Gabi
@hookgab.bsky.social
Security Researcher and Threat Hunter
Malware, gaming and everything in-between.
⚠️ My tweets are my own ⚠️
Malware, gaming and everything in-between.
⚠️ My tweets are my own ⚠️
Pinned
Gabi
@hookgab.bsky.social
· Dec 3
Long time no post, but this time I made a #bluetooth jammer for your #flipperzero. You just need an nRF24 connected to it.
Source code here 👇👇👇👇👇👇
github.com/huuck/Flippe...
Source code here 👇👇👇👇👇👇
github.com/huuck/Flippe...
Reposted by Gabi
Ukrainian accounts complained about this last Oct. They had accounts banned hours after countering Russian/MAGA lies.
In the meantime, Kremlin accounts posting death threats against Ukrainian, including pictures of kids, are still live.
Something definitely happened to Twitter at the end of 2024
In the meantime, Kremlin accounts posting death threats against Ukrainian, including pictures of kids, are still live.
Something definitely happened to Twitter at the end of 2024
I really appreciate news stories that take a phenomenon we all generally implicitly understand or assume but don't have any hard data or evidence for, then meticulously prove it. Well done @stuartathompson.bsky.social.
They Criticized Musk on X. Then Their Reach Collapsed.
Three users who disagreed with the site’s owner saw views for their posts plummet.
www.nytimes.com
April 23, 2025 at 1:32 PM
Ukrainian accounts complained about this last Oct. They had accounts banned hours after countering Russian/MAGA lies.
In the meantime, Kremlin accounts posting death threats against Ukrainian, including pictures of kids, are still live.
Something definitely happened to Twitter at the end of 2024
In the meantime, Kremlin accounts posting death threats against Ukrainian, including pictures of kids, are still live.
Something definitely happened to Twitter at the end of 2024
Reposted by Gabi
"hysterical laughter*
Because it didn't up to this point? Are you fucking shitting me? Chuck the spyware in the bin.
Because it didn't up to this point? Are you fucking shitting me? Chuck the spyware in the bin.
March 15, 2025 at 11:04 AM
"hysterical laughter*
Because it didn't up to this point? Are you fucking shitting me? Chuck the spyware in the bin.
Because it didn't up to this point? Are you fucking shitting me? Chuck the spyware in the bin.
Reposted by Gabi
An unidentified individual has leaked the internal chats of the BlackBasta ransomware group
x.com/PRODAFT/stat...
x.com/PRODAFT/stat...
February 20, 2025 at 4:11 PM
An unidentified individual has leaked the internal chats of the BlackBasta ransomware group
x.com/PRODAFT/stat...
x.com/PRODAFT/stat...
Oh my god how did the hackers get into my account? WHY would they get into my account? Find out more in my latest blog about what the bad guys were doing while everyone else was busy watching the SuperBowl!
www.linkedin.com/pulse/examin...
www.linkedin.com/pulse/examin...
Examining Threat Activity During the Super Bowl
The Super Bowl signals more than just the end of the American football season—it also marks the tail end of a high-risk period for account takeovers (ATO) and sports-related fraud. Year after year, at...
www.linkedin.com
February 21, 2025 at 7:19 AM
Oh my god how did the hackers get into my account? WHY would they get into my account? Find out more in my latest blog about what the bad guys were doing while everyone else was busy watching the SuperBowl!
www.linkedin.com/pulse/examin...
www.linkedin.com/pulse/examin...
Unfortunately fake, I guess Eva's training does not cover basic RE as well :/
Eva Prokofiev via Twitter today:
The Chinese are at it again..(aliexpress) its an rj45 adapter, but with SPI flash memory chip acting as storage with .exe recognized as malware for windows, and of course sold over 10k times...
The Chinese are at it again..(aliexpress) its an rj45 adapter, but with SPI flash memory chip acting as storage with .exe recognized as malware for windows, and of course sold over 10k times...
January 14, 2025 at 2:19 PM
Unfortunately fake, I guess Eva's training does not cover basic RE as well :/
Got my account locked on Shitter for saying that the only good nazi is a dead nazi :(
December 10, 2024 at 10:53 AM
Got my account locked on Shitter for saying that the only good nazi is a dead nazi :(
Long time no post, but this time I made a #bluetooth jammer for your #flipperzero. You just need an nRF24 connected to it.
Source code here 👇👇👇👇👇👇
github.com/huuck/Flippe...
Source code here 👇👇👇👇👇👇
github.com/huuck/Flippe...
December 3, 2024 at 10:11 PM
Long time no post, but this time I made a #bluetooth jammer for your #flipperzero. You just need an nRF24 connected to it.
Source code here 👇👇👇👇👇👇
github.com/huuck/Flippe...
Source code here 👇👇👇👇👇👇
github.com/huuck/Flippe...
Reposted by Gabi
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
Reposted by Gabi
This is me reminding you that taking a second to leave a quick 👍 on your favorite indie games on Steam is HUGE if you want to support independent games.
Steam promotes games based on their ratio of 👍 to 👎, so good reviews sell games.
The review buttons is on each game's Library page in Steam.
Steam promotes games based on their ratio of 👍 to 👎, so good reviews sell games.
The review buttons is on each game's Library page in Steam.
November 2, 2023 at 8:17 PM
This is me reminding you that taking a second to leave a quick 👍 on your favorite indie games on Steam is HUGE if you want to support independent games.
Steam promotes games based on their ratio of 👍 to 👎, so good reviews sell games.
The review buttons is on each game's Library page in Steam.
Steam promotes games based on their ratio of 👍 to 👎, so good reviews sell games.
The review buttons is on each game's Library page in Steam.
Reposted by Gabi
Advice to juniors or those looking to get into #cybersecurity:
Learn to code
Software is at every level of the stack. Strong software engineering skills will serve you well throughout your career. I would rather teach a strong software engineer security over teaching a traditional security person …
Learn to code
Software is at every level of the stack. Strong software engineering skills will serve you well throughout your career. I would rather teach a strong software engineer security over teaching a traditional security person …
November 5, 2023 at 9:53 PM
Advice to juniors or those looking to get into #cybersecurity:
Learn to code
Software is at every level of the stack. Strong software engineering skills will serve you well throughout your career. I would rather teach a strong software engineer security over teaching a traditional security person …
Learn to code
Software is at every level of the stack. Strong software engineering skills will serve you well throughout your career. I would rather teach a strong software engineer security over teaching a traditional security person …
Reposted by Gabi
Please - put your papers in - www.first.org/events/collo...
And ping me with any questions!
And ping me with any questions!
Amsterdam 2024 FIRST Technical Colloquium
www.first.org
November 6, 2023 at 12:42 PM
Please - put your papers in - www.first.org/events/collo...
And ping me with any questions!
And ping me with any questions!