Lightnews — Scholar-powered news

obilodeau @obilodeau.bsky.social · 3d

Learning about color mapping and LUT (cube files) and trying all sorts of ffmpeg tricks to make bland videos look good at 2 am..

Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...

Then you realize a phone does a lot of work for you...

1

obilodeau @obilodeau.bsky.social · 4d

I worked on a thing at work. One small cog in a huge team effort. www.newswire.com/news/flare-l...

Flare Launches Identity Exposure Management to Combat 50 Million Weekly Breached Identities and Stop Account Takeovers in Seconds

New solution enables organizations to detect, validate, and remediate leaked credentials and active sessions - before attackers strike.

www.newswire.com

obilodeau @obilodeau.bsky.social · Sep 8

Still, this is a great wake-up call! A more polyglot payload could have done a lot of damage! Desktop, browsers, CI/CD, servers, etc.

Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.

Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3

Anatomy of a Billion-Download NPM Supply-Chain Attack

A massive NPM supply chain attack has compromised foundational packages like Chalk, affecting over 1 billion weekly downloads. We dissect the crypto-stealing malware and show you how to protect your p...

jdstaerk.substack.com

obilodeau @obilodeau.bsky.social · Sep 8

Browser extensions with broad privileges that would bundle an affected dependency could be dangerous but even then there are some limitations in where the code needs to run by the browser extension context. 2/3

1

obilodeau @obilodeau.bsky.social · Sep 8

Quick analysis of today's chalk / npm supply chain story.

It requires the `window` object so it needs to be deployed and run in a browser. It means front-end projects would only be affected if the site itself was a cryptocurrency website. CLI projects unaffected. 1/3

1 1

Reposted by obilodeau

NorthSec @nsec.io · Sep 2

📸 𝗟𝗲𝘀 𝗽𝗵𝗼𝘁𝗼𝘀 𝗼𝗳𝗳𝗶𝗰𝗶𝗲𝗹𝗹𝗲𝘀 𝗱𝗲 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟱 𝘀𝗼𝗻𝘁 𝗱𝗶𝘀𝗽𝗼𝗻𝗶𝗯𝗹𝗲𝘀! • 𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟱 𝗣𝗵𝗼𝘁𝗼𝘀 𝗔𝗿𝗲 𝗢𝘂𝘁!

Revivez les meilleurs moments de NorthSec avec notre album photo officiel! ⚓️

photos.app.goo.gl/bMCHe366jdP1...

1 2 3

Reposted by obilodeau

amye @amye.org · Sep 1

My advice for people who are applying to big conference for abstracts are: imagine that your reviewer is under a deadline of less than twelve hours and they are deeply deeply angry.
Write to impress that person, but write the talk you'd be proud to give.

7 39

obilodeau @obilodeau.bsky.social · Aug 21

I don't know.. I mean I pay for the no ads streaming package. Getting ads before calls sounds terrible!

1 1

obilodeau @obilodeau.bsky.social · Aug 21

Link please?

obilodeau @obilodeau.bsky.social · Aug 14

Here is all the cool stuff I brought back from @bsideslv.org, @blackhatofficial.bsky.social and @defcon.bsky.social. Was thrilled to do the trio! Chrono order: Sponsor at BSides LV, speaking at BlackHat USA and DEFCON. I wasn't even trying to bring stuff back, it just happened! 🙏 cool people I met!

A table full of stickers and infosec schwag

1

obilodeau @obilodeau.bsky.social · Aug 13

In an era of youth unemployment because of AI (seniors have the job + cuts), I have to say that it sounds like a nice way to create tight bonds in a society.

1

obilodeau @obilodeau.bsky.social · Aug 13

From the article:
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.

That doesn't sound bad at all.

1

obilodeau @obilodeau.bsky.social · Aug 13

I see what you mean but Switzerland, Sweden and Norway have it, I believe. I'm not for it but these left-leaning countries have it. It all depends on how it's implemented.

1

obilodeau @obilodeau.bsky.social · Aug 13

I caught up on a lot of tasks tonight, but I still haven’t written my post–HackerWeek LinkedIn update or caught up on the NorthSec Slack and emails 🙃

2

obilodeau @obilodeau.bsky.social · Aug 4

Met @malwarejake.bsky.social in real life! Glad I got to talk to him about Estelle and I recent work on stealer logs with incident response use cases

1 1 17

obilodeau @obilodeau.bsky.social · Aug 4

Look at this nice hardware badge! Real filament tubes!

4

obilodeau @obilodeau.bsky.social · Aug 4

Talk to me if you see me and I'll give you something if you wear NorthSec gear, promise you will submit a talk (or sponsor) or join our Discord. I have NorthSec badges (2024, 2025), t-shirts and proudly Canadian produce.

obilodeau @obilodeau.bsky.social · Aug 4

Free give-aways all week during Hacker Summer Camp!

I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).

Come and see me. Let's chat! Cheers

Author of post showing his face with some of the loot

1 3

Reposted by obilodeau

Étienne Hourdebaigt @ehourdebaigt.net · Jul 20

🔐 This could reshape privacy engineering. Google open-sourced their zero-knowledge proof (ZKPs) age verification libraries on Jul 3 called "Longfellow" letting you prove you're 18+ without revealing birthdate, name, or any PII.

blog.google/technology/s... (1/8) 🧵

Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance

Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.

blog.google

1 1 2

Reposted by obilodeau

NorthSec @nsec.io · Jul 2

Missing the NorthSec community already? We made you a starter pack to help you quickly find us on Bluesky!

Saw someone missing from this starter pack? Let us know!

go.bsky.app/JZeo2ad

1 3 5

obilodeau @obilodeau.bsky.social · Jul 2

A dream come true: I wrote POC-level code that I thought would be a good addition to our platform, and someone rewrote it and integrated it. We are now protecting more customers automatically with it!

Now onto the next POC!

A pop-up that says: Microsoft Entra ID Exposed Credential Verification is now available!

4

obilodeau @obilodeau.bsky.social · Jun 24

Wow!

1

obilodeau @obilodeau.bsky.social · Jun 16

Another law enforcement takedown announced today. Operation Deep Sentinel targeted the Archetyp darknet forum (drug). These takedown videos keep getting better! Go watch: operation-deepsentinel.com

Operation Deep Sentinel

operation-deepsentinel.com

1

obilodeau @obilodeau.bsky.social · Jun 16

I have two student tickets to give away for BlackHat USA as part of their student scholarship program: www.blackhat.com/us-25/speake.... Let me know if you are interested.

Black Hat

www.blackhat.com

1

Reposted by obilodeau

Maker of Things @lamthemaker.bsky.social · May 25

Wanted to show a snippet of how I made the mechanical component of the #Northsec 2025 slot machine for the CTF www.youtube.com/watch?v=WCLc...

Northsec 2025 Slot Machine Mech Assembly [Preview]

Quick 60 seconds summary of the assembly process of for the lever of the slot machine

www.youtube.com

1 2