Dominic White
@singe.bsky.social
Reposted by Dominic White
I'm not 💯 on what the CVE was issued for in the end. The ActiveX bypass is still present (along with ProtectedView bypass), the fix was to disable the functionality in Outlook. It is why APT34 and APT33 were able to continue using it by re-enabling the functionality: cloud.google.com/blog/topics/...
Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) | Mandiant | Google Cloud Blog
cloud.google.com
December 27, 2025 at 7:41 AM
I'm not 💯 on what the CVE was issued for in the end. The ActiveX bypass is still present (along with ProtectedView bypass), the fix was to disable the functionality in Outlook. It is why APT34 and APT33 were able to continue using it by re-enabling the functionality: cloud.google.com/blog/topics/...
Whose account is @z00z00.bsky.social!
December 24, 2025 at 3:51 PM
Whose account is @z00z00.bsky.social!
Small correction s/became/are attempting to become/
December 24, 2025 at 2:15 PM
Small correction s/became/are attempting to become/
Ah nice. Thank you! We never seriously tracked these. It’s proved spotty.
December 24, 2025 at 12:40 PM
Ah nice. Thank you! We never seriously tracked these. It’s proved spotty.
Props especially go to Wilfred Pascault for the effort!
December 24, 2025 at 12:02 PM
Props especially go to Wilfred Pascault for the effort!
It’s funny, when I leave ZA I assume everywhere else is super chill. So I end up doing stuff that has (foreign to me) locals ask me wtf I was thinking, which always takes me by surprise because that’s not how we roll back home.
December 23, 2025 at 3:48 PM
It’s funny, when I leave ZA I assume everywhere else is super chill. So I end up doing stuff that has (foreign to me) locals ask me wtf I was thinking, which always takes me by surprise because that’s not how we roll back home.
That’s a great T-shirt!
December 20, 2025 at 11:49 AM
That’s a great T-shirt!
Haha. Amazing. Thanks Trent.
December 15, 2025 at 5:02 AM
Haha. Amazing. Thanks Trent.
It’s hard, limited transparency tools show me they don’t know much. It helps when I don’t show up in datasets that leak. So it’s mostly understanding how adtech associates stuff together and keeping those segmented/randomised. I take it pretty far, most users would balk.
December 10, 2025 at 2:39 PM
It’s hard, limited transparency tools show me they don’t know much. It helps when I don’t show up in datasets that leak. So it’s mostly understanding how adtech associates stuff together and keeping those segmented/randomised. I take it pretty far, most users would balk.
I’ve spent three decades making that very difficult for them. It’s hard to undo all of that on trust.
December 10, 2025 at 2:28 PM
I’ve spent three decades making that very difficult for them. It’s hard to undo all of that on trust.