Alex Pinto

Botei no wishlist. Nada como um bom retrô survival horror.

i'm inventing a new kind of roguelike where instead of poker, slot machines or coin flipping you play as a little guy with a sword

THE MEME IS REAL

From Microsoft's Crisis to Medical Device Revolution: The Evolution of Threat Modeling The year 2002 marked a turning point in cybersecurity history, though few realized it at the time. Microsoft was hemorrhaging customers due to security vulnerabilities, worms were spreading unchecked, and patching costs were mounting. In the midst of this crisis, Bill Gates penned his famous memo on "trustworthy computing," setting the stage for a fundamental transformation in how we approach software security.At the center of this transformation was Adam Shostack, a critic-turned-insider who wo

I did a long, in depth podcast with Shannon Lantzy, you can listen at https://www.shannonlantzy.com/post/from-microsoft-s-crisis-to-medical-device-revolution-the-evolution-of-threat-modeling

Enjoy! It’s a delightful game. The language is fully translatable as well, but that was beyond my reach when I played it.

Oh, man! Really want to hear your thoughts on this one!

Most impactful project I’ve ever been involved with for sure.

The Sony Hack Attribution Generator was a close second.

Am I the jerk? Redditors say yes — but ChatGPT and other bots say no. ChatGPT and other AI bots tell posters from Reddit's "AITA" board that, actually, they're not the jerks.

Putting the whole “chat bots are bad for your psyche” thing aside, this is brilliant experiment design.

www.businessinsider.com/reddit-aita-...

Missed you, man.

As a Brazilian-American, my feelings about 9/11 are now very conflicted.

This one did make the DBIR Breach Hall Of Fame 2019. First and only breach where the threat actor was outside planet Earth.

github.com/vz-risk/VCDB...

YouTube video by Cyber Threat Alliance CTA Webinar What Gets Measured, Gets Done A National Dashboard for Cybersecurity

Now available on-demand.
What Gets Measured, Gets Done: A National Dashboard for Cybersecurity
www.youtube.com/watch?v=yBeV...
with lumanaries in the cyber measurement field.
#cybersecurity #cybermetrics #threatintelligence

If AI models were able to do all the things people claim they do, the foundational model companies would be raking in Trillions from the additional output and they would keep the AI itself under lock and key.

It’s like buying a “how to get rich” course off the internet.

I love the methodology. The author makes a lot of sense here.

Yes, please.

2025 State of the Internet: Digging into Residential Proxy Infrastructure In-depth analysis of the PolarEdge botnet (first reported on by Sekoia in early 2025) a suspected ORB targeting edge devices since mid-2023. This blog covers infrastructure patterns, profiles current ...

PHENOMENAL work by @censys.bsky.social w/special shout out to one of the best cyber researchers out there (Himaja, who is smartly not on social media).

They discovered sophisticated proxy infra designed for long-term espionage operations, & most victims probably have no idea they're compromised.

What a sweetie! Congrats, Leigh!

Are there any good write ups on the Salesforce data exfils that have been happening?

Did ShinyHunters create a mass credential dump tool just like the one we had last year with Snowflake?

Take your like and leave.

Holding a bowl of berries at arms length to keep the AI Hunter Killers at bay during the Water Wars.

It seems like berries really are the LLM model’s weakness.

Rare glimpse of the 2026 DBIR editorial document:

“Given the prevalence of file transfer and management servers in 2023 and perimeter devices in 2024, you may ask yourself which one of those led the vulnerability exploitation vector in 2025.”

“The answer is, of course, yes.”

Oh no! Terrible week for it.

Trump subiu no telhado.

(For all the PT-BR idiom enjoyers out there)

In the Future All Food Will Be Cooked in a Microwave, and if You Can’t Deal With That Then You Need to Get Out of the Kitchen As a restaurant owner – I’m astounded at the rate of progress since microwaves were released a few short years ago. Today’s microwave can cook a frozen burrito. Tomorrow’s m…

I laughed so hard I thought I was going to cough up an organ. Every line is gold.

Lots of Chico Buarque playing in my house today.

This is what I think too, but I can’t find a direct citation or reference to “when we took down XYZ group, we found they had a robust R&D practice”.

Have you ever come across something like this?

Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs — especially in enterprise edge technologies like VPNs and firewalls.

• What these signals might reveal about attacker workflows
• How defenders can use this information to act early

Read the full research report here:

www.greynoise.io/resources/ea...

Always happy to discuss or answer questions about the data — just drop a line at research@greynoise.io.

Three high-profile former CISA employees have joined @istorg.bsky.social to keep working on Secure by Design and figure out a stable future for the CVE program. www.politico.com/newsletters/...