HEY EVERY VENDOR. Remember all those times I was a HUGE PITA because you wanted a non-redacted copy of my ID? Yeah, this is why.
10.10.2025 01:31 — 👍 3 🔁 0 💬 0 📌 0
Mandate more age verification, and shovel off responsibility to more and more 3rd parties
04.10.2025 14:40 — 👍 2 🔁 0 💬 1 📌 0
This, your company shouldn’t store this in email, ticketing, or ANYWHERE for any amount of time, ever.
04.10.2025 14:39 — 👍 1 🔁 0 💬 0 📌 0
Catching @mr-minion.bsky.social’s talk at GrrCon this morning!
03.10.2025 14:03 — 👍 4 🔁 0 💬 0 📌 1
A little OpenGraph POC for mapping PE header imports of all .dll and .exe files in a fresh Windows install. These are all the binaries that have some kind of import chain leading to kernel32.dll
02.10.2025 16:51 — 👍 6 🔁 3 💬 1 📌 0
Where’s this from? That looks like actual data.
01.10.2025 21:07 — 👍 0 🔁 0 💬 1 📌 0
Nobody asked for it. We did it anyway.
If you ever used Winamp during the later years, it had an awesome, awesome visualizer called Milkdrop. The Webamp people implemented a workalike called Butterchurn.
Internet Archive now supports Webamp and Butterchurn. Just click on the llama!
30.09.2025 18:13 — 👍 544 🔁 177 💬 12 📌 19
No, the settlement is $1 of store credit. 😂
29.09.2025 20:22 — 👍 0 🔁 0 💬 0 📌 0
I think something that is incredibly hard to balance is both looking up to people who you strive to compete with someday, but also recognizing how far you’ve come so far. I get a ton of motivation from the pursuit of being the best. But I’m not the best at this thing (yet?).
24.09.2025 23:42 — 👍 1 🔁 0 💬 0 📌 0
Teaching the wife Diffie-Hellman exchange tonight.
23.09.2025 00:15 — 👍 1 🔁 0 💬 0 📌 0
LA County moves to limit license plate data sharing amid ICE raids
State law prohibits local police from assisting federal immigration enforcement in California
ALPRs can still be abused given the sheer volume of data collected and the lack of transparency in who can request it. “What we actually need, if we want these laws to mean something, are robust oversight measures,” EFF’s @maassive.bsky.social told Spectrum News 1.
spectrumnews1.com/ca/southern...
19.09.2025 22:26 — 👍 96 🔁 24 💬 1 📌 2
RunDll Exporters
www.hexacorn.com/blog/2025/09...
19.09.2025 23:14 — 👍 8 🔁 2 💬 1 📌 0
Check for 9-8-25 NPM Supply Chain Compromised packages (bash)
Check for 9-8-25 NPM Supply Chain Compromised packages (bash) - check-npm-compromise.sh
I put together a script to verify that your linux/mac install didn't get a compromised npm package. This, unlike some other checks out there, looks through your prior installed packages to make sure an update didn't obscure the compromise.
gist.github.com/TechByTom/5f...
10.09.2025 22:16 — 👍 0 🔁 0 💬 0 📌 0
Sadly, I won't be there, but this looks great already.
10.09.2025 15:05 — 👍 1 🔁 0 💬 1 📌 0
Some say write-ups are too OP. I dressage. We love seeing the work.
08.09.2025 18:16 — 👍 1 🔁 0 💬 0 📌 0
Way to go!
07.09.2025 22:42 — 👍 3 🔁 1 💬 1 📌 0
I'm one of the 37 targeted below by DNI Tulsi Gabbard. I haven't had a clearance nor worked in government since 2013. This is political theater & a dangerous example of government abusing its powers to punish private citizens for openly exercising their 1st Amendment rights. My full statement:
26.08.2025 13:42 — 👍 1465 🔁 580 💬 36 📌 23
This is both funny and horrifying.
Horrifying because people are using and trusting this tool to be reliable and wrecking careers when it's wrong.
16.08.2025 13:54 — 👍 46 🔁 12 💬 4 📌 0
A medical doctor sign is displayed with a WhatsApp number. This sign is in Bali, where HIPPA obviously does not apply.
/me cries in HIPPA
16.08.2025 08:11 — 👍 1 🔁 0 💬 0 📌 0
2025 State of the Internet: Digging into Residential Proxy Infrastructure
In-depth analysis of the PolarEdge botnet (first reported on by Sekoia in early 2025) a suspected ORB targeting edge devices since mid-2023. This blog covers infrastructure patterns, profiles current ...
