InfoSanity Research Group
@infosanity.co.uk
Freelance Information Security Research Outfit; probing and prodding wherever looks interesting - care to follow us down a rabbit hole?.....
Wasn't sure on the plan when originally signing up for BlueSky (other than fleeing the $OtherPlace)
Needing to re-organise. So, splitting personas....
Stay here for professional(ish) InfoSec releases. For personal stuff and uneducated hot-takes, come find me @andrew.waitesworld.co.uk
Needing to re-organise. So, splitting personas....
Stay here for professional(ish) InfoSec releases. For personal stuff and uneducated hot-takes, come find me @andrew.waitesworld.co.uk
April 27, 2025 at 10:31 AM
Wasn't sure on the plan when originally signing up for BlueSky (other than fleeing the $OtherPlace)
Needing to re-organise. So, splitting personas....
Stay here for professional(ish) InfoSec releases. For personal stuff and uneducated hot-takes, come find me @andrew.waitesworld.co.uk
Needing to re-organise. So, splitting personas....
Stay here for professional(ish) InfoSec releases. For personal stuff and uneducated hot-takes, come find me @andrew.waitesworld.co.uk
Reposted by InfoSanity Research Group
This is cool af y’all
A lot of my infra workflows live in Slack threads, docs, or buried in shell history. That sucked.
I've been building Atuin Desktop. Local-first, CRDT-powered, executable runbooks - with integrated terminals, sql queries + monitoring
blog.atuin.sh/atuin-deskto...
Lmk if you have any questions <3
I've been building Atuin Desktop. Local-first, CRDT-powered, executable runbooks - with integrated terminals, sql queries + monitoring
blog.atuin.sh/atuin-deskto...
Lmk if you have any questions <3
April 23, 2025 at 12:44 AM
This is cool af y’all
Simple, because they still work
If they weren’t successfully achieving the goals of Threat Actors, TAs would move on. whilst they achieve the aim, why reinvent the wheel?
isc.sans.edu/diary/31880
If they weren’t successfully achieving the goals of Threat Actors, TAs would move on. whilst they achieve the aim, why reinvent the wheel?
isc.sans.edu/diary/31880
It's 2025... so why are obviously malicious advertising URLs still going strong? - SANS Internet Storm Center
It's 2025... so why are obviously malicious advertising URLs still going strong?, Author: Jan Kopriva
isc.sans.edu
April 21, 2025 at 1:34 PM
Simple, because they still work
If they weren’t successfully achieving the goals of Threat Actors, TAs would move on. whilst they achieve the aim, why reinvent the wheel?
isc.sans.edu/diary/31880
If they weren’t successfully achieving the goals of Threat Actors, TAs would move on. whilst they achieve the aim, why reinvent the wheel?
isc.sans.edu/diary/31880
Woohoo!
Tickets acquired - see you there
Tickets acquired - see you there
We opened our first proper drop of BSides Leeds tickets for 2025 today at 13:37 today. Most tickets already gone
21st June is this year's date
cfp still open for a few more days too...
www.eventbrite.co.uk/e/bsides-lee...
21st June is this year's date
cfp still open for a few more days too...
www.eventbrite.co.uk/e/bsides-lee...
BSides Leeds 2025
BSides Leeds 2025: A wicked gathering of cybersecurity enthusiasts in the heart of Leeds, showcasing the latest hacks and tech tricks!
www.eventbrite.co.uk
April 20, 2025 at 10:39 PM
Woohoo!
Tickets acquired - see you there
Tickets acquired - see you there
Reposted by InfoSanity Research Group
A Chinese APT left a server exposed and leaked its exploits
-Fortinet firewall and VPN exploit scripts
-A PHP-based webshell
-Network reconnaissance scripts
hunt.io/blog/keyplug...
-Fortinet firewall and VPN exploit scripts
-A PHP-based webshell
-Network reconnaissance scripts
hunt.io/blog/keyplug...
