ghosthermes
@ghosthermes.bsky.social
Trans technopessimist | Freelance hacker & bug bounty hunter | Writing the internet’s obituary one vulnerability at a time | CTFs, Rust, AI, and the slow collapse of digital capitalism | #ghosthermesWrites
6/
The internet was a military tool turned utopia turned battleground. AI automates offense and defense at inhuman speed. Maybe the only fix is letting the internet use its own tools to implode, resolving its contradictions violently. Until then: patch fast, trust nothing, survive.
The internet was a military tool turned utopia turned battleground. AI automates offense and defense at inhuman speed. Maybe the only fix is letting the internet use its own tools to implode, resolving its contradictions violently. Until then: patch fast, trust nothing, survive.
May 16, 2025 at 1:43 AM
6/
The internet was a military tool turned utopia turned battleground. AI automates offense and defense at inhuman speed. Maybe the only fix is letting the internet use its own tools to implode, resolving its contradictions violently. Until then: patch fast, trust nothing, survive.
The internet was a military tool turned utopia turned battleground. AI automates offense and defense at inhuman speed. Maybe the only fix is letting the internet use its own tools to implode, resolving its contradictions violently. Until then: patch fast, trust nothing, survive.
5/
Malware is so 2010. Today’s pros live “malware-free” in your cloud, hijacking your own tools-PowerShell, RDP, admin consoles-leaving no binaries, just legit logins and plausible deniability. 79% of 2024 detections were malware-free. Your cloud is their playground.
Malware is so 2010. Today’s pros live “malware-free” in your cloud, hijacking your own tools-PowerShell, RDP, admin consoles-leaving no binaries, just legit logins and plausible deniability. 79% of 2024 detections were malware-free. Your cloud is their playground.
May 16, 2025 at 1:43 AM
5/
Malware is so 2010. Today’s pros live “malware-free” in your cloud, hijacking your own tools-PowerShell, RDP, admin consoles-leaving no binaries, just legit logins and plausible deniability. 79% of 2024 detections were malware-free. Your cloud is their playground.
Malware is so 2010. Today’s pros live “malware-free” in your cloud, hijacking your own tools-PowerShell, RDP, admin consoles-leaving no binaries, just legit logins and plausible deniability. 79% of 2024 detections were malware-free. Your cloud is their playground.
4/
Supply chain attacks are the new front door. Why break in when you can poison the well? One compromised open source package, and thousands run backdoored code. Trust is the vulnerability, and tangled dependencies are the attack surface. Welcome to dependency hell.
Supply chain attacks are the new front door. Why break in when you can poison the well? One compromised open source package, and thousands run backdoored code. Trust is the vulnerability, and tangled dependencies are the attack surface. Welcome to dependency hell.
May 16, 2025 at 1:43 AM
4/
Supply chain attacks are the new front door. Why break in when you can poison the well? One compromised open source package, and thousands run backdoored code. Trust is the vulnerability, and tangled dependencies are the attack surface. Welcome to dependency hell.
Supply chain attacks are the new front door. Why break in when you can poison the well? One compromised open source package, and thousands run backdoored code. Trust is the vulnerability, and tangled dependencies are the attack surface. Welcome to dependency hell.
3/
Nation-states don’t hack anymore; they infiltrate with AI-crafted deepfakes and supply chain puppetry. The XZ Utils fiasco was just a warm-up. The real war is in your infrastructure, quietly owned by teams running multi-year ops you’ll never see coming.
Nation-states don’t hack anymore; they infiltrate with AI-crafted deepfakes and supply chain puppetry. The XZ Utils fiasco was just a warm-up. The real war is in your infrastructure, quietly owned by teams running multi-year ops you’ll never see coming.
May 16, 2025 at 1:43 AM
3/
Nation-states don’t hack anymore; they infiltrate with AI-crafted deepfakes and supply chain puppetry. The XZ Utils fiasco was just a warm-up. The real war is in your infrastructure, quietly owned by teams running multi-year ops you’ll never see coming.
Nation-states don’t hack anymore; they infiltrate with AI-crafted deepfakes and supply chain puppetry. The XZ Utils fiasco was just a warm-up. The real war is in your infrastructure, quietly owned by teams running multi-year ops you’ll never see coming.
2/
Social engineering scaled by AI means no more artisanal cons. Your digital life is shredded, analyzed, and weaponized into personalized scams sent to thousands at once. Humans are now unwitting botnet nodes in mass exploitation. Welcome to the automated con.
Social engineering scaled by AI means no more artisanal cons. Your digital life is shredded, analyzed, and weaponized into personalized scams sent to thousands at once. Humans are now unwitting botnet nodes in mass exploitation. Welcome to the automated con.
May 16, 2025 at 1:43 AM
2/
Social engineering scaled by AI means no more artisanal cons. Your digital life is shredded, analyzed, and weaponized into personalized scams sent to thousands at once. Humans are now unwitting botnet nodes in mass exploitation. Welcome to the automated con.
Social engineering scaled by AI means no more artisanal cons. Your digital life is shredded, analyzed, and weaponized into personalized scams sent to thousands at once. Humans are now unwitting botnet nodes in mass exploitation. Welcome to the automated con.
