SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
@techbytom.bsky.social
Privacy, motorcycle, and craft beer geek. Adversarial thinker. Blue team your blue team for better red teaming.
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Combining NVIDIA DGX Spark + Apple Mac Studio for 4x Faster LLM Inference with EXO 1.0
Disaggregating Prefill and Decode: Faster First Tokens, Faster Streams
blog.exolabs.net
January 6, 2026 at 5:45 AM
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Fun way to host your payloads vmux.sdan.io
vmux
Run anything in the cloud. Replace uv run with vmux run.
vmux.sdan.io
January 2, 2026 at 1:27 AM
Fun way to host your payloads vmux.sdan.io
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
At 404, we’re particularly focussed on journalism that has real-world impact. Thanks to your support, this year we can trace a direct line between our work and tangible policy change. @evystadium.bsky.social names a few.
Read our Impact stories here and hny <3 www.404media.co/tag/impact/
Read our Impact stories here and hny <3 www.404media.co/tag/impact/
January 1, 2026 at 7:24 PM
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
To wrap up the year, I've published this Havoc extension that enables remote execution of Beacon Object Files (BOFs) using a PIC loader built with Crystal Palace.
github.com/pard0p/Remot...
github.com/pard0p/Remot...
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
December 31, 2025 at 11:51 PM
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
You've been targeted by government spyware. Now what? | TechCrunch
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO's Pegasus or Paragon's Graphite. What happens after re...
techcrunch.com
December 29, 2025 at 4:27 PM
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
Claude set a strong bar for structured, workflow-driven AI usage, and it’s no surprise we’re now seeing similar ideas across other platforms like OpenAI.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
Agent Skills
Give Codex new capabilities and expertise
developers.openai.com
December 27, 2025 at 12:33 AM
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
ORLY?
December 20, 2025 at 4:47 AM
ORLY?
0nrnicrosoft[.]com was registered last night
December 19, 2025 at 2:57 PM
0nrnicrosoft[.]com was registered last night
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
“ALPRs, operating at the scale that they’re operating now, with the kind of vendors that are running these systems now, are posing a direct public safety threat,” particularly in this political climate, EFF’s @tsnvaa.bsky.social told @kqednews.kqed.org. www.kqed.org/news/120669...
California Cities Double Down on License-Plate Readers as Federal Surveillance Grows | KQED
California municipalities continue to press ahead with automated license-plate reader contracts, betting the technology’s public-safety value outweighs demonstrated risks to data privacy and civil liberties.
www.kqed.org
December 19, 2025 at 2:18 PM
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
www.wsj.com/tech/ai/anth...
We Let AI Run Our Office Vending Machine. It Lost Hundreds of Dollars.
An AI agent ran a snack operation in the WSJ newsroom. It gave away a free PlayStation, ordered a live fish—and taught us lessons about the future of AI.
www.wsj.com
December 19, 2025 at 1:21 AM
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
www.wsj.com/tech/ai/anth...
Hey @wiz_io BurbSec really appreciates the CVS sized receipt!
December 18, 2025 at 3:16 AM
Hey @wiz_io BurbSec really appreciates the CVS sized receipt!
Not a fan of this company, but I LOVE the 2FA explainer. Very well executed.
December 17, 2025 at 2:46 PM
Not a fan of this company, but I LOVE the 2FA explainer. Very well executed.
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
Interesting project. Reimplements TCG example loaders in Rust and demonstrates Rust patterns for TCG and Crystal Palace.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
Implementing PICOs and allowing for easy development in rust github.com/laachy/trade...
@raphaelmudge.bsky.social
@raphaelmudge.bsky.social
github.com
December 9, 2025 at 2:44 AM
Interesting project. Reimplements TCG example loaders in Rust and demonstrates Rust patterns for TCG and Crystal Palace.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
You know what would make for an epic third party compromise? xterm.js
December 8, 2025 at 10:21 PM
You know what would make for an epic third party compromise? xterm.js
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
Fed up with this dystopian nightmare? We are too. That's why we're pushing back against surveillance tech and government censorship, both in the courts and on the streets. Help us today: eff.org/power-up
Double Your Impact on Privacy & Free Speech
Right now, your donation to EFF gets an automatic 2X match! Don't let tyrants co-opt tech.
supporters.eff.org
December 3, 2025 at 9:03 PM
Fed up with this dystopian nightmare? We are too. That's why we're pushing back against surveillance tech and government censorship, both in the courts and on the streets. Help us today: eff.org/power-up
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 4:23 PM
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Hey everyone. It's currently 2025 (and almost 2026). If you're scraping sites and not running javascript, you probably aren't going to render most of the content ;)
December 3, 2025 at 10:36 PM
Hey everyone. It's currently 2025 (and almost 2026). If you're scraping sites and not running javascript, you probably aren't going to render most of the content ;)
DeepSeek kills it again. If you haven’t read the white paper (huggingface.co/deepseek-ai/...) you should.
