austin
@pwnaship.bsky.social
I like ranting about ship tech, congested logistics and OT security - Maritime Hacking Village | GICSP | Marine Hardware & protocol Hacking | Salish Sea | risk management consultant by day, security researcher by night.
co presented on the creator stage at DEF CON this weekend
spreading the message on maritime cyber one preso and conversation at a time
spreading the message on maritime cyber one preso and conversation at a time
August 10, 2025 at 10:57 PM
co presented on the creator stage at DEF CON this weekend
spreading the message on maritime cyber one preso and conversation at a time
spreading the message on maritime cyber one preso and conversation at a time
I will be presenting at defcon 33. Maritime hacking. Specifically the creator stage for maritime hacking village. More to come
June 29, 2025 at 6:55 AM
I will be presenting at defcon 33. Maritime hacking. Specifically the creator stage for maritime hacking village. More to come
Reposted by austin
Wikipedia is rolling out anonymity features piloted in countries with authoritarian governments in the US & is making a change to not show editor IP addresses in response to a global "increase in threats" from Elon Musk, Heritage Foundation, and governments
www.404media.co/wikipedia-pr...
www.404media.co/wikipedia-pr...
Wikipedia Prepares for 'Increase in Threats' to US Editors From Musk and His Allies
The Wikimedia Foundation says it will likely roll out features previously used to protect editors in authoritarian countries more widely.
www.404media.co
February 11, 2025 at 3:06 PM
Wikipedia is rolling out anonymity features piloted in countries with authoritarian governments in the US & is making a change to not show editor IP addresses in response to a global "increase in threats" from Elon Musk, Heritage Foundation, and governments
www.404media.co/wikipedia-pr...
www.404media.co/wikipedia-pr...
Welcome to the chaotic era
January 30, 2025 at 6:24 AM
Welcome to the chaotic era
This has been a week.
January 30, 2025 at 6:20 AM
This has been a week.
If any of y’all are headed to S4 let me know - I shall be there
a group of people walking on a red carpet with the words conference time on the bottom
ALT: a group of people walking on a red carpet with the words conference time on the bottom
media.tenor.com
January 22, 2025 at 9:36 PM
If any of y’all are headed to S4 let me know - I shall be there
The final rules are out. I’ve been busy reviewing them and with work but I’m hoping to get another article together once the dust settles from this week. Lots happening in the maritime transportation sector
Want to know my thoughts on the recent NPRM? Read my new piece warontherocks.com/2024/04/the-...
The Rising Ransomware Tide, Chinese Spy Cranes, and the Biden Executive Order on Maritime Cyber Security - War on the Rocks
In July of 2023, Japan’s largest port, Nagoya, fell victim to a lockbit ransomware attack, causing operations to grind to a halt and Toyota to suspend its
warontherocks.com
January 22, 2025 at 5:28 PM
The final rules are out. I’ve been busy reviewing them and with work but I’m hoping to get another article together once the dust settles from this week. Lots happening in the maritime transportation sector
Want to know my thoughts on the recent NPRM? Read my new piece warontherocks.com/2024/04/the-...
The Rising Ransomware Tide, Chinese Spy Cranes, and the Biden Executive Order on Maritime Cyber Security - War on the Rocks
In July of 2023, Japan’s largest port, Nagoya, fell victim to a lockbit ransomware attack, causing operations to grind to a halt and Toyota to suspend its
warontherocks.com
April 17, 2024 at 3:54 PM
Want to know my thoughts on the recent NPRM? Read my new piece warontherocks.com/2024/04/the-...
Reposted by austin
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
If the shipping giants are not transiting the Red Sea bc of Houthi/Iranian attacks what are they going to do in other congested waterways when the conflict with China starts?
December 18, 2023 at 5:34 PM
If the shipping giants are not transiting the Red Sea bc of Houthi/Iranian attacks what are they going to do in other congested waterways when the conflict with China starts?
*runs script*
Gets table not found in DB
*checks name of DB table *
Fixes name reference
*Runs script again*
Table not found
*opens DB*
DB file is empty
Pain. Pain. Pain.
Gets table not found in DB
*checks name of DB table *
Fixes name reference
*Runs script again*
Table not found
*opens DB*
DB file is empty
Pain. Pain. Pain.
December 16, 2023 at 12:12 AM
*runs script*
Gets table not found in DB
*checks name of DB table *
Fixes name reference
*Runs script again*
Table not found
*opens DB*
DB file is empty
Pain. Pain. Pain.
Gets table not found in DB
*checks name of DB table *
Fixes name reference
*Runs script again*
Table not found
*opens DB*
DB file is empty
Pain. Pain. Pain.
Check out the next part of my discussion on maritime cybersecurity on control loop thecyberwire.com/podcasts/con...
December 3, 2023 at 12:46 AM
Check out the next part of my discussion on maritime cybersecurity on control loop thecyberwire.com/podcasts/con...
