FOSDEM was surprisingly good, shout out to @smaury.bsky.social , @ostifofficial.bsky.social and the others I have no handle of!
01.02.2026 18:42
👍 1
🔁 0
💬 1
📌 0
FOSDEM was surprisingly good, shout out to @smaury.bsky.social , @ostifofficial.bsky.social and the others I have no handle of!
Is this thing here still alive? Logged in for the first time after some months.
0-prompt RCE
Not only is each stack like AWS we will encounter incredibly complex on its own, we will have to move laterally between all of them. This will be an impossible task without proper automation and even non-bs AI support (see the Nemesis MCP servers I wrote about last month)..this week will be fun!
We’re going to run a live exercise this week against a defensive team from a bigger zero trust platform. This involves nearly anything you can find in modern cloud tech stacks, from Octa to GitHub to AWS….It’s fun packing “gear”, and I mean software and tools here to run proper escalations.
ChatGPT was mostly irrelevant for security except for improving phishing pretexts - AI agents on the other hand are very much relevant!
Two thoughts on the Signal Gate:
1. They apparently did not verify Signal contacts’ safety numbers, allowing easy MiTM
2. It’s easy to inject a number into a phone’s contact list or change it
Combine both and you got a way to subvert secure communications without having a 0day for Signal!
Let’s break some LLMs today!
"Your malware is fake!" That's correct. Here's a small tool to generate payloads out of YARA rules: github.com/persistent-s...
We use it as part of a testsuite for detection & monitoring.
Already leaving nullcon Goa, I’ll be back for sure! Thank you everyone for the good talks and especially our trainees for working hard on their AppSec skills.
www.youtube.com/watch?v=5wIO...
If you are interested in music production and also nerding in old school software scenes, this is an absolute speedrun of sound generation software you’ve never even heard of!
Yup
100% the same for me! I wouldn’t want to work with my younger version. Fixing security vulnerabilities is much easier if you’re ignorant about justified complexities.
A version of Missile Command for the Commodore 64 where the bottom of your screen is the game state in memory and missiles cause memory corruption: csdb.dk/release/?id=....
In the video below, a missile broke my controls and caused my cursor to get stuck moving down and to the left.
So this thing here is actually taking off, any tips who to follow for serious Infosec news?
That’s straight forward outside the box thinking about lateral movement!
Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage
