Frenchie

Frenchie

@fre.bsky.social

InfoSec geek for Cloud/Clusters/Containers/Credentials/CI/CD/things-starting-with-C working on something new… Honk the planet. Twitter: @nfFrenchie

543 Followers 267 Following 50 Posts Joined Apr 2023
Posts Following
3 months ago
Preview
a man with crutches is standing in front of a door that says my foot ! ALT: a man with crutches is standing in front of a door that says my foot !
2 0 0 0
7 months ago

We are all made of stars, but your RBAC shouldn’t be

322 40 10 3
4 months ago
Video thumbnail

Day two at #Kawaiicon :D

(watch the livestream here: kawaiicon.org/livestream/)

6 1 0 0
4 months ago
Preview
a man wearing headphones is standing in front of a computer with the word live on the bottom ALT: a man wearing headphones is standing in front of a computer with the word live on the bottom
3 0 0 0
4 months ago
Preview
KawaiiconNZ - Twitch New Zealand's cute infosec con (& book publishers) ✨The weirdness returns: November 6-8, 2025

Here's the link to the #Kawaiicon livestream if anyone wants to attend remotely, starting soon: www.twitch.tv/kawaiiconnz

13 9 0 1
4 months ago

Oh wow! I’ve missed Danner megathreads!

0 0 0 0
4 months ago
Preview
milk is poured into a glass with the words milk it does a body good ALT: milk is poured into a glass with the words milk it does a body good
1 0 0 0
4 months ago
Preview
a glass of milk is on a table with a sign that says please drink some milk and lock your doors . ALT: a glass of milk is on a table with a sign that says please drink some milk and lock your doors .
2 0 0 0
5 months ago
Preview
A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.

To implement robust mitigations across Geomys, I did a survey of open source project compromises in 2024/2025.

Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.

words.filippo.io/compromise-s...

63 21 4 2
4 months ago
Preview
Trusted publishing for npm packages | npm Docs Documentation for the npm registry, website, and command-line interface

> Long-lived credential exfiltration

OpenSSF's Trusted Publishing is a partial solution here. repos.openssf.org/trusted-publ...

i.e. NPM recommends disabling long-lived credential publishing once Trusted Publishing is activated
docs.npmjs.com/trusted-publ...

0 0 0 0
5 months ago
Post image

Special 40th edition of @phrack.org at @bsidescbr.bsky.social #bsidesCBR

22 3 2 0
9 months ago

$9!! That’s an expensive visit 😝

0 0 0 0
1 year ago
Preview
a man in a suit and tie is talking to someone and saying hey . ALT: a man in a suit and tie is talking to someone and saying hey .
5 0 0 0
1 year ago
Preview
Blank Stare Sad GIF ALT: Blank Stare Sad GIF
0 0 0 0
1 year ago
Preview
a man is swimming in a pool with the words `` welcome to the party , pal '' written on it . ALT: a man is swimming in a pool with the words `` welcome to the party , pal '' written on it .
2 0 0 0
1 year ago
Preview
Ruxmon November, Fri, Nov 29, 2024, 6:00 PM | Meetup Author: Danielle Rosenfeld-Lovell Title: Unraveling GraphQL Abstract Did you know that not all APIs are RESTful? Me neither at some point in the relatively recent past! Th

For those in Melbourne, Ruxmon is on tomorrow:

www.meetup.com/ruxmon/event...

3 1 0 1
1 year ago
Preview
a drawing of a person playing drums with the words `` ba dum tsss '' . ALT: a drawing of a person playing drums with the words `` ba dum tsss '' .
1 0 0 0
1 year ago

Excuse me. How have I missed the grimace-posting?!

1 0 0 0
1 year ago

@berduck.deepfates.com

0 0 0 0
1 year ago

_
<(o )___
( ._> /
`----'

0 0 1 0
1 year ago
Post image Post image

Genuinely quite cool: github.com/threatcl/thr... + LLM to automatically generate threat models as code @xntrik.wtf

2 1 0 0
1 year ago

I know right!! Also, only 10% of the audience was permanently blinded by the lasers. Big improvement from last year!

2 0 0 0
1 year ago
Post image

A+ Dad Joke game:

“It’s only officially called Formal Threat Modelling if you’re wearing a tuxedo” - the Tao of @xntrik.wtf

1 1 0 0
1 year ago

When the vuvuzela harmonies joined in… truly sublime. Brought a tear to my eye

1 0 0 0
1 year ago

Back due to popular demand! For those that missed yesterday’s talk… bsky.app/profile/fre....

1 0 0 0
1 year ago
Xntrik on stage at CyberCon

@xntrik.wtf on stage once again for an interpretive dance/drum solo encore!

You need an updated profile pic however mate…

4 1 3 1
1 year ago

Will there be an encore to the drum solo?

0 0 1 0
1 year ago

Truly inspirational drum solo mate, thank you

bsky.app/profile/fre....

1 1 1 0
1 year ago

I’m still wrapping my head around his metaphor of:

“Extra extra small spandex bike shorts: 3 lessons this taught me about B2B sales & post-breach incident response at a large professional social media tech company”

3 0 0 0
1 year ago
Xntrik on stage

Front row seats for @xntrik.wtf’s CyberCon Keynote!

It was a pleasure to hear about his long & illustrious career.

The 17-minute avant-garde- jazz drum solo certainly was… certainly unique!

15 1 3 1