How can you speak on establishing a Maritime Militia without speaking to our existing civilian mariners supporting DoD, or state maritime academies, while only mentioning the merchant marine as a way to poke at the Jones Act?
warontherocks.com/2023/11/citi...
warontherocks.com/2023/11/citi...
Citizen Sailors: The Missing Link in Maritime Force Structure - War on the Rocks
The U.S. Navy confronts a generational challenge: The Chinese Navy now eclipses it in number of ships, with a shipbuilding capacity that outpaces it 200
warontherocks.com
November 16, 2023 at 1:26 AM
How can you speak on establishing a Maritime Militia without speaking to our existing civilian mariners supporting DoD, or state maritime academies, while only mentioning the merchant marine as a way to poke at the Jones Act?
warontherocks.com/2023/11/citi...
warontherocks.com/2023/11/citi...
Had the chance to talk about Maritime Transportation System Cybersecurity on Control Loop - check it out, but be nice. My first podcast interview
thecyberwire.com/podcasts/con...
thecyberwire.com/podcasts/con...
November 15, 2023 at 4:34 PM
Had the chance to talk about Maritime Transportation System Cybersecurity on Control Loop - check it out, but be nice. My first podcast interview
thecyberwire.com/podcasts/con...
thecyberwire.com/podcasts/con...
Reposted by austin
As false information about the rapidly changing war between Gaza Strip militants and Israel proliferated on the social media platform X over the weekend, owner Elon Musk personally recommended that users follow accounts notorious for promoting lies.
As false war information spreads on X, Musk promotes unvetted accounts
Elon Musk recommended that users follow accounts that have promoted lies in the past.
www.washingtonpost.com
October 9, 2023 at 5:00 PM
As false information about the rapidly changing war between Gaza Strip militants and Israel proliferated on the social media platform X over the weekend, owner Elon Musk personally recommended that users follow accounts notorious for promoting lies.
A few days ago I deleted my Twitter app not realizing it was the only active instance I had
A few months ago I purposely deleted my back up code and code generator for Twitter bc I decided next time it deleted it I would be done with the app ….
So guess I’m on here more now
A few months ago I purposely deleted my back up code and code generator for Twitter bc I decided next time it deleted it I would be done with the app ….
So guess I’m on here more now
October 8, 2023 at 3:57 PM
A few days ago I deleted my Twitter app not realizing it was the only active instance I had
A few months ago I purposely deleted my back up code and code generator for Twitter bc I decided next time it deleted it I would be done with the app ….
So guess I’m on here more now
A few months ago I purposely deleted my back up code and code generator for Twitter bc I decided next time it deleted it I would be done with the app ….
So guess I’m on here more now
I’ve defeated my productivity block with a dark psytrance playlist and a bit more caffeine.
The only way to get progress on this technical approach and processing 800-82 r3
The only way to get progress on this technical approach and processing 800-82 r3
October 5, 2023 at 5:29 PM
I’ve defeated my productivity block with a dark psytrance playlist and a bit more caffeine.
The only way to get progress on this technical approach and processing 800-82 r3
The only way to get progress on this technical approach and processing 800-82 r3
Shouting into the void to see if anyone has had luck tracking down a Palo Alto Networks lab unit - ideally a 400 series?
I’m working the corpo b2b angle but curious if anyone has actually had success in getting one for research/homelab use w/o shelling out for a full cost through a distributor
I’m working the corpo b2b angle but curious if anyone has actually had success in getting one for research/homelab use w/o shelling out for a full cost through a distributor
September 24, 2023 at 4:15 PM
Shouting into the void to see if anyone has had luck tracking down a Palo Alto Networks lab unit - ideally a 400 series?
I’m working the corpo b2b angle but curious if anyone has actually had success in getting one for research/homelab use w/o shelling out for a full cost through a distributor
I’m working the corpo b2b angle but curious if anyone has actually had success in getting one for research/homelab use w/o shelling out for a full cost through a distributor
I’m the ‘client’ for an undergrad Computer engineering capstone this fall and I’m confident they would have done a better job integrating this based on their work so far on the testbed design.
That look When your 3 day special military operation now hinges on COTS gnss receivers strapped to a beefed up Estes rocket engine
September 22, 2023 at 1:09 AM
I’m the ‘client’ for an undergrad Computer engineering capstone this fall and I’m confident they would have done a better job integrating this based on their work so far on the testbed design.
That look When your 3 day special military operation now hinges on COTS gnss receivers strapped to a beefed up Estes rocket engine
September 21, 2023 at 7:35 PM
That look When your 3 day special military operation now hinges on COTS gnss receivers strapped to a beefed up Estes rocket engine
Threat actors and security researchers looking at the firms bragging about the MITRE att&ck scores
September 20, 2023 at 11:22 PM
Threat actors and security researchers looking at the firms bragging about the MITRE att&ck scores