Insecurity Connoisseur
@marver.bsky.social
Not only is each stack like AWS we will encounter incredibly complex on its own, we will have to move laterally between all of them. This will be an impossible task without proper automation and even non-bs AI support (see the Nemesis MCP servers I wrote about last month)..this week will be fun!
May 11, 2025 at 2:02 PM
Not only is each stack like AWS we will encounter incredibly complex on its own, we will have to move laterally between all of them. This will be an impossible task without proper automation and even non-bs AI support (see the Nemesis MCP servers I wrote about last month)..this week will be fun!
We’re going to run a live exercise this week against a defensive team from a bigger zero trust platform. This involves nearly anything you can find in modern cloud tech stacks, from Octa to GitHub to AWS….It’s fun packing “gear”, and I mean software and tools here to run proper escalations.
May 11, 2025 at 1:59 PM
We’re going to run a live exercise this week against a defensive team from a bigger zero trust platform. This involves nearly anything you can find in modern cloud tech stacks, from Octa to GitHub to AWS….It’s fun packing “gear”, and I mean software and tools here to run proper escalations.
ChatGPT was mostly irrelevant for security except for improving phishing pretexts - AI agents on the other hand are very much relevant!
April 20, 2025 at 8:22 PM
ChatGPT was mostly irrelevant for security except for improving phishing pretexts - AI agents on the other hand are very much relevant!
Reposted by Insecurity Connoisseur
Two thoughts on the Signal Gate:
1. They apparently did not verify Signal contacts’ safety numbers, allowing easy MiTM
2. It’s easy to inject a number into a phone’s contact list or change it
Combine both and you got a way to subvert secure communications without having a 0day for Signal!
1. They apparently did not verify Signal contacts’ safety numbers, allowing easy MiTM
2. It’s easy to inject a number into a phone’s contact list or change it
Combine both and you got a way to subvert secure communications without having a 0day for Signal!
March 27, 2025 at 7:27 AM
Two thoughts on the Signal Gate:
1. They apparently did not verify Signal contacts’ safety numbers, allowing easy MiTM
2. It’s easy to inject a number into a phone’s contact list or change it
Combine both and you got a way to subvert secure communications without having a 0day for Signal!
1. They apparently did not verify Signal contacts’ safety numbers, allowing easy MiTM
2. It’s easy to inject a number into a phone’s contact list or change it
Combine both and you got a way to subvert secure communications without having a 0day for Signal!
Let’s break some LLMs today!
March 22, 2025 at 10:07 AM
Let’s break some LLMs today!
"Your malware is fake!" That's correct. Here's a small tool to generate payloads out of YARA rules: github.com/persistent-s...
We use it as part of a testsuite for detection & monitoring.
We use it as part of a testsuite for detection & monitoring.
GitHub - persistent-security/reverseyara: A tool to generate payloads from YARA Signatures - Reverse Yara
A tool to generate payloads from YARA Signatures - Reverse Yara - persistent-security/reverseyara
github.com
March 21, 2025 at 5:13 PM
"Your malware is fake!" That's correct. Here's a small tool to generate payloads out of YARA rules: github.com/persistent-s...
We use it as part of a testsuite for detection & monitoring.
We use it as part of a testsuite for detection & monitoring.
Already leaving nullcon Goa, I’ll be back for sure! Thank you everyone for the good talks and especially our trainees for working hard on their AppSec skills.
March 1, 2025 at 11:48 PM
Already leaving nullcon Goa, I’ll be back for sure! Thank you everyone for the good talks and especially our trainees for working hard on their AppSec skills.
www.youtube.com/watch?v=5wIO...
If you are interested in music production and also nerding in old school software scenes, this is an absolute speedrun of sound generation software you’ve never even heard of!
If you are interested in music production and also nerding in old school software scenes, this is an absolute speedrun of sound generation software you’ve never even heard of!
The Batsh*t Software Aphex Twin Used
YouTube video by Benn Jordan
www.youtube.com
January 26, 2025 at 10:55 AM
www.youtube.com/watch?v=5wIO...
If you are interested in music production and also nerding in old school software scenes, this is an absolute speedrun of sound generation software you’ve never even heard of!
If you are interested in music production and also nerding in old school software scenes, this is an absolute speedrun of sound generation software you’ve never even heard of!
Reposted by Insecurity Connoisseur
Reposted by Insecurity Connoisseur
Reposted by Insecurity Connoisseur
A version of Missile Command for the Commodore 64 where the bottom of your screen is the game state in memory and missiles cause memory corruption: csdb.dk/release/?id=....
In the video below, a missile broke my controls and caused my cursor to get stuck moving down and to the left.
In the video below, a missile broke my controls and caused my cursor to get stuck moving down and to the left.
November 22, 2024 at 10:56 PM
A version of Missile Command for the Commodore 64 where the bottom of your screen is the game state in memory and missiles cause memory corruption: csdb.dk/release/?id=....
In the video below, a missile broke my controls and caused my cursor to get stuck moving down and to the left.
In the video below, a missile broke my controls and caused my cursor to get stuck moving down and to the left.
So this thing here is actually taking off, any tips who to follow for serious Infosec news?
November 23, 2024 at 9:39 AM
So this thing here is actually taking off, any tips who to follow for serious Infosec news?
Reposted by Insecurity Connoisseur
Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage
November 23, 2024 at 8:32 AM
Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage