Lukas Forst

Welcome Recon Wave as an organizing partner of the Honeynet Project Workshop 2025 in Prague! Recon Wave is a powerful attack surface monitoring platform that requires no installation or internal access.

📅 June 2–4, 2025
📍 NTK, Prague
🔗 prague2025.honeynet.org

#Honeynet2025

Speaking on @bsidesprg.bsky.social with @rozumbrada.bsky.social today!

docs: WARNING do not pass untrusted data to this function!!!

devs: hm yeah my users are pretty trustworthy I think

Learn, Hack, Defend: Transforming Cybersecurity Education with MOOC | Artificial Intelligence Center | CTU Prague Our first-ever cybersecurity online course attracted over 1,500 students from 84 countries, proving that high-quality, hands-on security education can be accessible to all.

We officially closed the first edition of our Introduction to Security class as a Massive Open Online Course! After an incredible semester, the results are in, and we couldn’t be more thrilled! Read more 👇👇👇👇
www.aic.fel.cvut.cz/news/cyberse...

As we're wrapping up our Cyber Security course at fel.cvut.cz we're sorting through the feedback and there's so much love coming from our students!

Looking forward to the next year!

My latest work has been published:

"CTU Hornet 65 Niner: A network dataset of geographically distributed low-interaction honeypots"

The dataset has a unique value for studying the nature of Internet attacks over time and their changes and characteristics.

www.sciencedirect.com/science/arti...

Why Your Business Needs External Attack Surface Management EASM secures businesses by identifying vulnerabilities, protecting data, and offering real-time threat monitoring for online operations.

Why Your Business Needs External Attack Surface Management

Quiz time: can you think of a single legit reason to put RSA private keys to DNS TXT records? Sounds like a nonsense but people really do that

We did a small research on this topic some time ago

Stratosphere News #2 Words from the editor: Hello everyone! It has been yet another crazy month in our research laboratory! Attackers never stop, and this month that meant for us to urgently 'get more storage!' We hope yo...

What has Stratosphere been up to? You can find out in the second edition of our newsletter! Grab a cup of your favorite warm beverage and enjoy the read!🧉

www.linkedin.com/pulse/strato...

Avocados should come with little pop-up timers to signal before they become overripe.

a bit of shameless self-plug, but we run some nice recon tools like search.reconwave.com that you might like

a man wearing glasses and a plaid shirt is sitting in front of a computer and saying " help me " . ALT: a man wearing glasses and a plaid shirt is sitting in front of a computer and saying " help me " .

I actually enjoy being IT department. It's fun!

But it took quite a while to figure out things that I needed. Now it's mostly just copy paste.

Hehe, it really helps when you're getting bombarded with things all the time. I know use it mainly to figure out if this needs my attention or not.

it's awesome! it just highlights how inclusive they want to be

Hello World 🦋!

hello @reconwave.com!

I think it's because it is still small social network. And it's full of open minded enthusiasts.

Honestly, it feel so refreshing here.

Having Wordpress in your attack surface is problem by definition...

Best is to sandbox it as much as possible!

Out of curiosity, how do you keep track of what is exposed to the internet and what is not?

> complexity breeds vulnerability

I'd sign that.

Companies have crazy big attack surfaces these days... And more often than not, they don't even know what they expose.

more importantly, there will be so many bots as well...

it's beautiful when it's smaller!

Wow, this is awesome!

There're so many different and cool usecases for TXT records!

Totally random question - what is your opinion on TW? I started recently using it but I'm not 100% convinced.

I like that it really makes me more productive. But reading the code after that... that's pretty annoying at least.

I have a dream where I buy dumb TV and just plug my Raspberry for the "smart" component.

Sadly, this is not really possible anymore.

... and if it is not, it's BGP

When not DNS, it's BGP!

6/8 ☄️ So imagine this - all private and sensitive user data, including DMs stored on servers being moved by homeless people without any IDs and locked on truck with basic locks from Home Depot tracked by AirTags.

EU would've had mental breakdown.

5/8 🚛 Musk, his team and few homeless guys loaded servers onto trucks without protective crates, using basic straps bought from Home Depot. Guys moving the servers were paid $1 / server

At one point, they even used Apple AirTags to “track” the servers - the DIY chaos.

4/8 🔪 Declaring, “These things do not look that hard to move,” Musk attempted to open floor panels with a pocket knife and crawled under the server floor to disconnect the equipment.

Yup, he literally cut power from servers with "fuck it, I'll do it myself".