattchrobok
Facebook https://www.facebook.com/mattchrobok
Chapters:
00:00 Intro
00:21 The Rrrole of Rrrrouters
02:19 Insides
04:01 Work
06:56 Leak
08:35 Lawfulness
12:20 More?
15:02 What To Do And How To Live?
#data #leak #Surveillance #networking #work

It is worth shedding light on those who want to remain in the shadows at all costs.
Sources:
https://zurl.co/WjBcH
https://zurl.co/sUDXl
#Variston #spyware #UAE #Heliconia

North Korea-aligned DeceptiveDevelopment targets freelance developers.
Sources:
https://zurl.co/d8EZ7
https://zurl.co/fbPlO
#IT #work #recruitment #LinkedIn

🎺  How did the Serbians utilize Israeli software – paid for by the Norwegians via the UN – to spy on Serbian journalists and activists?
Because the Balkans are burning once again. And even though we might be used to that, this time something truly inexplicable happened. Not to be outdone by us, the Serbians got a Pegasus of their own. And „their own” is a key aspect of this whole story.
Sources:
👂 Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists
https://securitylab.amnesty.org/latest/2024/12/serbia-a-digital-prison-spyware-and-cellebrite-used-on-journalists-and-activists/
👀 Accelerate justice with Cellebrite.
https://cellebrite.com/en/home/
📲 Mobile Verification Toolkit
https://docs.mvt.re/en/latest/
🔐 BFU and AFU Lock States
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-states/
🗄️ iPhones stored for forensic analysis unexpectedly reboot, causing problems for police
https://appleinsider.com/articles/24/11/07/iphones-stored-for-forensic-analysis-unexpectedly-reboot-causing-problems-for-officials
🐊 KROKODILL. Engaging Words
https://www.krokodil.rs/eng/
🪤 Serbia: Civil society threatened by spyware
https://securitylab.amnesty.org/latest/2023/11/serbia-civil-society-threatened-by-spyware/
👤 Spyware Targeting Against Serbian Civil Society
https://citizenlab.ca/2023/11/serbia-civil-society-spyware/
❗️Spyware in Serbia: civil society under attack
https://www.accessnow.org/spyware-attack-in-serbia/
🚨 SPYWARE ATTACK ATTEMPTS ON MOBILE DEVICES OF MEMBERS OF CIVIL SOCIETY DISCOVERED
https://www.sharefoundation.info/en/spyware-attack-attempts-on-mobile-devices-of-members-of-civil-society-discovered/
📑 Global/India: Apple notifications highlight the unabated threat of unlawful targeted surveillance
https://www.amnesty.org/en/latest/news/2023/10/global-india-apple-notifications-highlight-the-unabated-threat-of-unlawful-targeted-surveillance/
🇷🇸 Treasury Sanctions Official Linked to Corruption in Serbia
https://home.treasury.gov/news/press-releases/jy1606
📣 BIA announcement 16.12.2024https://www.bia.gov.rs/mediji/saopstenja-za-javnost/saopstenje-bia-16-12-2024-godine/
🧾 Cellebrite Statement About Amnesty International Report
https://cellebrite.com/en/cellebrite-statement-about-amnesty-international-report/
Relevant xkcd: https://www.xkcd.com/850/
© All trademarks, logos and brand names are the property of their respective owners.
All company, product and service names used in this website are for identification purposes only.
Use of these names, trademarks and brands does not imply endorsement.
My socials:
Instagram @mattchrobok https://www.instagram.com/mattchrobok/
Twixxer @ChrobokMatt https://twitter.com/ChrobokMatt
Mastodon https://infosec.exchange/@mateuszchrobok
LinkedIn @mateuszchrobok https://www.linkedin.com/in/mateuszchrobok/
TikTok @mattchrobok
Facebook https://www.facebook.com/mattchrobok
Chapters:
00:00 Intro
00:51 Arrest
02:14 Cellebreite
04:33 AFU vs BFU
08:48 Novispy
12:38 Attribution
15:24 Srbija
18:30 The Reaction
20:45 What To Do And How To Live?
#Pegasus #Serbia #Surveillance #politics #NoviSpy

Hegseth orders Cyber Command to stand down on Russia planning.
Sources:
https://zurl.co/fvXHr
https://zurl.co/aQ4Sx
#america #CISA #Trump #russia

Several serious vulnerabilities have been discovered in Paragon Partition Manager.
Sources:
https://zurl.co/zxP0Q
https://zurl.co/PjN0L
#Paragon #Windows #software #driver