I really love breaking into buildings, but when clients have asked me about the specific threat model, I haven't had a great answer. Here's my attempt at figuring it out.
empiricsecurity.substack.com/p/oceans-ele...
Oh, this? Yeah, I only use AI on the command line. Iβm a bit of a power user. ChatGPT? Iβve heard of it, but Claude just sort of gets me, you know? Plus it understands my Vim commands, so the mental load is almost nonexistent. Vim? Yeah, hard to explain, you might be better off with the web UI.
- Key Steps to Ensuring Your Purple Team Fails Miserably
- Guerrilla Metric Reporting Warfare for Technical Teams
- The Only Difference Between Felons and Professionals is Getting Caught
- There's Always a Bigger Phish: Internal Messaging as Forbidden Fruit
Spicy blog drafts I've had in the hopper for a long time:
- How to Fool Your PCI Auditor and Get That Bag
- Continuous Pentesting or Just Continuous Vulnerability Management?
- Your Executives Make Phishing Easier For Me and My Friends
- A Song of Supply Chains and Drive-By 0-days
If @bsky.app could add TOTP as an MFA option instead of emailing me a code that is not only case sensitive but doesn't use a font that clearly differentiates between uppercase O and the number 0, that would be fantastic.
stop being so conscientious and considerate, this is infosec
Weβve all seen it: the "compliance-first" mindset that checks every box while leaving the front door wide open, but out of scope.
If youβre tired of the theatre and actually want to move the needle, give this a read.
empiricsecurity.substack.com/p/how-shadow...
One more stressful event away from making disappearing into the woods part of my personality
Have you guys checked out your Kroger 2025 Wrapped yet
beep beep boop
Some of the best hackers I know still manage to overestimate their expertise in completely unrelated fields, medical science being a big one. I can go from soaking in some arcane tech wisdom to fielding batshit takes about vaccines in the span of a few seconds with some of you guys. Why?
Every time I go on a podcast as a guest, I spend the next 24 hours trying to remember if I said anything painfully stupid that will tank my career.
Does Bluesky really still not support TOTP? Can I stop having to copy a code from my email and remove the backticks that it includes?
STOP CALLING IT VISHING AND SMISHING
YOU SOUND LIKE A FUCKING TODDLER BABBLING NONSENSE
ITS PHISHING OR SOCIAL ENGINEERING
REEEEEEEEE
Watch out for people who take your personal growth personally.
Working on a conference talk
"nano is for babies" - crontab
ISACA Atlanta is hosting 404con, a technical security conference, on October 14th and 15th, and they're looking for talk submissions for the hacking track. If you live in the area and would like to speak, check out the link below!
It's a personal conviction of mine that, for how much of the tech industry operates out of Atlanta, there is a serious lack of quality security conferences and communities. But I know some people trying to change that.
Most fun I've ever had speaking at a conference, hands down. If you were there at @wildwesthackinfest.bsky.social , you were the best audience a guy could hope for.
www.youtube.com/watch?v=Vrtp...
I would simply write memory-safe code
Laptop numpads are psychotic, why do I have to overextend my right shoulder just to type
Finally getting around to watching Chernobyl and all I see is a bunch of MBAs making fun of technical experts and high-fiving
If there's anything I can count on BlueSky for, it's showing me all of the stuff I've painstakingly worked to not have to look at on Twitter.
"In addition, ChatGPT doesnβt just itself fail to recognize the difference between fact and fiction, it presents these answers to people who are themselves unable to discern the difference."
lmnt.me/blog/the-dys...
A little tired of getting random junk in conference "swag bags", can I opt out? I don't need fifty branded drawstring bags that I'm just going to donate and might eventually end up in a landfill.
iPad babies can be any age.
Hey Gemini, which spreadsheet does this company store passwords in
