Your data is everywhere. The government is buying it without a warrant Data brokers buy up huge amounts of information from cell phones and browsers to sell for targeted advertising. But the government, including ICE, also buys the data.

No really, I am not kidding when I say that the data broker industry must be destroyed: www.npr.org/2026/03/25/n...

I laughed

Your Next Incident Won't Have a CVE HD Moore dissects why your next breach won’t be tied to a CVE and reveal why your security stack is failing you through the lens of an attacker.

Wondering how and why your vulnerability management tools are failing you? My talk
"Your Next Incident Won't Have a CVE" is now live at www.runzero.com/resources/yo...

PS. runZero shipped coverage for Nutanix this week

Kill the bird. Save the world.

meme that reads: "Not cracking down on social media companies and all the dis/misinformation they carry is going to harm human society more than nuclear weapons ever did, change my mind"

Very excited to check it out. Cya there!

Ok fellas... Let me teach you a nice trick... For 10$ you can get this and turn it in a portable microscope for inspecting PCBs #HardwareHacking #ProTip

You are welcome 👍😎

Motherfucker.

dark times indeed, but still laughing that one of the week’s big stories was an Chinese AI company being like “oh a bullshit machine? we can make that, no problem” and it blew up the stock market

RVAsec 14 Registration Now Open! - RVAsec Tickets for RVAsec 2025 are now on sale! Registration for the RVAsec 14 security conference, located in Richmond, Virginia, is only $275 (to start) for two full days of talks, meals, snacks, drinks, reception, after party, prizes, a capture the flag

RVAsec 2025 tickets are available now at the regular price! Buy now before the price increases again.

The takeover of Twitter was a preview of what we're all living with now and a stark example of why you can't let any one person have too much money: they go insane and make themselves everybody's problem

Remy shares his experience building custom hardware for a scalable Bluetooth Low Energy (BLE) survey, discussing problems encountered, and providing a replicable solution that the audience can implement for approximately $100 (no soldering required). The presentation begins with a brief overview of high-level patterns observed in collected real-world data from this hardware, followed by a detailed methodology for remotely identifying Bluetooth devices by using the Generic Attribute Profile (GATT) signatures of the device’s companion Android apps. To demonstrate the practical applications of this research, Remy showcases how real-world data and remote identifications were used to locate a specific device "out of thin air." This demonstration culminates in highlighting a critical vulnerability: achieving remote code execution on a high-end router and issuing a call to action for collaborative Bluetooth research on real world data.

I'll be speaking at @districtcon.bsky.social !

We're gonna build custom Bluetooth hardware for $100 (no soldering required), learn well-informed shortcuts for remote identification, oblique strategies for exploitation, and pop some shells.

Wanna learn why DoS is dangerous again? Come join!

💬 Discover the essence of secure coding in "Alice and Bob Learn Secure Coding." Embrace a holistic approach to writing secure code that stands the test of time. Secure your copy today! shehackspurple.ca/bo...

YOUR COMPANY CULTURE IS NOT WORDS ON YOUR WEBSITE OR POSTERS ON THE WALL. IT'S HOW YOUR PEOPLE FEEL ON A SUNDAY NIGHT.

Truth.

RVAsec 14 Registration Now Open! - RVAsec Tickets for RVAsec 2025 are now on sale! Registration for the RVAsec 14 security conference, located in Richmond, Virginia, is only $275 (to start) for two full days of talks, meals, snacks, drinks, reception, after party, prizes, a capture the flag

RVAsec 14 Registration is open! Don't miss the early-bird rate of $275--a $100 discount!

We also again have the hotel package which includes 2 nights at the hotel & is the only way to guarantee an electronic badge from HackRVA! #Cyber #Conference #RVA

Tickets are live! www.eventbrite.com/e/districtco...

I did a blog instead of working on my projects again. This time a maldev blog talkin' about PE runtime decryption and other ways to be an asshole to the analyst. amethyst.systems/blog/posts/v... #infosec #malware

As there's more people showing up here who are into Web Application Security and I couldn't find an existing starter pack for it, I decided to create one :)

If you do webappsec stuff and want added ping me :)

go.bsky.app/NB1hgC

This place seems nicer.