Tim (Wadhwa-)Brown :donor:
@timb-machine.infosec.exchange.ap.brid.gy
push(@fediverse, "Adversarial Engineer"); # i hack in Perl
🌉 bridged from ⁂ https://infosec.exchange/@timb_machine, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://infosec.exchange/@timb_machine, follow @ap.brid.gy to interact
Pinned
fediverse-lists/lists.csv at main · timb-machine/fediverse-lists
Public version of my fediverse follower lists. Contribute to timb-machine/fediverse-lists development by creating an account on GitHub.
github.com
I bet some of you will disagree and/or be surprised about the list I have you added to (there are some lists I don't export), but:
https://github.com/timb-machine/fediverse-lists/blob/main/lists.csv
#followpacks
https://github.com/timb-machine/fediverse-lists/blob/main/lists.csv
#followpacks
Reposted by Tim (Wadhwa-)Brown :donor:
I was recently reminded of this.
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical lock, which I published in IEEE Security and […]
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical lock, which I published in IEEE Security and […]
Original post on federate.social
federate.social
December 29, 2025 at 1:41 AM
I was recently reminded of this.
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical lock, which I published in IEEE Security and […]
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical lock, which I published in IEEE Security and […]
Reposted by Tim (Wadhwa-)Brown :donor:
Want to invest in developing economies in an ethical manner?
That time of the month where I am reminded and am reminding you about:
https://lendwithcare.org/referral/9BFUMA
#ethicalloans, #payforwards
That time of the month where I am reminded and am reminding you about:
https://lendwithcare.org/referral/9BFUMA
#ethicalloans, #payforwards
Microfinance from CARE International UK
CARE International's microfinance lending initiative
lendwithcare.org
September 26, 2025 at 7:37 PM
Want to invest in developing economies in an ethical manner?
That time of the month where I am reminded and am reminding you about:
https://lendwithcare.org/referral/9BFUMA
#ethicalloans, #payforwards
That time of the month where I am reminded and am reminding you about:
https://lendwithcare.org/referral/9BFUMA
#ethicalloans, #payforwards
I wonder if the reason we haven't had any of God's representatives in a while is, well, if you invented humans, would you still be bothering to invest time in the project? Imagine when you meet your peer Gods at conferences, must be dead embarrassing.
#microfiction
#microfiction
December 28, 2025 at 6:27 PM
I wonder if the reason we haven't had any of God's representatives in a while is, well, if you invented humans, would you still be bothering to invest time in the project? Imagine when you meet your peer Gods at conferences, must be dead embarrassing.
#microfiction
#microfiction
@zackwhittaker has https://this.weekinsecurity.com/, but I think it's a crying shame that there is not also https://this.weeksinsecurity.com/ to tell people about the latest whoops.
~this week in security~
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.
this.weekinsecurity.com
December 28, 2025 at 6:14 PM
@zackwhittaker has https://this.weekinsecurity.com/, but I think it's a crying shame that there is not also https://this.weeksinsecurity.com/ to tell people about the latest whoops.
Groups I actively donate to (and you might like to too):
* Wikimedia: https://donate.wikimedia.org/w/index.php?title=Special:LandingPage&country=GB&uselang=en-gb&wmf_medium=spontaneous&wmf_source=fr-redir&wmf_campaign=spontaneous
* OpenBSD: https://www.openbsd.org/donations.html
* Lend With […]
* Wikimedia: https://donate.wikimedia.org/w/index.php?title=Special:LandingPage&country=GB&uselang=en-gb&wmf_medium=spontaneous&wmf_source=fr-redir&wmf_campaign=spontaneous
* OpenBSD: https://www.openbsd.org/donations.html
* Lend With […]
Original post on infosec.exchange
infosec.exchange
December 28, 2025 at 1:33 PM
Groups I actively donate to (and you might like to too):
* Wikimedia: https://donate.wikimedia.org/w/index.php?title=Special:LandingPage&country=GB&uselang=en-gb&wmf_medium=spontaneous&wmf_source=fr-redir&wmf_campaign=spontaneous
* OpenBSD: https://www.openbsd.org/donations.html
* Lend With […]
* Wikimedia: https://donate.wikimedia.org/w/index.php?title=Special:LandingPage&country=GB&uselang=en-gb&wmf_medium=spontaneous&wmf_source=fr-redir&wmf_campaign=spontaneous
* OpenBSD: https://www.openbsd.org/donations.html
* Lend With […]
Last game of the 2025 and we have Bournemouth at home. Be nice to end the year with a win. But first, fry up and Pride.
