3 spider-men claiming the blockade

[un]prompted 2026 Share your videos with friends, family, and the world

[un]prompted 2026 videos are out today… Enjoy!!! youtube.com/playlist?lis...

BSidesSF 2026: 📕 Sandboxes, Seccomp, and Syscalls: Chas... View more about this event at BSidesSF 2026

My talk "Sandboxes, Seccomp, and Syscalls: Chasing Isolation in Kubernetes" was officially accepted for @BSidesSF! Pretty excited about this. See you there? sched.co/2E1hS

GitHub - beelzebub-labs/azazel: eBPF-powered silent observer for containerized runtimes, built for malware analysis sandboxes and Agentic AI monitoring. eBPF-powered silent observer for containerized runtimes, built for malware analysis sandboxes and Agentic AI monitoring. - beelzebub-labs/azazel

I have a visceral reaction to this stuff because we are repeating history. Keep them coming. The corpus grows.

github.com/beelzebub-la...

#100DaysofYARA - day 5
The Cert Graveyard project reports and documents abuse code-signing including Apple issued certificates.

When reporting a certificate, we want to ensure Apple has all the identifiers they need to investigate and act.

Rule at end
1/7

EKS Networking Deep Dive: How NATing Works with Worker Nodes in Public and Private Subnet In this post, we’ll see how NATing works in EKS when worker node is in Public or Private subnet. This topic comes up in AWS Networking…

medium.com/aws-in-plain...

Networking with EKS has layers that aren't immediately obvious. When a pod talks to an IP outside the VPC, does the traffic come from the pod IP, the node IP, or the NAT Gateway? It depends on where your nodes sit and how the VPC CNI is configured. (1️⃣/3️⃣)

🧵

My editor is probably going to ask me to change this sentence, so I'll share it with you.

"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."

The Linux Kernel is just a program: serversfor.dev/linux-inside...

GitHub - geomys/ct-archive: A directory of archived Certificate Transparency (CT) logs and tools to archive RFC 6962 and Static CT logs. A directory of archived Certificate Transparency (CT) logs and tools to archive RFC 6962 and Static CT logs. - geomys/ct-archive

If you want to help seed the Certificate Transparency archive (github.com/geomys/ct-ar...), there is now an RSS feed for your BitTorrent client! Don't forget to set unlimited seed ratio ✨

raw.githubusercontent.com/geomys/ct-ar...

Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out) Your home network might be part of someone else’s attack. GreyNoise IP Check shows if your IP’s been caught scanning the internet—free and private.

This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"

www.greynoise.io/blog/your-ip...

A berner enjoys her bed and last bits of a chew toy while avoiding the morning

Travel!? Business!? but it’s Sunday

Do you enjoy guzzling real-time TLS certificate allocations, but don't want to use a third-party service (crt.sh, CertStream, etc.)? Drink straight from the Certificate Transparency log firehose using ctail:

$ go run github.com/hdm/ctail@latest -f -m '^autodiscover\.'

github.com/hdm/ctail

Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access these portals. The pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable ...

Something something leading indicator
www.greynoise.io/blog/surge-p...

If you want to test out my YARA rule linting work use this PR: github.com/VirusTotal/y...

If you want to get the basic gist of it, this config file change has documentation on it: github.com/VirusTotal/y...

Just set it in your config file and use "yr check" for now.

Happy #100DaysOfYARA. ;)

as a new yorker if you’re looking for a great sando (after you’ve had an italian beef that is) and something to compare & contrast i’d highly recommend the montreal smoked meat in the french market. it was about 20 years ago, but i still have dreams about it. such a great food town across the board

get yourself a proper cracker thin instead of that abomination of a pie next time. your tastebuds and stomach will thank you. i’m sure @nedpyle.com has opinions on where, but pat’s or michael’s should do you right.

#100DaysofYARA day 1 - the Amos stealer is regularly evolving and updating its obfuscation techniques

You know what isn't changing?

the dylibs it depends on and the entitlements it requests from the OS. Combined, they give us excellent signal

github.com/100DaysofYAR...

Avoiding mistakes with AWS OIDC integration conditions | Wiz Blog Secure AWS OIDC integrations by avoiding common misconfigurations. Discover key IAM trust policy conditions for popular SaaS vendors to protect your cloud.

I looked at all the AWS OIDC integrations I could find to identify how they might be misconfigured and to understand the variations that different vendors have in how they set these up. www.wiz.io/blog/avoidin...

#100DaysofYARA 2025 edition begins tomorrow!

Any #CTI or #detectionengineering folks looking for a self-paced challenge to start the year with a laid back & fun community? Look no further!

The challenge is simple - write a YARA rule every day for 100 days

a man is singing and playing a guitar with the words have a happy happy happy happy hanukkah ALT: a man is singing and playing a guitar with the words have a happy happy happy happy hanukkah

Chag sameach