KeyPlug Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company
Briefly exposed KeyPlug infrastructure revealed Fortinet exploits, encrypted webshells, and recon scripts targeting Shiseido, a major Japanese enterprise. Learn more..
hunt.io
April 20, 2025 at 12:14 PM
A Chinese APT left a server exposed and leaked its exploits
-Fortinet firewall and VPN exploit scripts
-A PHP-based webshell
-Network reconnaissance scripts
hunt.io/blog/keyplug...
-Fortinet firewall and VPN exploit scripts
-A PHP-based webshell
-Network reconnaissance scripts
hunt.io/blog/keyplug...
I’ve watched the WayBack machine grow from interesting curiosity to cultural necessity.
In the darkness of misinformation, silent edits and rewriting of history, WayBack machine offers a light in the dark.
It needs protecting at all costs.
In the darkness of misinformation, silent edits and rewriting of history, WayBack machine offers a light in the dark.
It needs protecting at all costs.
📢 The Internet Archive needs your help.
At a time when information is being rewritten or erased online, a $700 million lawsuit from major record labels threatens to destroy the Wayback Machine.
Tell the labels to drop the 78s lawsuit.
👉 Sign our open letter: www.change.org/p/defend-the...
🧵⬇️
At a time when information is being rewritten or erased online, a $700 million lawsuit from major record labels threatens to destroy the Wayback Machine.
Tell the labels to drop the 78s lawsuit.
👉 Sign our open letter: www.change.org/p/defend-the...
🧵⬇️
April 20, 2025 at 2:01 PM
I’ve watched the WayBack machine grow from interesting curiosity to cultural necessity.
In the darkness of misinformation, silent edits and rewriting of history, WayBack machine offers a light in the dark.
It needs protecting at all costs.
In the darkness of misinformation, silent edits and rewriting of history, WayBack machine offers a light in the dark.
It needs protecting at all costs.
Reposted by InfoSanity Research Group
Can confirm that my NSF grant "How False Beliefs Form & How to Correct Them" was cancelled today because it is "not in alignment with current NSF priorities" Shocking that understanding how people are misled by false information is now a forbidden topic. Our work will continue but at a smaller scale
NSF has posted an “update on priorities.”
They’re canceling all “DEI and misinformation/disinformation” grants.
And the guidance on how to fulfill the longstanding, legally mandated Broadening Participation requirement is utterly incoherent.
www.nsf.gov/updates-on-p...
They’re canceling all “DEI and misinformation/disinformation” grants.
And the guidance on how to fulfill the longstanding, legally mandated Broadening Participation requirement is utterly incoherent.
www.nsf.gov/updates-on-p...
Updates on NSF Priorities
www.nsf.gov
April 18, 2025 at 10:40 PM
Can confirm that my NSF grant "How False Beliefs Form & How to Correct Them" was cancelled today because it is "not in alignment with current NSF priorities" Shocking that understanding how people are misled by false information is now a forbidden topic. Our work will continue but at a smaller scale
Downside of vacation: timezones, missed ticket release for @bsideschelt.bsky.social
Just keep my eyes open for the next release
Just keep my eyes open for the next release
April 18, 2025 at 11:49 AM
Downside of vacation: timezones, missed ticket release for @bsideschelt.bsky.social
Just keep my eyes open for the next release
Just keep my eyes open for the next release
Reposted by InfoSanity Research Group
Oh wow. This just in from a CISA spokesperson:
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
April 16, 2025 at 11:44 AM
Oh wow. This just in from a CISA spokesperson:
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
Reposted by InfoSanity Research Group
FFRDCs like MITRE only exist to do government contracting work. They are literally breaking critical infrastructure because the clowns at DOGE have no clue what's actually supposed to happen.
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 6:33 PM
FFRDCs like MITRE only exist to do government contracting work. They are literally breaking critical infrastructure because the clowns at DOGE have no clue what's actually supposed to happen.
