Продолжаем удивительное (https://xn--r1a.website/tech_b0lt_Genona/518).

Architecture
C -> ELVM -> PPASM -> PPEXE <-> PPAPI <-> PPCPU

We convert C language to PPASM, our custom assembly language for interfacing with PPCPU. To bridge these 2 languages, we utilized a personally modified version of the Esoteric Language Virtual Machine, ELVM, to produce PPASM. From here, PPEXE loads the instructions into PPCPU using PPAPI.

Next, we decode through the instructions using PPEXE, a Python executor that functions solely to make ordered calls to our PPAPI. PPAPI utilizes AutoHotKey to abstract out the human clicker required for manually executing our PPTXTM cycles.

A Powerpoint CPU
https://github.com/cchoy96/ppcc

Презентация о проекте - https://xn--r1a.website/tech_b0lt_Genona/523

Update to Security Incident [May 17, 2019]
https://stackoverflow.blog/2019/05/17/update-to-security-incident-may-17-2019/

New research: How effective is basic account hygiene at preventing hijacking
https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html

Proactive detection content: CVE-2019–0708 vs MITRE ATT&CK, Sigma, Elastic and ArcSight
https://medium.com/@ab_65156/proactive-detection-content-cve-2019-0708-vs-mitre-att-ck-sigma-elastic-and-arcsight-22f9ebae7d82

Stealing Downloads from Slack Users
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63

Трансляция PHDays 9

https://www.phdays.com/ru/broadcast/

The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour.

Millions of Instagram influencers had their private contact data scraped and exposed

https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/

Сегодня день трансляций. Сейчас проходит KubeCon Europe 2019

Ссылка на трансляцию
https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2019/livestream-access/

Расписание тут
https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2019/schedule/

Security for Elasticsearch is now free
https://www.elastic.co/blog/security-for-elasticsearch-is-now-free

Scanner PoC for CVE-2019-0708 RDP RCE vuln
https://github.com/zerosum0x0/CVE-2019-0708

Open-sourcing VictoriaMetrics
https://medium.com/@valyala/open-sourcing-victoriametrics-f31e34485c2b

Внутренние документы портала «ГосУслуги» оказались в открытом доступе
https://telegra.ph/Vnutrennie-dokumenty-portala-GosUslugi-okazalis-v-otkrytom-dostupe-05-23

Российские сим-карты запустят на чипах Samsung Отечественное шифрование нужно ФСБ для борьбы с иностранными разведками

Сим-карты с отечественным шифрованием, переход на которое может начаться уже в декабре, будут работать на импортных чипах. Разработчик уже тестирует чипы от Samsung, хотя сначала планировалось использовать отечественный аналог

https://www.rbc.ru/technology_and_media/23/05/2019/5ce53a039a79471bde8de739

Мощно

https://www.youtube.com/playlist?list=PLj6h78yzYM2PpmMAnvpvsnR4c27wJePh3

Выложили доклады
https://www.youtube.com/playlist?list=PL_6HEdnVWoffRkxWdSHq8laU1UE9mYhm7

Azure Security: Can you keep a secret?

https://mybuild.techcommunity.microsoft.com/sessions/77073

Snapchat Employees Abused Data Access to Spy on Users
https://www.vice.com/en_us/article/xwnva7/snapchat-employees-abused-data-access-spy-on-users-snaplion