1/5th of the GPU time for large contexts in a single generation. The approach just makes sense too - your LLM doesn’t need to constantly re-evaluate the entirety of the prompt and response.
1/5th of the GPU time for large contexts in a single generation. The approach just makes sense too - your LLM doesn’t need to constantly re-evaluate the entirety of the prompt and response.
huggingface.co
December 2, 2025 at 3:00 PM
DeepSeek kills it again. If you haven’t read the white paper (huggingface.co/deepseek-ai/...) you should.
1/5th of the GPU time for large contexts in a single generation. The approach just makes sense too - your LLM doesn’t need to constantly re-evaluate the entirety of the prompt and response.
1/5th of the GPU time for large contexts in a single generation. The approach just makes sense too - your LLM doesn’t need to constantly re-evaluate the entirety of the prompt and response.
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
Something extra to be thankful for this week: our CFP and CFV are officially OPEN for #BSides312! 🎤🙌
Got something you want to share on May 16, 2026? Or want to volunteer?
Forms are live on our website—see you in May!
#BSides
bsides312.org
Got something you want to share on May 16, 2026? Or want to volunteer?
Forms are live on our website—see you in May!
#BSides
bsides312.org
BSides312 - Chicago's Hacking Conference
BSides312 is Chicago's biggest little non-profit hacking & information security conference.
bsides312.org
November 27, 2025 at 8:30 PM
Something extra to be thankful for this week: our CFP and CFV are officially OPEN for #BSides312! 🎤🙌
Got something you want to share on May 16, 2026? Or want to volunteer?
Forms are live on our website—see you in May!
#BSides
bsides312.org
Got something you want to share on May 16, 2026? Or want to volunteer?
Forms are live on our website—see you in May!
#BSides
bsides312.org
Ooof
when cloudflare is down and downdetector’s captcha runs on cloudflare
November 18, 2025 at 3:25 PM
Ooof
Our modern dystopia. Sometimes it’s hard to believe this can be rolled back.
New: this app lets ICE track vehicles and owners across the country. ICE uses phone to scan license plates, add to a database of billions of records. Thomson Reuters then enriches that with marriage, voter, other info. Can predict where a car will be in the future
www.404media.co/this-app-let...
www.404media.co/this-app-let...
This App Lets ICE Track Vehicles and Owners Across the Country
Material viewed by 404 Media shows data giant Thomson Reuters enriches license plate data with marriage, voter, and ownership records. The tool can predict where a car may be in the future.
www.404media.co
November 17, 2025 at 3:02 PM
Our modern dystopia. Sometimes it’s hard to believe this can be rolled back.
If you’re involved in any form of protest organization or center/left leaning politics, go enable Lockdown Mode NOW. ssd.eff.org/module/how-t...
November 8, 2025 at 12:29 AM
If you’re involved in any form of protest organization or center/left leaning politics, go enable Lockdown Mode NOW. ssd.eff.org/module/how-t...
What do I win?
November 7, 2025 at 5:59 PM
What do I win?
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
“We should have banned government use of face recognition when we had the chance because it is dangerous, invasive, and an inherent threat to civil liberties,” EFF’s @MGuariglia.bsky.social told @404Media.co. www.404media.co/ice-and-cbp...
ICE and CBP Agents Are Scanning Peoples’ Faces on the Street To Verify Citizenship
Videos on social media show officers from ICE and CBP using facial recognition technology on people in the field. One expert described the practice as “pure dystopian creep.”
www.404media.co
October 29, 2025 at 8:03 PM
“We should have banned government use of face recognition when we had the chance because it is dangerous, invasive, and an inherent threat to civil liberties,” EFF’s @MGuariglia.bsky.social told @404Media.co. www.404media.co/ice-and-cbp...
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
As new projects, blog posts, and other efforts around TCG show up, I'm listing them here:
tradecraftgarden.org/references.h...
I've put together a Friends of the Tradecraft Garden list on BlueSky too:
bsky.app/profile/did:...
Thank you for building, exploring, & teaching w/ this young project 🪴
tradecraftgarden.org/references.h...
I've put together a Friends of the Tradecraft Garden list on BlueSky too:
bsky.app/profile/did:...
Thank you for building, exploring, & teaching w/ this young project 🪴
October 30, 2025 at 4:24 AM
As new projects, blog posts, and other efforts around TCG show up, I'm listing them here:
tradecraftgarden.org/references.h...
I've put together a Friends of the Tradecraft Garden list on BlueSky too:
bsky.app/profile/did:...
Thank you for building, exploring, & teaching w/ this young project 🪴
tradecraftgarden.org/references.h...
I've put together a Friends of the Tradecraft Garden list on BlueSky too:
bsky.app/profile/did:...
Thank you for building, exploring, & teaching w/ this young project 🪴