PHENOMENAL work by @censys.bsky.social w/special shout out to one of the best cyber researchers out there (Himaja, who is smartly not on social media).
They discovered sophisticated proxy infra designed for long-term espionage operations, & most victims probably have no idea they're compromised.
14.08.2025 17:33 — 👍 3 🔁 4 💬 0 📌 1
Unique *certificate per client
01.08.2025 15:26 — 👍 0 🔁 0 💬 1 📌 0
I definitely left that part out, but in my head the mTLS layer is at C2 channel level, not as part of the protocol it’s embedded in. mTLS with unique certain per client means we get knowledge of where and when it was delivered when the server starts to communicate.
01.08.2025 15:25 — 👍 1 🔁 0 💬 1 📌 0
Sorry for the complete and total tangent, but I’m curious. There are obvious opsec downsides to mtls, but why is it not more common in c2 tooling?
01.08.2025 05:22 — 👍 0 🔁 0 💬 1 📌 0
Last thought: while I'm on a tradecraft+capability separation kick, I intend Crystal Palace as an open-ended object/PIC stitching sandbox. Keep playing with it. Try different ideas. It's really cool. This is what organic cross-inspiration and conversation looks like. I pivot when inspired too.
21.07.2025 14:37 — 👍 1 🔁 1 💬 1 📌 0
Oh hey, the first video is now available!
Check out Steve Shelton’s keynote for #BSides312, the abstract for which had me sobbing.
17.07.2025 02:57 — 👍 2 🔁 1 💬 0 📌 1
Maximum echo please.
10.07.2025 03:02 — 👍 0 🔁 0 💬 0 📌 0
Astronomers may have just discovered the third interstellar object passing through the Solar System!
ESA’s Planetary Defenders are observing the object, provisionally known as #A11pl3Z, right now using telescopes around the world.
02.07.2025 08:23 — 👍 397 🔁 128 💬 14 📌 38
I’m proud of you all. GG.
18.06.2025 18:38 — 👍 0 🔁 0 💬 0 📌 0
Do not sleep on my blue team 💪🏻
18.06.2025 18:37 — 👍 0 🔁 0 💬 1 📌 0
Computer booper, knowledge sharer, trans queer leftist hacker. I sometimes do the cybers.
Friend of Blåhaj
💛🤍💜🖤They/Them
I die on weird hills
Also I'm cute
AreTillery on most other socials
Other links on https://tillery.fyi
Infosec princess with a penchant for secure code, mother of two, wifey ⚢. My words are my own. 🏳️🌈
https://infosec.exchange/@willasaywhat
Reverse Engineering and Malware Analysis
#ThreatIntel #InsiktGroup #RecordedFuture | OG #BlueTeamVillage #TraceLabs #L0nelyH4ckers | #DEFCON #DemoLabs Co-Lead
From Earth orbit to deep space: sharing the excitement of real-time mission operations at the European Space Agency. Home for ESA's teams working on Planetary Defence, Space Weather, Clean Space & Space Debris.
esa.int/Operations
esa.int/Space_Safety
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
[ 'cto @sensepost.com', '@orangecyberdef', 'caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'security guy', 'metalhead', 'i saw your password', 'KOOBo+KXleKAv+KXlSnjgaM=' ]
End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #HackThePlanet
https://trustedsec.com/
Father / Husband / COO at SpecterOps
K8s SIG Security Co-Chair
container escape artist
goose in the machine
fighting for the users
Minneapolis. They/them.
Stay punk 🏴
Riding around in the breeze. Security Thinker. Hacker. USAF Veteran. https://aff-wg.org
Interests: red teaming, dev, threat research, sports, lifting, malware research/RE
Red Teamer, former Threat Intel, former MDR, former Network Engineer, former Geoint/Imint
Adversary Simulation, Red Team Lead, Security Research @ LFI
Posts are my own
He/Him
#redteam #offsec #malware #cybersecurity
https://secdsm.org
I use my real name. The trick is figuring out my handles
@natesubra@infosec.exchange
The largest collection of malware source code, samples, and papers on the internet.
Password: infected
(unofficial, this is a bot! Maintained by @yjb.bsky.social, the bot can't handle retweets, video, and maybe a few other things)
CSO @ TrustedSec | Music | Tattoos | H@x | Rad Memes
