Ian Campbell π΄
Ian Campbell π΄Too many good talks scheduled at BlackHat and Iβm mad about it!
(Also, reach out if you want to grab coffee and talk shop. No sales pitches in either direction, please.)
Ian Campbell π΄Also, I sing the sad song of an east coast early-riser at a western con.
Ian Campbell π΄Too many good talks scheduled at BlackHat and Iβm mad about it!
(Also, reach out if you want to grab coffee and talk shop. No sales pitches in either direction, please.)
Ian Campbell π΄Has your perspective or personal posture changed toward LLMs and generative AI this year? Please, boost for reach.
Ian Campbell π΄Time to update RFC1149, the one about packet transmission over avian carriers
Ian Campbell π΄oh btw, if you're looking for reading material, our latest research came out Thursday afternoon:
Where Everybody Knows Your Name: Observing Malice-Complicit Nameservers
We spent a month eyeballing DDoS-Guard's nameservers, which provided a lot of insight into not just DDoS-Guard but their interoperations with folks like Cloudflare.
https://dti.domaintools.com/where-everybody-knows-your-name-observing-malice-complicit-nameservers/
Ian Campbell π΄"What radicalized you?"
When they DRM'd coffee.
Ian Campbell π΄Hello friends, I've seen the below image come up a few times elsewhere and am going to expound a little!
While the hyperlinks in the image display correctly, those aren't actually the addresses of those sites! Instead, they're the Internationalized Domain Name replacements - examples of what are called IDN Homograph Attacks.
It's incredibly hard to include all characters from all active alphabets in the mechanisms that resolve domain names - so currently that letter set is restricted, and instead uses a translation system called Punycode to move between a visual URL with the correct characters and a domain name your computer can actually resolve to a website.
So while neurovagrant[.]com is fine either way, nΣΜurovagrant[.]com isn't! The actually domain would be xn--nurovagrant-rkg322d[.]com.
Notice that xn-- ! That's what tells browsers and other software that it's an IDN domain, and to try and translate it.
Attackers use this to their benefit. So:
xn--mcrosoft-security-teams-1ec[.]com can appear in your email, on your twitter feed, in other places visually as: mΓcrosoft-security-teams[.]com
You may think you're signing in to check your retirement at vanguarΙ[.]com but it's actually sent you to xn--vanguar-4cd[.]com
A link that appears as vαΈnmo[.]com actually sends you to the website xn--vnmo-q64a[.]com
They even target kids! Take a look at xn--rblox-jua[.]com - which looks like rΓΆblox[.]com in most settings. Note the diacritical mark above the first o.
If anything looks off, there's a reason. Always view links with skepticism, don't click on things unnecessarily, and always sign into the sites you use by going to the domain name you know.
Stay frosty out there, friends.
#cybersecurity #infosec #StayFrosty
Ian Campbell π΄Some introductory information:
I'm a security operations engineer in the cybersecurity space, a lovingly hungry reader (nonfiction, speculative fiction, and horror especially), a sometimes-writer when I have the brainspace for it.
I love crows, spooky things, democracy, and coffee.
I'm at times depressed, or anxious, and diagnosed autistic so I talk about neurodivergence too.