AndrewMohawk's Avatar

AndrewMohawk

@andrewmohawk.bsky.social

Just another noob.

190 Followers  |  173 Following  |  73 Posts  |  Joined: 18.05.2023  |  2.1955

Latest posts by andrewmohawk.bsky.social on Bluesky

Preview
AndrewMohawk⁽ⁿᵘˡˡ⁾ on X: "Lot of chatter about the QIX NPM compromise. TL;DR -- Dev was compromised ~9am ET ( https://t.co/bgOwN57xyz ) -- Malicious packages removed at ~11.30 ET ( https://t.co/XApcXgcQoK ) If you installed in this time please check your codebase." / X Lot of chatter about the QIX NPM compromise. TL;DR -- Dev was compromised ~9am ET ( https://t.co/bgOwN57xyz ) -- Malicious packages removed at ~11.30 ET ( https://t.co/XApcXgcQoK ) If you installed in this time please check your codebase.

Since i'm still on the hellsite, here is my thread on the NPM dependency issues: x.com/AndrewMohawk...

But TL;DR there is so much FUD

This would only impact you if
-FRESH install between 9am-11.30am ET
-OR Package-lock.json created in that time
-Vuln packages in direct or transient dependencies

08.09.2025 23:58 — 👍 1    🔁 1    💬 0    📌 0
Post image

Feels so good to interact with the infosec community as a whole, I cant imagine why we have bad reputation as not being welcoming!

24.07.2025 14:01 — 👍 1    🔁 0    💬 0    📌 0
Post image

expel.com/blog/poisons... pretty interesting using cross device sign in ( www.passkeycentral.org/design-guide... ) to bypass fido2 hurdle, effectively turning the hardware token into QR code and asking the user to scan it

20.07.2025 17:21 — 👍 1    🔁 0    💬 0    📌 0
Post image

I made a submission!

24.06.2025 00:33 — 👍 3    🔁 0    💬 0    📌 0
A blonde tattooed person tattooing the forearm of a woman

A blonde tattooed person tattooing the forearm of a woman

My firstborn is trans 🏳️‍⚧️ nonbinary ⚧️ and a tattoo artist that now lives in California. They’re in Seattle for their brother’s graduation this week and brought their gear to give me a tattoo. There is a my other two tattoos are decorative but there is a meaningful story behind what I had them do. 1/

19.06.2025 02:27 — 👍 26    🔁 1    💬 1    📌 0
Video thumbnail

here's a framebuffer graphics demo (this has no practical purpose and I can't prove I'm not just like, playing a youtube video or something)

05.06.2025 16:26 — 👍 1287    🔁 270    💬 32    📌 62
Post image

Finally one of the models is useful to me. I give you my stance on WebAuthN. cc @Yubico

(Everyone at orgs I work at has a 5C + 5C NFC for phone and your org should as well)

03.06.2025 20:39 — 👍 0    🔁 0    💬 0    📌 0
Post image Post image

Whats the worst that could happen?

27.05.2025 23:33 — 👍 0    🔁 0    💬 0    📌 0

Its finders keepers for one of these f-18s right?

11.05.2025 23:30 — 👍 402    🔁 19    💬 29    📌 0

@kurtopsahl.bsky.social just said "The journey to stronger opsec begins with reducing the number of steps" and I fucking love it.

12.05.2025 15:59 — 👍 2    🔁 1    💬 0    📌 0

She thinks the Library of Congress is like a local public library because it's got "Library" in the name and I can't emphasize enough that our country is being run by the stupidest people alive on the planet today.

10.05.2025 19:57 — 👍 1090    🔁 233    💬 17    📌 4
Post image

Friends, criminals, scoundrels, you rang?

23.04.2025 12:11 — 👍 2    🔁 0    💬 0    📌 0
One Hole per beverage A coke machine at a fast food place from befor the 2010s is shown next to a big green check mark Unholy drink cloaca A coke machine with a single dispenser and an screen for choice is shown

One Hole per beverage A coke machine at a fast food place from befor the 2010s is shown next to a big green check mark Unholy drink cloaca A coke machine with a single dispenser and an screen for choice is shown

11.04.2025 21:01 — 👍 7375    🔁 1581    💬 116    📌 140
Post image Post image

You wont know when I am absolutely destroying my docker swarm, but there will be signs.

07.04.2025 04:26 — 👍 0    🔁 0    💬 0    📌 0
Post image

I got Manus access and errr.. its struggling with a docker project, but the filenames are hilarious! Manus.. its just like us!

03.04.2025 03:33 — 👍 0    🔁 0    💬 0    📌 0
Post image

The life of crime is calling me!

03.04.2025 01:19 — 👍 3    🔁 0    💬 0    📌 0
Video thumbnail
25.03.2025 12:35 — 👍 1    🔁 0    💬 1    📌 0
Post image 25.03.2025 12:25 — 👍 0    🔁 0    💬 0    📌 0
Post image Post image Post image Post image 25.03.2025 12:25 — 👍 0    🔁 0    💬 1    📌 0
Post image Post image Post image Post image

Collection of stolen memes because this is incredible

25.03.2025 12:25 — 👍 0    🔁 0    💬 1    📌 0
Preview
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication Five critical flaws in Ingress NGINX Controller expose 6,500+ clusters; update now to prevent unauthorized remote code execution.

Another day, another 9.x critical vuln that bypasses authentication/authorization flow :(

thehackernews.com/2025/03/crit...

But dont worry it's just the kubes ingress-nginx and not the nginx ingress controller often used for kubes. Stay safe out there 🙃

24.03.2025 19:52 — 👍 0    🔁 0    💬 0    📌 0

Meme stolen from @yaelwrites.com

24.03.2025 18:56 — 👍 8    🔁 1    💬 1    📌 0
Preview
The Trump Administration Accidentally Texted Me Its War Plans U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.

In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...

24.03.2025 16:11 — 👍 16723    🔁 6540    💬 791    📌 2617

And some skinnnnn

24.03.2025 09:38 — 👍 0    🔁 0    💬 0    📌 0
Post image

Just needs this and then microcontroller and camera, I'm using a pretty wide camera cause it's just what I had lying around

24.03.2025 09:37 — 👍 0    🔁 0    💬 0    📌 0
Post image Post image

Even has a web interface to see what the fsck its up to

24.03.2025 05:15 — 👍 0    🔁 0    💬 0    📌 0
Video thumbnail

Found a cool animatronic eye 3D print and spent the weekend making it follow me around

24.03.2025 05:11 — 👍 4    🔁 1    💬 3    📌 0
Preview
Common vulnerabilities and Exposures (CVE)

I really hate that this is the release details we get for a *9.1 critical vuln* in a common js stack: www.cve.org/CVERecord?id...

I will be blocking all requests with the header `x-middleware-subrequest` rather than risk deploying a > 5pm release for something without any real details.

21.03.2025 21:31 — 👍 1    🔁 0    💬 0    📌 0
Preview
Tornado Cash Delisting WASHINGTON — Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technolo...

Tornado cash is back.

home.treasury.gov/news/press-r...

21.03.2025 18:47 — 👍 0    🔁 0    💬 0    📌 0
Post image

Vibe coding my own rust ui for the rayhunter ( github.com/EFForg/rayhu... )

21.03.2025 07:07 — 👍 2    🔁 1    💬 1    📌 0

@andrewmohawk is following 19 prominent accounts