Dhruv AHUJA
@new23d.bsky.social
Making network egress filtering effective, reliable and usable. Founder & Chief Engineer at @chasersystems.bsky.social
Blog: https://www.new23d.com/
Blog: https://www.new23d.com/
I have to say Eldon Sprickerhoff's Committed has filled some critical gaps I didn't know I had. The book is also non-repetitive, has short-length chapters and to-the-point.
www.goodreads.com/book/show/21...
www.goodreads.com/book/show/21...
November 13, 2025 at 12:36 PM
I have to say Eldon Sprickerhoff's Committed has filled some critical gaps I didn't know I had. The book is also non-repetitive, has short-length chapters and to-the-point.
www.goodreads.com/book/show/21...
www.goodreads.com/book/show/21...
We dug deeper into data & telemetry sent #outbound by #Cursor, #Claude, #Copilot and 4 other agent editors, so you can make an informed choice. With the IOCs revealed, you can also monitor for shadow IT usage of these in your corporate/cloud networks.
chasersystems.com/blog/what-da...
chasersystems.com/blog/what-da...
November 11, 2025 at 12:17 PM
We dug deeper into data & telemetry sent #outbound by #Cursor, #Claude, #Copilot and 4 other agent editors, so you can make an informed choice. With the IOCs revealed, you can also monitor for shadow IT usage of these in your corporate/cloud networks.
chasersystems.com/blog/what-da...
chasersystems.com/blog/what-da...
The Pyramid of Pain [1] from over a decade ago is still 🎯. Block TTPs, Tools and Artifacts if you can detect them. Allow only trusted Domain Names and IP Addresses, in an otherwise default deny mode. Hashes just contribute to climate change. This graphic helps me at...
October 31, 2025 at 9:49 AM
The Pyramid of Pain [1] from over a decade ago is still 🎯. Block TTPs, Tools and Artifacts if you can detect them. Allow only trusted Domain Names and IP Addresses, in an otherwise default deny mode. Hashes just contribute to climate change. This graphic helps me at...
It's always DNS.
Or us-east-1.
Or us-east-1.
October 20, 2025 at 9:22 AM
It's always DNS.
Or us-east-1.
Or us-east-1.
I would've reversed the order of recommendations by Wiz on their RediShell CVE-2025-49844 blog post. Network controls are easier & quicker to apply and involve no downtime; than changing server & client side configs. Even allowing all known IP ranges of your apps' service...
October 7, 2025 at 12:33 PM
I would've reversed the order of recommendations by Wiz on their RediShell CVE-2025-49844 blog post. Network controls are easier & quicker to apply and involve no downtime; than changing server & client side configs. Even allowing all known IP ranges of your apps' service...
I was affected by first the British Library hack, then M&S, Berlin airport, and now embraced for Asahi shortage. Pretty sure all of them, including JLR, had a `bag of tools` like the most popular EDRs in their peer groups, visibility tools such as CSPMs (CNAPPs now?), and maybe..
October 3, 2025 at 12:55 PM
I was affected by first the British Library hack, then M&S, Berlin airport, and now embraced for Asahi shortage. Pretty sure all of them, including JLR, had a `bag of tools` like the most popular EDRs in their peer groups, visibility tools such as CSPMs (CNAPPs now?), and maybe..
TLS inspection for egress traffic is getting harder and perhaps already at a point where security teams are finding more traffic needing to be excepted than not.
Woke up today to see an email from a prospect who had chosen another solution over DiscrimiNAT because...
Woke up today to see an email from a prospect who had chosen another solution over DiscrimiNAT because...
September 29, 2025 at 9:19 AM
TLS inspection for egress traffic is getting harder and perhaps already at a point where security teams are finding more traffic needing to be excepted than not.
Woke up today to see an email from a prospect who had chosen another solution over DiscrimiNAT because...
Woke up today to see an email from a prospect who had chosen another solution over DiscrimiNAT because...