Reposted by InfoSanity Research Group
Oh dear you’re going to want to read this. Looks like DOGErs were caught exfiltrating NLRB data, likely on unions, for private (seemingly Elony) use. This is must read. What we’ve all suspected. But now details. www.npr.org/2025/04/15/n...
A whistleblower's disclosure details how DOGE may have taken sensitive labor data
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.
www.npr.org
April 15, 2025 at 12:23 PM
Oh dear you’re going to want to read this. Looks like DOGErs were caught exfiltrating NLRB data, likely on unions, for private (seemingly Elony) use. This is must read. What we’ve all suspected. But now details. www.npr.org/2025/04/15/n...
Seen too many junior (and senior, tbf) devs blindly run what the LLM BS-Machine spits out, then troubleshoot from there.
Probably should have already been a control, but time to allowlist packages (or at least monitor) in the same vein as we (should) limit DNS, web and other external content?
Probably should have already been a control, but time to allowlist packages (or at least monitor) in the same vein as we (should) limit DNS, web and other external content?
1. LLM-generated code tries to run code from online software packages. Which is normal but
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
LLMs hallucinating nonexistent software packages with plausible names leads to a new malware vulnerability: "slopsquatting."
April 13, 2025 at 11:42 PM
Seen too many junior (and senior, tbf) devs blindly run what the LLM BS-Machine spits out, then troubleshoot from there.
Probably should have already been a control, but time to allowlist packages (or at least monitor) in the same vein as we (should) limit DNS, web and other external content?
Probably should have already been a control, but time to allowlist packages (or at least monitor) in the same vein as we (should) limit DNS, web and other external content?
Reposted by InfoSanity Research Group
I’m speaking up in support of @thekrebscycle.bsky.social & @sentinelone.com
Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country.
National security can’t afford the chilling effect on both public & private sector
www.lutasecurity.com/post/in-supp...
Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country.
National security can’t afford the chilling effect on both public & private sector
www.lutasecurity.com/post/in-supp...
In Support of Chris Krebs and SentinelOne
Chris Krebs and his current employer are under investigation. If the infosec community unites to speak up for our friends and colleagues and leaves politics out of it, we can help strengthen our share...
www.lutasecurity.com
April 12, 2025 at 6:41 PM
I’m speaking up in support of @thekrebscycle.bsky.social & @sentinelone.com
Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country.
National security can’t afford the chilling effect on both public & private sector
www.lutasecurity.com/post/in-supp...
Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country.
National security can’t afford the chilling effect on both public & private sector
www.lutasecurity.com/post/in-supp...
Reposted by InfoSanity Research Group
Expressing public support for Chris Krebs, Alex Stamos, and Renee DiResta.
They were doing their jobs.
And they should be celebrated, not vilified.
They were doing their jobs.
And they should be celebrated, not vilified.
April 12, 2025 at 10:15 PM
Expressing public support for Chris Krebs, Alex Stamos, and Renee DiResta.
They were doing their jobs.
And they should be celebrated, not vilified.
They were doing their jobs.
And they should be celebrated, not vilified.
Reposted by InfoSanity Research Group
The former was trying to protect themselves, so is the latter.
This is a very good point. I saw a ton of people on LinkedIn defend the Uber CISO after he got convicted… but almost nobody saying anything about Krebs.
April 12, 2025 at 5:29 PM
The former was trying to protect themselves, so is the latter.
Reposted by InfoSanity Research Group
The InfoSec industry needs to step up and push back against the USG’s moves here, which read like Soviet Russia.
Targeting Chris Krebs and his employer (and CISA) like this is appalling. Chris, a Republican if memory serves, was a great leader for CISA.
Targeting Chris Krebs and his employer (and CISA) like this is appalling. Chris, a Republican if memory serves, was a great leader for CISA.
The Trump administration is now going after its first cybersecurity company, stripping @sentinelone.com of "any active security clearance."
Will the infosec industry do any better than the legal industry in showing solidarity?
www.whitehouse.gov/fact-sheets/...