#brentfordfc
#brentfordfc
December 27, 2025 at 8:59 AM
Last game of the 2025 and we have Bournemouth at home. Be nice to end the year with a win. But first, fry up and Pride.
#brentfordfc
#brentfordfc
Reposted by Tim (Wadhwa-)Brown :donor:
Interesting links of the week:
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Original post on infosec.exchange
infosec.exchange
December 26, 2025 at 8:39 PM
Interesting links of the week:
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Reposted by Tim (Wadhwa-)Brown :donor:
Interesting Git repos of the week:
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Original post on infosec.exchange
infosec.exchange
December 26, 2025 at 8:17 PM
Interesting Git repos of the week:
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Interesting links of the week:
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Original post on infosec.exchange
infosec.exchange
December 26, 2025 at 8:39 PM
Interesting links of the week:
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Strategy:
* https://mindfulrights.rf.gd/human-rights-and-surveillance-assessment-toolkit/ - assessing human rights
* https://ncsguide.org/ncs-guide-2025/ -developing a national strategy for cyber defence
* […]
Interesting Git repos of the week:
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Original post on infosec.exchange
infosec.exchange
December 26, 2025 at 8:17 PM
Interesting Git repos of the week:
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
Detection:
* https://github.com/cisagov/LME - hard fork of NCSC's Logging Made Easy
* https://github.com/MSCloudInternals/XDRInternals - automating Defender XDR
* https://github.com/Pinperepette/MacPersistenceChecker - persistence checks for OS X
* […]
[meta]
Absolutely stuffed on a combination of traditional Indian starters and a big old lamb and ham roast finished off with mince pies!
Absolutely stuffed on a combination of traditional Indian starters and a big old lamb and ham roast finished off with mince pies!
December 25, 2025 at 9:24 PM
[meta]
Absolutely stuffed on a combination of traditional Indian starters and a big old lamb and ham roast finished off with mince pies!
Absolutely stuffed on a combination of traditional Indian starters and a big old lamb and ham roast finished off with mince pies!
Ice cream thought: Anyone tried Asimov's 3 laws as a system prompt/guard rails for generative AI?
December 21, 2025 at 8:14 PM
Ice cream thought: Anyone tried Asimov's 3 laws as a system prompt/guard rails for generative AI?
Generalised reminder that using CEF or similar as the basis for a UI if users have the ability to control content in unexpected ways is probably a bad idea.
December 20, 2025 at 9:28 PM
Generalised reminder that using CEF or similar as the basis for a UI if users have the ability to control content in unexpected ways is probably a bad idea.
Trying to get LLM to output large continuous strings with no white space is fun. How am I going to get them to corrupt their internal heaps or stacks?
December 20, 2025 at 11:29 AM
Trying to get LLM to output large continuous strings with no white space is fun. How am I going to get them to corrupt their internal heaps or stacks?
[meta]
Shall I bug hunt this holiday?
Shall I bug hunt this holiday?
December 19, 2025 at 9:01 PM
[meta]
Shall I bug hunt this holiday?
Shall I bug hunt this holiday?
Reposted by Tim (Wadhwa-)Brown :donor:
Interesting links of the week:
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Original post on infosec.exchange
infosec.exchange
December 18, 2025 at 8:14 PM
Interesting links of the week:
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
[meta]
Post-work beer.