Every #cloud has a silver lining. Today's London #tubestrike 🚃 has opened up #bbcproms tickets 🎼
Sorry, this post wasn't about AWS, GCP, Azure, etc. 😆
Stock photo does suggest writing a multicloud conductor may not be a bad idea!
#brahms
Sorry, this post wasn't about AWS, GCP, Azure, etc. 😆
Stock photo does suggest writing a multicloud conductor may not be a bad idea!
#brahms
September 11, 2025 at 10:52 AM
Every #cloud has a silver lining. Today's London #tubestrike 🚃 has opened up #bbcproms tickets 🎼
Sorry, this post wasn't about AWS, GCP, Azure, etc. 😆
Stock photo does suggest writing a multicloud conductor may not be a bad idea!
#brahms
Sorry, this post wasn't about AWS, GCP, Azure, etc. 😆
Stock photo does suggest writing a multicloud conductor may not be a bad idea!
#brahms
Just received @adamshostack.bsky.social's Threats: What Every Engineer Should Learn From Star Wars in the post. This should make the STRIDE threat modelling session we have next week more fun with R2D2 and C3PO!
Gotta cover all known bases when build a SaaS in cybersecurity!
Gotta cover all known bases when build a SaaS in cybersecurity!
August 13, 2025 at 11:54 AM
Just received @adamshostack.bsky.social's Threats: What Every Engineer Should Learn From Star Wars in the post. This should make the STRIDE threat modelling session we have next week more fun with R2D2 and C3PO!
Gotta cover all known bases when build a SaaS in cybersecurity!
Gotta cover all known bases when build a SaaS in cybersecurity!
Call me cynical but even the most respected vuln/disk image scanners/CNAPPs generate false positives when it comes to OS vendor packages. Pkgs under /usr/lib/python3/dist-packages/ are maintained by the distro, who backport patches. Distro detection works fine, then why the FPs🤔
August 11, 2025 at 3:22 PM
Call me cynical but even the most respected vuln/disk image scanners/CNAPPs generate false positives when it comes to OS vendor packages. Pkgs under /usr/lib/python3/dist-packages/ are maintained by the distro, who backport patches. Distro detection works fine, then why the FPs🤔
Can't wait for direct home IP to cloud resource IP connectivity without VPNs etc
Should be possible already with AWS services on #IPv6 🤔
It's going to be lower latency and higher bandwidth with one less router and one less connection tracking table (looking at you NAT)
Should be possible already with AWS services on #IPv6 🤔
It's going to be lower latency and higher bandwidth with one less router and one less connection tracking table (looking at you NAT)
May 16, 2025 at 1:57 PM
Can't wait for direct home IP to cloud resource IP connectivity without VPNs etc
Should be possible already with AWS services on #IPv6 🤔
It's going to be lower latency and higher bandwidth with one less router and one less connection tracking table (looking at you NAT)
Should be possible already with AWS services on #IPv6 🤔
It's going to be lower latency and higher bandwidth with one less router and one less connection tracking table (looking at you NAT)
Hadn't realised until a customer drove the point home that SNI Spoofing through egress filtering solutions is a serious "insider threat" in financial services. Insiders know what domain names are allowed already. For them to exfil data with one of those in the header and any 🧵
March 28, 2025 at 12:05 PM
Hadn't realised until a customer drove the point home that SNI Spoofing through egress filtering solutions is a serious "insider threat" in financial services. Insiders know what domain names are allowed already. For them to exfil data with one of those in the header and any 🧵
for Route53 fanbois out there such as myself, I wrote a dynamic dns client under living off the land constraints.
#ddns #aws #lotl
www.new23d.com/living-off-t...
#ddns #aws #lotl
www.new23d.com/living-off-t...
March 25, 2025 at 7:20 PM
for Route53 fanbois out there such as myself, I wrote a dynamic dns client under living off the land constraints.
#ddns #aws #lotl
www.new23d.com/living-off-t...
#ddns #aws #lotl
www.new23d.com/living-off-t...
Microsoft's experience with #Rust adoption in their dev org across Azure, Office and Windows shared at #rustnationuk
Code ported from C++ where memory safety issues were rampant, and from C# where garbage collection wasn't acceptable for performance!
