Insecurity Connoisseur's Avatar

Insecurity Connoisseur

@marver.bsky.social

56 Followers  |  42 Following  |  14 Posts  |  Joined: 15.10.2023  |  1.316

Latest posts by marver.bsky.social on Bluesky

FOSDEM was surprisingly good, shout out to @smaury.bsky.social , @ostifofficial.bsky.social and the others I have no handle of!

01.02.2026 18:42 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Is this thing here still alive? Logged in for the first time after some months.

13.12.2025 18:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

0-prompt RCE

11.06.2025 05:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Not only is each stack like AWS we will encounter incredibly complex on its own, we will have to move laterally between all of them. This will be an impossible task without proper automation and even non-bs AI support (see the Nemesis MCP servers I wrote about last month)..this week will be fun!

11.05.2025 14:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

We’re going to run a live exercise this week against a defensive team from a bigger zero trust platform. This involves nearly anything you can find in modern cloud tech stacks, from Octa to GitHub to AWS….It’s fun packing β€œgear”, and I mean software and tools here to run proper escalations.

11.05.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

ChatGPT was mostly irrelevant for security except for improving phishing pretexts - AI agents on the other hand are very much relevant!

20.04.2025 20:22 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI At PortSwigger, we believe AI has the power to transform penetration testing - not by replacing human testers, but by augmenting them. With the release of Burp Suite Professional 2025.2, we’re introdu

Now! portswigger.net/blog/welcome...

03.04.2025 13:08 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Two thoughts on the Signal Gate:
1. They apparently did not verify Signal contacts’ safety numbers, allowing easy MiTM
2. It’s easy to inject a number into a phone’s contact list or change it

Combine both and you got a way to subvert secure communications without having a 0day for Signal!

27.03.2025 07:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Let’s break some LLMs today!

22.03.2025 10:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - persistent-security/reverseyara: A tool to generate payloads from YARA Signatures - Reverse Yara A tool to generate payloads from YARA Signatures - Reverse Yara - persistent-security/reverseyara

"Your malware is fake!" That's correct. Here's a small tool to generate payloads out of YARA rules: github.com/persistent-s...

We use it as part of a testsuite for detection & monitoring.

21.03.2025 17:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Already leaving nullcon Goa, I’ll be back for sure! Thank you everyone for the good talks and especially our trainees for working hard on their AppSec skills.

01.03.2025 23:48 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
The Batsh*t Software Aphex Twin Used
YouTube video by Benn Jordan The Batsh*t Software Aphex Twin Used

www.youtube.com/watch?v=5wIO...

If you are interested in music production and also nerding in old school software scenes, this is an absolute speedrun of sound generation software you’ve never even heard of!

26.01.2025 10:55 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Yup

13.12.2024 15:52 β€” πŸ‘ 2485    πŸ” 496    πŸ’¬ 23    πŸ“Œ 30
Preview
Multi-modal prompt injection image attacks against GPT-4V GPT4-V is the new mode of GPT-4 that allows you to upload images as part of your conversations. It’s absolutely brilliant. It also provides a whole new set of vectors …

simonwillison.net/2023/Oct/14/...

14.12.2024 20:49 β€” πŸ‘ 28    πŸ” 8    πŸ’¬ 2    πŸ“Œ 0

100% the same for me! I wouldn’t want to work with my younger version. Fixing security vulnerabilities is much easier if you’re ignorant about justified complexities.

15.12.2024 00:53 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

A version of Missile Command for the Commodore 64 where the bottom of your screen is the game state in memory and missiles cause memory corruption: csdb.dk/release/?id=....

In the video below, a missile broke my controls and caused my cursor to get stuck moving down and to the left.

22.11.2024 22:56 β€” πŸ‘ 163    πŸ” 45    πŸ’¬ 6    πŸ“Œ 2

So this thing here is actually taking off, any tips who to follow for serious Infosec news?

23.11.2024 09:39 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

That’s straight forward outside the box thinking about lateral movement!

23.11.2024 09:37 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage

23.11.2024 08:32 β€” πŸ‘ 14    πŸ” 5    πŸ’¬ 2    πŸ“Œ 0

@marver is following 20 prominent accounts