Finally got around to uploading my slides for Reflections on trusting Zero Trust (or why I have zero trust in Zero Trust) from BSides London 2021 […]

I'm currently looking to expand my social network and would love to get in touch with anyone in the "global south" (especially African countries) involved in #hamradio, wireless community networks, #FOSS or #OSHW development or the #maker and #hacker communities. I'd be very happy if anyone from […]

[meta]

For those that are upset about time, I've had an internal date rollover too. Hours are easy for me, it's years that are harder.

Interesting Git repos of the week:

Threats:

* https://github.com/deepfield/public-research - Nokia ERT's threat intel research

Detection:

* https://github.com/RogoLabs/VulnRadar - @jgamblin's tools for vulnerability intelligence on a budget
* https://github.com/cmu-sei/GHOSTS - a ghost with […]

Worth noting that after that paper's release I did further work and found examples that would yield code execution and LPE.

My original paper from 2013:

https://labs.portcullis.co.uk/download/MSAOSVSM.pdf

The number of places that are still potentially vulnerable to weak shared memory permissions...

codesearch.debian.net/search

Citrix oofise reaches primetime:

support.citrix.com/support-home/kbsearch/ar...

#netscaler, #threatintel

Interesting Git repos of the week:

Threats:

* https://github.com/deepfield/public-research - Nokia ERT's threat intel research

Detection:

* https://github.com/RogoLabs/VulnRadar - @jgamblin's tools for vulnerability intelligence on a budget
* https://github.com/cmu-sei/GHOSTS - a ghost with […]

Interesting links of the week:

Strategy:

* www.marisec.ca/reports/the-wrong-fix-wh... - an alternate view on prioritising the supply chain
* https://cybertoolkit.service.ncsc.gov.uk/ - so you're a small business and you want to improve your […]

Today's AI bullshit: "Yes, I know agentic AI is potentially unsafe, but can't we just run it in a container then it will be fine."

Interesting links of the week:

Strategy:

* www.marisec.ca/reports/the-wrong-fix-wh... - an alternate view on prioritising the supply chain
* https://cybertoolkit.service.ncsc.gov.uk/ - so you're a small business and you want to improve your […]

In which I get shout outs from the grsec crew:

https://x.com/spendergrsec/status/2037295088225636706

This piece of work remains one of my high water marks for security research. For all the bugs etc, doing something worthy of a grsec enhancement gives me a big smile.

Cheers @grsecurity folks.

“What can i get you?”

“Guinness Zero, please.”

“A lot of people drinking that now.”

“It’s really good. Uh, so what’s it like working in a documentary bar? Must be quieter than a sports bar and a boxing crowd”

“You’d think. Come back on Friday and watch the Cutting Edge Engineering crowd […]

Awkward questions of the day:

1) So have you secured the L2/L3 protocols used for HA?
2) How are you doing time for this highly segmented environment?
3) What's the naming convention that will be applied to systems in the new enclave?
4) Can AD really be a shared service if you're managing […]

Apparently we have a help desk operator with a surname/family name of NO LAST NAME :/

Coding with LLMs and agents is a generational opportunity to throw the last few decades of hard won lessons on secure coding and appsec out the window. Definitely something that trust and safety teams, threat actors and possibly even your parents are seizing on with glee when they bypass all of […]

Where it gets difficult tho' is defining correlation windows and representing behaviour across multiple indexes...

The correlation layer needs an uplift.

#detection, #engineering, #dataanalytics

[meta]

Drum''n'bass whilst I cook.

Fun morning discussing detection engineering in SPs. Fun afternoon, discussing architectural challenges in segmenting OT in power generation. Fun evening to be spent writing up a cyber exercise.

The joy of adversarial engineering.

Updated my @bsky.brid.gy ID to timb.me.uk \o/

DC4420 - March 2026 Edition Join us at DC4420 - March 2026 Edition for a night of hacking, tech, networking, and fun in the heart of the city!

Almost time for another @dc4420

www.eventbrite.com/e/dc4420-march-2026-edit...

#dc4420

Interesting links of the week:

Strategy:

* www.rand.org/pubs/research_reports/RR... - where next for Taiwan, China and the US?
* www.eurocontrol.int/event/2026-eu-mitre-attc... - @mitreattack community returns to Brussels
* […]

Interesting Git repos of the week:

Detection:

* https://github.com/Bimmiest/SplunkToolkit - test and refine your Splunk ETL
* https://github.com/Abjuri5t/IOC-Cartographer_TLP-CLEAR - tool from @Abjuri5t to generate Hilbert-Curve heat maps as well as domain tree graphs of IOCs
* […]

@timb-machine's mirrors @timb-machine's mirrors has 2349 repositories available. Follow their code on GitHub.

Of the approximately 2.4k projects under timb-machine-mirrors on GitHub where I archive interesting Git repos, approximately 2.3k have not yet been tainted by Claude:

github.com/orgs/timb-machine-mirror...

RE: infosec.exchange/@ollie_whitehouse/116266...

If you're not paying attention, you're missing out \/

Interesting links of the week:

Strategy:

* www.rand.org/pubs/research_reports/RR... - where next for Taiwan, China and the US?
* www.eurocontrol.int/event/2026-eu-mitre-attc... - @mitreattack community returns to Brussels
* […]

Interesting Git repos of the week:

Detection:

* https://github.com/Bimmiest/SplunkToolkit - test and refine your Splunk ETL
* https://github.com/Abjuri5t/IOC-Cartographer_TLP-CLEAR - tool from @Abjuri5t to generate Hilbert-Curve heat maps as well as domain tree graphs of IOCs
* […]

The only people who actively enjoy SharePoint:

www.cisa.gov/known-exploited-vulnerab...

#threatintel, #sharepoint