Post-work beer.
December 19, 2025 at 8:48 PM
[meta]
Post-work beer.
Post-work beer.
Well, that didn't take long:
https://github.com/rapid7/metasploit-framework/pull/20792
cc: @rk
#threatintel, #oneview
https://github.com/rapid7/metasploit-framework/pull/20792
cc: @rk
#threatintel, #oneview
Add unauth RCE exploit module for HPE OneView (CVE-2025-37164) by sfewer-r7 · Pull Request #20792 · rapid7/metasploit-framework
Overview This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise (HPE) OneView. All versions below 11.00 are vulnerable (so long as the vendor ...
github.com
December 19, 2025 at 6:31 PM
Well, that didn't take long:
https://github.com/rapid7/metasploit-framework/pull/20792
cc: @rk
#threatintel, #oneview
https://github.com/rapid7/metasploit-framework/pull/20792
cc: @rk
#threatintel, #oneview
Reposted by Tim (Wadhwa-)Brown :donor:
Winding down to PTO and there are exactly 2 interesting links this week:
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
GitHub - Kicksecure/privleap: Limited Privilege Escalation Framework
Limited Privilege Escalation Framework. Contribute to Kicksecure/privleap development by creating an account on GitHub.
github.com
December 17, 2025 at 7:29 PM
Winding down to PTO and there are exactly 2 interesting links this week:
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
Today in terrible British driving:
Pissing it down, on the M1 (one of the busiest motorways we have), sign flashes up "20, oncoming vehicle", response from the Great British driving public... Hit the accelerator in a manner that an in his prime Lewis Hamilton would have been proud of […]
Pissing it down, on the M1 (one of the busiest motorways we have), sign flashes up "20, oncoming vehicle", response from the Great British driving public... Hit the accelerator in a manner that an in his prime Lewis Hamilton would have been proud of […]
Original post on infosec.exchange
infosec.exchange
December 18, 2025 at 11:41 PM
Today in terrible British driving:
Pissing it down, on the M1 (one of the busiest motorways we have), sign flashes up "20, oncoming vehicle", response from the Great British driving public... Hit the accelerator in a manner that an in his prime Lewis Hamilton would have been proud of […]
Pissing it down, on the M1 (one of the busiest motorways we have), sign flashes up "20, oncoming vehicle", response from the Great British driving public... Hit the accelerator in a manner that an in his prime Lewis Hamilton would have been proud of […]
Reposted by Tim (Wadhwa-)Brown :donor:
If you find the fediverse useful, don’t forget to support your instance (assuming they accept support). While the software is free, running instances is far from it. I am glad to be part of the community and want to see it continue on as a viable alternative. Thank you all for being here and I […]
Original post on infosec.exchange
infosec.exchange
December 18, 2025 at 7:52 PM
If you find the fediverse useful, don’t forget to support your instance (assuming they accept support). While the software is free, running instances is far from it. I am glad to be part of the community and want to see it continue on as a viable alternative. Thank you all for being here and I […]
Interesting links of the week:
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Original post on infosec.exchange
infosec.exchange
December 18, 2025 at 8:14 PM
Interesting links of the week:
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Strategy:
* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who […]
Any of the @offsec folks on here?
December 18, 2025 at 7:47 PM
Any of the @offsec folks on here?
Winding down to PTO and there are exactly 2 interesting links this week:
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
GitHub - Kicksecure/privleap: Limited Privilege Escalation Framework
Limited Privilege Escalation Framework. Contribute to Kicksecure/privleap development by creating an account on GitHub.
github.com
December 17, 2025 at 7:29 PM
Winding down to PTO and there are exactly 2 interesting links this week:
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research
Exploitation:
* https://github.com/Kicksecure/privleap - another sudo alternative
* https://github.com/CroodSolutions/CTRL-ESC-HOST - escape to host flaws
#security, #code, #research