Code ported from C++ where memory safety issues were rampant, and from C# where garbage collection wasn't acceptable for performance!
February 20, 2025 at 10:10 PM
Microsoft's experience with #Rust adoption in their dev org across Azure, Office and Windows shared at #rustnationuk
Code ported from C++ where memory safety issues were rampant, and from C# where garbage collection wasn't acceptable for performance!
Code ported from C++ where memory safety issues were rampant, and from C# where garbage collection wasn't acceptable for performance!
📢 PSA: Amazon Kindle eBooks' "Download & Transfer via USB" option will no longer be available from 26 Feb. You may wanna build your offline/backup library in Calibre now and its wonderful plugins.
February 18, 2025 at 6:57 AM
📢 PSA: Amazon Kindle eBooks' "Download & Transfer via USB" option will no longer be available from 26 Feb. You may wanna build your offline/backup library in Calibre now and its wonderful plugins.
@gandi.net just renewed a .com for me at £31.98 (1 yr).
Time to move my stash to @porkbun.com!
#enshittification
Time to move my stash to @porkbun.com!
#enshittification
February 1, 2025 at 7:44 AM
@gandi.net just renewed a .com for me at £31.98 (1 yr).
Time to move my stash to @porkbun.com!
#enshittification
Time to move my stash to @porkbun.com!
#enshittification
Denylists/Signature based detection are effective if Doc Brown grabs your IOCs from the future.
Allowlists need work upfront. Security teams alone can't generate these.
To scale an allowlisting approach, super quick self-service must be thought of upfront in any product design.
Allowlists need work upfront. Security teams alone can't generate these.
To scale an allowlisting approach, super quick self-service must be thought of upfront in any product design.
January 16, 2025 at 11:46 AM
Denylists/Signature based detection are effective if Doc Brown grabs your IOCs from the future.
Allowlists need work upfront. Security teams alone can't generate these.
To scale an allowlisting approach, super quick self-service must be thought of upfront in any product design.
Allowlists need work upfront. Security teams alone can't generate these.
To scale an allowlisting approach, super quick self-service must be thought of upfront in any product design.
November 19, 2024 at 11:58 AM
the laggard in me has finally turned up at an #IPv6 event
from a look at the talks schedule and participants, seems like several organisations have rolled it out already 🤔
48% user traffic from the UK now!
www.linkedin.com/groups/8128401
from a look at the talks schedule and participants, seems like several organisations have rolled it out already 🤔
48% user traffic from the UK now!
www.linkedin.com/groups/8128401
November 19, 2024 at 10:31 AM
the laggard in me has finally turned up at an #IPv6 event
from a look at the talks schedule and participants, seems like several organisations have rolled it out already 🤔
48% user traffic from the UK now!
www.linkedin.com/groups/8128401
from a look at the talks schedule and participants, seems like several organisations have rolled it out already 🤔
48% user traffic from the UK now!
www.linkedin.com/groups/8128401
wth was this i thought & ignored it
then, accessing payload from GCP Secret Manager started to break
turns out data had been Base64URL encoded & not Base64
RFC 4648 sets the diff & it's those two: /+
not once was it hinted in egs or docs
have raised the issue with them now🤞
then, accessing payload from GCP Secret Manager started to break
turns out data had been Base64URL encoded & not Base64
RFC 4648 sets the diff & it's those two: /+
not once was it hinted in egs or docs
have raised the issue with them now🤞
November 8, 2024 at 7:05 AM
wth was this i thought & ignored it
then, accessing payload from GCP Secret Manager started to break
turns out data had been Base64URL encoded & not Base64
RFC 4648 sets the diff & it's those two: /+
not once was it hinted in egs or docs
have raised the issue with them now🤞
then, accessing payload from GCP Secret Manager started to break
turns out data had been Base64URL encoded & not Base64
RFC 4648 sets the diff & it's those two: /+
not once was it hinted in egs or docs
have raised the issue with them now🤞