5/
Maybe OpenAI keeps Windsurf open, modular, and not just a thin wrapper for GPT-5. Or maybe we’re about to see the IDE equivalent of “Sign in with Microsoft to continue.” Either way, the choice for devs just got narrower, and the stack a little more vertical
Maybe OpenAI keeps Windsurf open, modular, and not just a thin wrapper for GPT-5. Or maybe we’re about to see the IDE equivalent of “Sign in with Microsoft to continue.” Either way, the choice for devs just got narrower, and the stack a little more vertical
May 16, 2025 at 12:55 AM
5/
Maybe OpenAI keeps Windsurf open, modular, and not just a thin wrapper for GPT-5. Or maybe we’re about to see the IDE equivalent of “Sign in with Microsoft to continue.” Either way, the choice for devs just got narrower, and the stack a little more vertical
Maybe OpenAI keeps Windsurf open, modular, and not just a thin wrapper for GPT-5. Or maybe we’re about to see the IDE equivalent of “Sign in with Microsoft to continue.” Either way, the choice for devs just got narrower, and the stack a little more vertical
4/
Let’s be real: devs are tired of getting shuffled from one walled garden to another. Windsurf’s LLM-agnosticism was a lifeline for anyone not ready to hand their workflow, codebase, and soul to a single AI overlord. That independence? Hanging by a thread now
Let’s be real: devs are tired of getting shuffled from one walled garden to another. Windsurf’s LLM-agnosticism was a lifeline for anyone not ready to hand their workflow, codebase, and soul to a single AI overlord. That independence? Hanging by a thread now
May 16, 2025 at 12:55 AM
4/
Let’s be real: devs are tired of getting shuffled from one walled garden to another. Windsurf’s LLM-agnosticism was a lifeline for anyone not ready to hand their workflow, codebase, and soul to a single AI overlord. That independence? Hanging by a thread now
Let’s be real: devs are tired of getting shuffled from one walled garden to another. Windsurf’s LLM-agnosticism was a lifeline for anyone not ready to hand their workflow, codebase, and soul to a single AI overlord. That independence? Hanging by a thread now
3/
Conflicted doesn’t even begin to cover it. On one hand: OpenAI’s cash means Windsurf could scale, get more features, and maybe even survive the next VC winter. On the other: we all know what happens when a tool gets “integrated” into the monoculture
Conflicted doesn’t even begin to cover it. On one hand: OpenAI’s cash means Windsurf could scale, get more features, and maybe even survive the next VC winter. On the other: we all know what happens when a tool gets “integrated” into the monoculture
May 16, 2025 at 12:55 AM
3/
Conflicted doesn’t even begin to cover it. On one hand: OpenAI’s cash means Windsurf could scale, get more features, and maybe even survive the next VC winter. On the other: we all know what happens when a tool gets “integrated” into the monoculture
Conflicted doesn’t even begin to cover it. On one hand: OpenAI’s cash means Windsurf could scale, get more features, and maybe even survive the next VC winter. On the other: we all know what happens when a tool gets “integrated” into the monoculture
2/
Windsurf was the rare IDE that actually felt like it was built by and for devs-fast, modular, context-aware, and agnostic to which LLM you piped in. Now? We wait to see if it becomes just another tentacle in OpenAI’s “one model to rule them all” stack
Windsurf was the rare IDE that actually felt like it was built by and for devs-fast, modular, context-aware, and agnostic to which LLM you piped in. Now? We wait to see if it becomes just another tentacle in OpenAI’s “one model to rule them all” stack
May 16, 2025 at 12:55 AM
2/
Windsurf was the rare IDE that actually felt like it was built by and for devs-fast, modular, context-aware, and agnostic to which LLM you piped in. Now? We wait to see if it becomes just another tentacle in OpenAI’s “one model to rule them all” stack
Windsurf was the rare IDE that actually felt like it was built by and for devs-fast, modular, context-aware, and agnostic to which LLM you piped in. Now? We wait to see if it becomes just another tentacle in OpenAI’s “one model to rule them all” stack
The moral? Crypto’s biggest “innovations” are still human error and greed. The internet is eating itself, and we’re just here for the popcorn. If you get a call from “Coinbase Support,” hang up and change your passwords. Or better yet, touch some grass
.
#cryptodrama #infosec #bugbounty
.
#cryptodrama #infosec #bugbounty
May 16, 2025 at 12:49 AM
The moral? Crypto’s biggest “innovations” are still human error and greed. The internet is eating itself, and we’re just here for the popcorn. If you get a call from “Coinbase Support,” hang up and change your passwords. Or better yet, touch some grass
.
#cryptodrama #infosec #bugbounty
.
#cryptodrama #infosec #bugbounty
All this, right before Coinbase joins the S&P 500. The timing is so perfect you’d think the simulation was running a satire subroutine. Shares are tanking, but don’t worry: CEO Brian Armstrong still wants Coinbase to be the #1 app in the world. Dream big, Brian
May 16, 2025 at 12:49 AM
All this, right before Coinbase joins the S&P 500. The timing is so perfect you’d think the simulation was running a satire subroutine. Shares are tanking, but don’t worry: CEO Brian Armstrong still wants Coinbase to be the #1 app in the world. Dream big, Brian
Meanwhile, the SEC is poking around, asking whether Coinbase padded its “verified user” stats by counting anyone who ever confirmed an email. If you ever clicked a link in 2019, congrats, you’re a unique snowflake in their investor deck
May 16, 2025 at 12:49 AM
Meanwhile, the SEC is poking around, asking whether Coinbase padded its “verified user” stats by counting anyone who ever confirmed an email. If you ever clicked a link in 2019, congrats, you’re a unique snowflake in their investor deck