Will the infosec industry do any better than the legal industry in showing solidarity?
www.whitehouse.gov/fact-sheets/...
April 9, 2025 at 11:04 PM
The InfoSec industry needs to step up and push back against the USG’s moves here, which read like Soviet Russia.
Targeting Chris Krebs and his employer (and CISA) like this is appalling. Chris, a Republican if memory serves, was a great leader for CISA.
Targeting Chris Krebs and his employer (and CISA) like this is appalling. Chris, a Republican if memory serves, was a great leader for CISA.
Reposted by InfoSanity Research Group
Reposted by InfoSanity Research Group
If you work in DevOps read this post-mortem. If you don't work in DevOps, send this to your coworkers that do. Trust me, it's important they read this.
www.landh.tech/blog/2025021...
www.landh.tech/blog/2025021...
How We Hacked a Software Supply Chain for $50K - Lupin & Holmes
www.landh.tech
April 4, 2025 at 7:30 PM
If you work in DevOps read this post-mortem. If you don't work in DevOps, send this to your coworkers that do. Trust me, it's important they read this.
www.landh.tech/blog/2025021...
www.landh.tech/blog/2025021...
Reposted by InfoSanity Research Group
Today Microsoft announced Windows 11 will require a Microsoft account to create a local profile on the computer. They will be removing the bypass option available in the installation command prompt.
There will still be workarounds, but they're making it harder
There will still be workarounds, but they're making it harder
March 29, 2025 at 3:37 PM
Today Microsoft announced Windows 11 will require a Microsoft account to create a local profile on the computer. They will be removing the bypass option available in the installation command prompt.
There will still be workarounds, but they're making it harder
There will still be workarounds, but they're making it harder
Reposted by InfoSanity Research Group
I was on a security champion panel, “Security Champion Veterans Explain All.” with Dustin Lehr, Brook Schoenfield, Brendan Sheairs, and Chris Romeo! Check out the video!
My Panel: www.demosondemand.co...
All the panels: www.katilyst.com/res...
My Panel: www.demosondemand.co...
All the panels: www.katilyst.com/res...
March 28, 2025 at 4:09 AM
I was on a security champion panel, “Security Champion Veterans Explain All.” with Dustin Lehr, Brook Schoenfield, Brendan Sheairs, and Chris Romeo! Check out the video!
My Panel: www.demosondemand.co...
All the panels: www.katilyst.com/res...
My Panel: www.demosondemand.co...
All the panels: www.katilyst.com/res...
“As far as I know”
This is why folks that don’t know, should listen to folks that do know.
But the folks that know have all been fired (and re-hired, on administrative leave). And the folks that are left are familiar with Peter’ Principles & proud to be scoring high on the Dunning-Kruger scale….
This is why folks that don’t know, should listen to folks that do know.
But the folks that know have all been fired (and re-hired, on administrative leave). And the folks that are left are familiar with Peter’ Principles & proud to be scoring high on the Dunning-Kruger scale….
US Attorney General Pam Bondi tells Fox News: "I think Signal is a very safe way to communicate. I don't think foreign adversaries are able to hack Signal, as far as I know."
Astonishingly dumb thing to say.
Astonishingly dumb thing to say.
March 28, 2025 at 7:22 AM
“As far as I know”
This is why folks that don’t know, should listen to folks that do know.
But the folks that know have all been fired (and re-hired, on administrative leave). And the folks that are left are familiar with Peter’ Principles & proud to be scoring high on the Dunning-Kruger scale….
This is why folks that don’t know, should listen to folks that do know.
But the folks that know have all been fired (and re-hired, on administrative leave). And the folks that are left are familiar with Peter’ Principles & proud to be scoring high on the Dunning-Kruger scale….
Reposted by InfoSanity Research Group
A very Happy 15th of March to one and all.
March 15, 2025 at 7:24 AM
A very Happy 15th of March to one and all.