Fran Donoso
@francisck.com
I'm an infosec person who currently works as the CTO of a security services firm. Have done DevSecOps, Red Teaming, and reverse engineering. I reversed some of the tooling leaked by the Shadow Brokers and spoke about it publicly
This is one of my favorite sci-fi books and my fav Andy Weir book! I was cautiously excited when I saw they were making a movie
October 15, 2025 at 3:21 AM
This is one of my favorite sci-fi books and my fav Andy Weir book! I was cautiously excited when I saw they were making a movie
Yooooo idk what you’re talking about. That stuffed animal looks awesome!
October 5, 2025 at 9:39 PM
Yooooo idk what you’re talking about. That stuffed animal looks awesome!
I’ve been reading further and it seems like it was a third party provider who was like a business process outsourcer.
This is similar to the recent Air France and stellantis breaches but no idea if they’re related.
This is similar to the recent Air France and stellantis breaches but no idea if they’re related.
October 4, 2025 at 4:39 AM
I’ve been reading further and it seems like it was a third party provider who was like a business process outsourcer.
This is similar to the recent Air France and stellantis breaches but no idea if they’re related.
This is similar to the recent Air France and stellantis breaches but no idea if they’re related.
I think this is probably Salesforce compromised via Salesloft drift?
It aligns with the salesloft drift stuff we’ve seen. Most of the other parties were also using SalesForce for support ticketing and had salesforce auth tokens stolen from drift.
It aligns with the salesloft drift stuff we’ve seen. Most of the other parties were also using SalesForce for support ticketing and had salesforce auth tokens stolen from drift.
October 3, 2025 at 11:23 PM
I think this is probably Salesforce compromised via Salesloft drift?
It aligns with the salesloft drift stuff we’ve seen. Most of the other parties were also using SalesForce for support ticketing and had salesforce auth tokens stolen from drift.
It aligns with the salesloft drift stuff we’ve seen. Most of the other parties were also using SalesForce for support ticketing and had salesforce auth tokens stolen from drift.
I encourage cybersecurity professionals to read this report to understand the type of capabilities that can be deployed against citizens at scale by autocratic regimes.
Organizations designing products that support privacy should understand these capabilities and design to protect users from them.
Organizations designing products that support privacy should understand these capabilities and design to protect users from them.
September 14, 2025 at 6:20 PM
I encourage cybersecurity professionals to read this report to understand the type of capabilities that can be deployed against citizens at scale by autocratic regimes.
Organizations designing products that support privacy should understand these capabilities and design to protect users from them.
Organizations designing products that support privacy should understand these capabilities and design to protect users from them.
"The requirements for future development also mention adding the ability to check which users are connected to specific mobile base stations in order to support location triangulation through these stations and detect when a large number of people congregate in a particular area"
September 14, 2025 at 6:19 PM
"The requirements for future development also mention adding the ability to check which users are connected to specific mobile base stations in order to support location triangulation through these stations and detect when a large number of people congregate in a particular area"
" It uses the in-path injection capability in TSG to effectively recruit unsuspecting users' computers to participate in the attack, thereby creating a botnet"
September 14, 2025 at 6:18 PM
" It uses the in-path injection capability in TSG to effectively recruit unsuspecting users' computers to participate in the attack, thereby creating a botnet"
"however, a closer examination reveals that it is actually a platform for launching DDoS attacks against websites and other internet services deemed politically undesirable. This would appear to be Geedge's own implementation of China's Great Cannon, as described in a 2015 Citizen Lab report"
September 14, 2025 at 6:18 PM
"however, a closer examination reveals that it is actually a platform for launching DDoS attacks against websites and other internet services deemed politically undesirable. This would appear to be Geedge's own implementation of China's Great Cannon, as described in a 2015 Citizen Lab report"
"TSG's in-path injection capability system allows for sophisticated targeting of this malicious code for the specific user, facilitating on-the-fly modifications across a variety of file formats [...] complemented by Cyber Narrator [...] hijack in order to infect specific individuals."
September 14, 2025 at 6:17 PM
"TSG's in-path injection capability system allows for sophisticated targeting of this malicious code for the specific user, facilitating on-the-fly modifications across a variety of file formats [...] complemented by Cyber Narrator [...] hijack in order to infect specific individuals."
"TSG is also capable of modifying HTTP sessions in realtime through techniques such as spoofing redirect responses, altering headers, injecting scripts, replacing text, and overriding response bodies."
September 14, 2025 at 6:16 PM
"TSG is also capable of modifying HTTP sessions in realtime through techniques such as spoofing redirect responses, altering headers, injecting scripts, replacing text, and overriding response bodies."
From the report:
"Cyber Narrator is a powerful tool capable of tracking network traffic at the individual customer level and can identify the geographic location of mobile subscribers in real time [..]. The system also allows the government client to see aggregated network traffic."
"Cyber Narrator is a powerful tool capable of tracking network traffic at the individual customer level and can identify the geographic location of mobile subscribers in real time [..]. The system also allows the government client to see aggregated network traffic."
September 14, 2025 at 6:16 PM
From the report:
"Cyber Narrator is a powerful tool capable of tracking network traffic at the individual customer level and can identify the geographic location of mobile subscribers in real time [..]. The system also allows the government client to see aggregated network traffic."
"Cyber Narrator is a powerful tool capable of tracking network traffic at the individual customer level and can identify the geographic location of mobile subscribers in real time [..]. The system also allows the government client to see aggregated network traffic."
Incredible work, Yael!
September 10, 2025 at 3:21 AM
Incredible work, Yael!
Look forward to seeing you!!!
July 30, 2025 at 12:55 AM
Look forward to seeing you!!!