Ian Campbell
@neurovagrant.bsky.social
Security ops engineer and investigator @ DomainTools, writer, voracious reader. he/him. Opinions here mine only. Autistic/depressed/anxious/hungry. https://dti.domaintools.com
Pinned
RDAP and BGP in Investigative Journalism - DomainTools | Start Here. Know Now.
One of the things we’re most proud of at DomainTools is our Grants program. We offer free access and training to investigative journalists, as well as security researchers involved in community-benefi...
www.domaintools.com
DomainTools Investigations worked with OSINT analysts & journalists to help uncover the connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.
Technical writeup below!
www.domaintools.com/resources/bl...
Technical writeup below!
www.domaintools.com/resources/bl...
My team's Great Firewall dump deep dive part 2, on the GFW technical infrastructure, is now up!
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
Inside the Great Firewall Part 2: Technical Infrastructure - DomainTools Investigations | DTI
See the Great Firewall's technical blueprint. DomainTools Investigations details the TSG core, packet interception methods, and routines that detect tools like V2Ray/Psiphon.
dti.domaintools.com
November 6, 2025 at 8:16 PM
My team's Great Firewall dump deep dive part 2, on the GFW technical infrastructure, is now up!
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
Reposted by Ian Campbell
And a quick crop on one of those for detail
November 6, 2025 at 4:34 AM
And a quick crop on one of those for detail
This is such a good listen - Aitel's an eloquent pro-AI voice, and Ryan Naraine provides the perfect pushback on just how much marketing is involved in AI versus actual impact.
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, fi...
securityconversations.fireside.fm
November 6, 2025 at 5:21 PM
This is such a good listen - Aitel's an eloquent pro-AI voice, and Ryan Naraine provides the perfect pushback on just how much marketing is involved in AI versus actual impact.
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
Reposted by Ian Campbell
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
Reposted by Ian Campbell
if you're ever Photoshopping your own face into the smoke of the Twin Towers, Adobe should have a pop-up that says "are you sure that whatever it is you're doing is a good idea"
November 5, 2025 at 6:45 PM
if you're ever Photoshopping your own face into the smoke of the Twin Towers, Adobe should have a pop-up that says "are you sure that whatever it is you're doing is a good idea"
Reposted by Ian Campbell
Yeah, no shit, mastodon, you judgey bitch.
November 5, 2025 at 3:11 PM
Yeah, no shit, mastodon, you judgey bitch.
Continues to be a joy to watch Knostic work.
A JavaScript injection attack on Cursor, facilitated by a malicious extension, can take over the IDE and the developer workstation 🧵 www.knostic.ai/blog/demonst...
Deep Dive: Cursor Code Injection Runtime Attacks
Demonstrating code injection in VS Code and Cursor: exploitation vectors, real examples, and practical defenses for developers.
www.knostic.ai
November 5, 2025 at 12:08 PM
Continues to be a joy to watch Knostic work.
The way through is solidarity.
November 5, 2025 at 6:39 AM
The way through is solidarity.
Reposted by Ian Campbell
Mamdani: My friends, we have toppled a political dynasty. I wish Andrew Cuomo only the best in private life. But let tonight be the final time I utter his name.
November 5, 2025 at 4:26 AM
Mamdani: My friends, we have toppled a political dynasty. I wish Andrew Cuomo only the best in private life. But let tonight be the final time I utter his name.
Reposted by Ian Campbell
What movie do you consider perfect?
October 31, 2025 at 10:35 AM
What movie do you consider perfect?
I was giving a talk on DNS and domain intel and one q involved whether the work causes you to be targeted by threat actors. I gave a few examples then of direct targeting I’ve seen, but this is a great writeup about some targeting on platform and institutional levels.
www.sans.org/blog/for589-...
www.sans.org/blog/for589-...
FOR589 Blog: Cybercrime Counterintelligence
Cybercrime counterintelligence operations pose a significant threat to investigations and the reputation and trust of organizations.
www.sans.org
October 31, 2025 at 12:30 AM
I was giving a talk on DNS and domain intel and one q involved whether the work causes you to be targeted by threat actors. I gave a few examples then of direct targeting I’ve seen, but this is a great writeup about some targeting on platform and institutional levels.
www.sans.org/blog/for589-...
www.sans.org/blog/for589-...
My ability to even has ceased.
I am all odd from here on out.
I am all odd from here on out.
October 30, 2025 at 10:57 PM
My ability to even has ceased.
I am all odd from here on out.
I am all odd from here on out.
NEW, from DomainTools Investigations, today: Inside the Great Firewall Part 1: The Dump
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI
Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.
dti.domaintools.com
October 30, 2025 at 7:19 PM
NEW, from DomainTools Investigations, today: Inside the Great Firewall Part 1: The Dump
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
New sanctions out today on the Bhardwaj Human Smuggling Operation (Mexico, Dubai, India)
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
ofac.treasury.gov
October 30, 2025 at 2:37 PM
New sanctions out today on the Bhardwaj Human Smuggling Operation (Mexico, Dubai, India)
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
“But the shitposters, man. No one expected it would be the shitposters that saved us.”
-Interview from a future history
-Interview from a future history
October 30, 2025 at 9:40 AM
“But the shitposters, man. No one expected it would be the shitposters that saved us.”
