@adamshostack.bsky.social

Shipped a copy of this book that contains an entry from me to the library of congress. They accepted it as a donation for inclusion in their collection.

Ok, you can stop texting me, I saw the Ring ad. Troubling things about it 🧵:

-The long awaited (much warned about) intro of “AI” recognition. It starts w/ searching for a “brown dog” but means the tech is there for lisence plate reading, face recognition, searching for suspects by description, etc

-Chat & Ask AI leaks chatbot messages
-Nobel Committee investigates hack
-Data leak at the Ttareungyi bike-sharing service
-Comcast agrees to $117.5m settlement over 2023 breach
-Aperture Finance and SwapNet get hacked
-NVIDIA RTX comes to Linux
-Tor Browser gets vandalized
-US investigates WhatsApp

www.akamai.com/blog/securit... command injection in vivotek camera firmware

I've been looking at legacy IOT camera firmware checking for command injection vulnerabilities -> www.akamai.com/blog/securit...

At 50 years old I put my foot on a skate board after not touching one for 20+ years and it felt like peering into death's face.

Science is under attack! 🚨 Join Bill Nye and thousands of science supporters in fighting back against this anti-science administration. Your voice matters!

➡️ act.ucsusa.org/41Eqmxm

CyberScoop 50 reveals 2025 winners; honors Amit Yoran with lifetime award The cybersecurity world stands immeasurably stronger because of the vision, expertise, and leadership of Amit Yoran. Throughout his distinguished career, Amit fundamentally shaped the field of cyberse...

Honored to be named an Industry Visionary in the 2025 #CyberScoop50.

Special respect to Amit Yoran, who was posthumously awarded Lifetime Achievement. Amit’s vision & integrity shaped our industry. Many of us followed his lead, myself included. His example endures.

cyberscoop.com/cyberscoop-5...

Nope. never heard of it. haha

TIL there is professional pillow fighting.

I witnessed hacker history @biascilab #hackers #hackerhistory #infosec #cultofthedeadcow YouTube video by Maxtheautowolf

witnessed a new member joining the #cDc tonight! @biascilab.bsky.social youtube.com/shorts/kg7Qh... #defcon

I started kindergarten a year early (age 4) because I watched sesame street and PBS children’s programs in general as a child.

I’ll be at Defcon this year.

Trump is delusional as usual the world is always laughing at him.

Neat phishing campaign sending out docusign requests redirecting to a fake apple icloud login page

Avocados are like schrödinger’s cat.

DOGE bro Kyle Schutt's computer infected by malware, credentials found in stealer logs Kyle Schutt is a 37 year old "DOGE software engineer," according to ProPublica. In February, Drop Site News reported that he gained access to FEMA's "core financial management system." His computer wa...

@micahflee.com gets the goods.

If this doesn’t tell you how unserious the current administration is about Security then I don’t know what will.

micahflee.com/doge-bro-kyl...

PhD Timeline xkcd.com/3081

fawn in my yard

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year Unpatched Edimax IC-7100 flaw (CVE-2025-1316) exploited for Mirai botnet malware since May 2024, enabling DDoS attacks via default credentials.

thehackernews.com/2025/03/unpa...

I can’t even anymore. I am so fed up.

How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown by Phillip Wylie Show About The Guest: FC Barker aka Freakyclown is an ethical hacker and professional cyber criminalist with over three decades of experience. He is the co-founder of Sygenta, a company that specializes in ethical hacking and penetration testing. Freakyclown has a background in offensive cyber research and has worked for major defense firms. Summary:Freakyclown shares his experience as an ethical hacker and professional cyber criminalist. He discusses the type of pen testing he does, which goes beyond the typical cookie-cutter approach. He emphasizes the importance of manual work and understanding the foundations of hacking. Freakyclown also talks about the evolution of hacking over the years and the changes he has witnessed. He provides advice for those interested in getting into offensive security, including participating in CTFs and bug bounty programs. Freakyclown also talks about his new book, "How I Rob Banks," which shares anecdotes and tips from his career in physical pen testing. Key Takeaways: Ethical hacking goes beyond automated tools and requires manual work and understanding of the foundations. The barrier to entry in offensive security has lowered, but the threat landscape has expanded. Participating in CTFs and bug bounty programs is a great way to gain skills and experience in offensive security. Freakyclown's book, "How I Rob Banks," provides entertaining anecdotes and tips from his career in physical pen testing. Freakyclown resources: https://twitter.com/_Freakyclown_ https://www.linkedin.com/in/freakyclown/ https://www.cygenta.co.uk/ How I Rob Banks book: https://www.wiley.com/en-us/How+I+Rob+Banks%3A+And+Other+Such+Places-p-9781119911517

How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown podcasters.spotify.c...

I’m sorry. You can’t conduct “peace talks” with Russia over its invasion of Ukraine without Ukraine at the table.

🙄

a man in a helmet is saying `` bring out your dead '' while standing in the rain . ALT: a man in a helmet is saying `` bring out your dead '' while standing in the rain .

Now that RFK Jr. is confirmed as HHS Secretary, and with the bird flu moving toward becoming a pandemic, we can all look forward to this:

I personally will continue to use "Gulf of Mexico" because our president is a wrathful felonious nincompoop with the intellect of paramecium and I do not consent to his cartographic buffoonery

Encyclopædia Britannica will continue to use ‘Gulf of Mexico’ for a few reasons:

-We serve an international audience, a majority of which is outside the U.S.

-The Gulf of Mexico is an international body of water, and the U.S.’s authority to rename it is ambiguous.
🧵⬇️

Analyzing ELF/Sshdinjector (IoT bot) with r2ai.

Really helpful and time save to use AI (with r2ai) for analysis *but* use it with a non-AI decompiler side by side:

1. To direct the AI
2. To spot more easily hallucinations or extrapolations.

www.fortinet.com/blog/threat-...

#r2ai #IoT #botnet #AI

A file would be cool.