-Interview from a future history
-Interview from a future history
Listen. We had “Don’t get high on your own supply” from at least back to elementary school and it wasn’t that difficult of a concept.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
October 29, 2025 at 10:21 PM
Listen. We had “Don’t get high on your own supply” from at least back to elementary school and it wasn’t that difficult of a concept.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
In the last year of Trump's first term, the US directed a cyberattack at Maduro's government, completely disabling the Venezuelan intelligence service systems.
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term. Now the US is flexing its military might | CNN Politics
In the final year of President Donald Trump’s first administration, the CIA carried out a clandestine cyberattack against the Venezuelan government, disabling the computer network used by Venezuelan l...
www.cnn.com
October 29, 2025 at 2:37 PM
In the last year of Trump's first term, the US directed a cyberattack at Maduro's government, completely disabling the Venezuelan intelligence service systems.
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
Bwahahaha
Had a shiny investigational object dangled in front of me.
Significant indicator that tracks back to…
…minecraft beef.
Had a shiny investigational object dangled in front of me.
Significant indicator that tracks back to…
…minecraft beef.
October 28, 2025 at 11:54 PM
Bwahahaha
Had a shiny investigational object dangled in front of me.
Significant indicator that tracks back to…
…minecraft beef.
Had a shiny investigational object dangled in front of me.
Significant indicator that tracks back to…
…minecraft beef.
I just...
I don't know what's up with this timeline. But it's all the stupidest, most blatant bullshit, all one after another, and I am so tired.
So: sure. Infected monkeys escape and run amok. Whatever.
journa.host/@w7voa/11545...
I don't know what's up with this timeline. But it's all the stupidest, most blatant bullshit, all one after another, and I am so tired.
So: sure. Infected monkeys escape and run amok. Whatever.
journa.host/@w7voa/11545...
Steve Herman (@w7voa@journa.host)
“Infected and aggressive” rhesus monkeys escaped after a truck which was transporting them overturned in southern Mississippi. All but one of the primates “eliminated.” https://www.wapt.com/article/mo...
journa.host
October 28, 2025 at 8:02 PM
I just...
I don't know what's up with this timeline. But it's all the stupidest, most blatant bullshit, all one after another, and I am so tired.
So: sure. Infected monkeys escape and run amok. Whatever.
journa.host/@w7voa/11545...
I don't know what's up with this timeline. But it's all the stupidest, most blatant bullshit, all one after another, and I am so tired.
So: sure. Infected monkeys escape and run amok. Whatever.
journa.host/@w7voa/11545...
Practical LLM Security Advice from the NVIDIA AI Red Team
(from October 02, but I missed this when it came out)
developer.nvidia.com/blog/practic...
(from October 02, but I missed this when it came out)
developer.nvidia.com/blog/practic...
Practical LLM Security Advice from the NVIDIA AI Red Team | NVIDIA Technical Blog
Over the last several years, the NVIDIA AI Red Team (AIRT) has evaluated numerous and diverse AI-enabled systems for potential vulnerabilities and security weaknesses before they reach production.
developer.nvidia.com
October 28, 2025 at 5:22 PM
Practical LLM Security Advice from the NVIDIA AI Red Team
(from October 02, but I missed this when it came out)
developer.nvidia.com/blog/practic...
(from October 02, but I missed this when it came out)
developer.nvidia.com/blog/practic...
It's well into the double-digits now as far as seeing hallucinated threat intelligence results inventing provably spurious domains and causing them to be ingested elsewhere as accurate intel.
#infosec #cybersecurity #threatintel
infosec.exchange/@krypt3ia/11...
#infosec #cybersecurity #threatintel
infosec.exchange/@krypt3ia/11...
October 28, 2025 at 3:47 PM
It's well into the double-digits now as far as seeing hallucinated threat intelligence results inventing provably spurious domains and causing them to be ingested elsewhere as accurate intel.
#infosec #cybersecurity #threatintel
infosec.exchange/@krypt3ia/11...
#infosec #cybersecurity #threatintel
infosec.exchange/@krypt3ia/11...
the funniest part about LLM vulnerabilities is that we've essentially opened up our deterministic systems to techniques honed in centuries of disinformation operations, like an accelerated epistemology purposely weak to cache poisoning.
infosec.exchange/@mttaggart/1...
infosec.exchange/@mttaggart/1...
Taggart (@mttaggart@infosec.exchange)
This one is novel! Instead of a more classic indirect prompt injection, this CSRF attack (against ChatGPT itself) injects malicious instructions into the "Memory" layer of the ChatGPT app, so that fut...
infosec.exchange
October 28, 2025 at 3:01 PM
the funniest part about LLM vulnerabilities is that we've essentially opened up our deterministic systems to techniques honed in centuries of disinformation operations, like an accelerated epistemology purposely weak to cache poisoning.
infosec.exchange/@mttaggart/1...
infosec.exchange/@mttaggart/1...
*mumbling to self* there's too much to learn and everything i learn results in me knowing less, as a proportion of possible knowledge. this is unfair.
October 28, 2025 at 2:48 PM
*mumbling to self* there's too much to learn and everything i learn results in me knowing less, as a proportion of possible knowledge. this is unfair.
Stop cold-emailing spam to operations employees. Not only are we too busy for it, we have global admin and will ban your domain out of spite.
October 28, 2025 at 2:18 PM
Stop cold-emailing spam to operations employees. Not only are we too busy for it, we have global admin and will ban your domain out of spite.