Ravenholm Tech
@ravenholmtech.bsky.social
Real life cybersecurity engineer and consultant. Even got the CISSP cert to prove it.
Reposted by Ravenholm Tech
A key cybersecurity information-sharing law has temporarily expired amid broader government funding delays. David Kennedy told The Hill that the lapse eliminates key protections that the exchange of information, which is encouraged by CISA, provides. Read now! thehill.com/homenews/552...
Cyberthreat sharing law expires as government shuts down
A law allowing private companies to share information about cybersecurity threats with the government expired Wednesday after Congress failed to reauthorize the legislation amid a wider shutdown fi…
thehill.com
October 2, 2025 at 6:02 PM
A key cybersecurity information-sharing law has temporarily expired amid broader government funding delays. David Kennedy told The Hill that the lapse eliminates key protections that the exchange of information, which is encouraged by CISA, provides. Read now! thehill.com/homenews/552...
Thanks for hosting the ISC2 meeting @trustedsec.com. Pretty cool to see the Back to the Future collection.
July 30, 2025 at 3:53 AM
Thanks for hosting the ISC2 meeting @trustedsec.com. Pretty cool to see the Back to the Future collection.
Been working helping people resolve this "little" issue.
nvd.nist.gov/vuln/detail/...
If you're running on-prem Sharepoint 2016 or 2019 you might want to take care of this quickly.
nvd.nist.gov/vuln/detail/...
If you're running on-prem Sharepoint 2016 or 2019 you might want to take care of this quickly.
NVD - CVE-2025-53770
nvd.nist.gov
July 28, 2025 at 3:33 PM
Been working helping people resolve this "little" issue.
nvd.nist.gov/vuln/detail/...
If you're running on-prem Sharepoint 2016 or 2019 you might want to take care of this quickly.
nvd.nist.gov/vuln/detail/...
If you're running on-prem Sharepoint 2016 or 2019 you might want to take care of this quickly.
Built a cool little volume mixer for a family member's PC. It was built using Deej. It was a fun little project. I picked the colors to match their PC case, it was pretty straight forward and easy to produce.
github.com/omriharel/deej
github.com/omriharel/deej
July 2, 2025 at 1:25 PM
Built a cool little volume mixer for a family member's PC. It was built using Deej. It was a fun little project. I picked the colors to match their PC case, it was pretty straight forward and easy to produce.
github.com/omriharel/deej
github.com/omriharel/deej
Oh man. I've been seeing sooooo many bad takes about plain text credentials in code.
Certainly, every software developer/engineer knows that plain text creds in code is bad. I'm sure they all know how to use a secrets vault.
Who cares if it's only accessible internally? Just fix it.
Certainly, every software developer/engineer knows that plain text creds in code is bad. I'm sure they all know how to use a secrets vault.
Who cares if it's only accessible internally? Just fix it.
June 27, 2025 at 2:26 PM
Oh man. I've been seeing sooooo many bad takes about plain text credentials in code.
Certainly, every software developer/engineer knows that plain text creds in code is bad. I'm sure they all know how to use a secrets vault.
Who cares if it's only accessible internally? Just fix it.
Certainly, every software developer/engineer knows that plain text creds in code is bad. I'm sure they all know how to use a secrets vault.
Who cares if it's only accessible internally? Just fix it.
I really like strange hardware designs. This looks really fun.
One of my earlier bad keyboards (June 2023), the ShiftKeyBoard!
It's got nine buttons, and an 8-way gear shifter. You simply shift into different gears to select which sub-keyboard to use. Surprisingly easy to use, in fact.
It's got nine buttons, and an 8-way gear shifter. You simply shift into different gears to select which sub-keyboard to use. Surprisingly easy to use, in fact.
January 17, 2025 at 2:03 PM
I really like strange hardware designs. This looks really fun.
Reposted by Ravenholm Tech
1 malicious version each of 2 npm packages for a popular JavaScript bundler were released by an attacker 'who gained unauthorized npm publishing access'.
One of the legit npm packages has around 370k downloads/week, the other, 135k/week.
socket.dev/blog/rspack-...
One of the legit npm packages has around 370k downloads/week, the other, 135k/week.
socket.dev/blog/rspack-...
Supply Chain Attack on Rspack npm Packages Injects Cryptojac...
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
socket.dev
January 2, 2025 at 12:10 AM
1 malicious version each of 2 npm packages for a popular JavaScript bundler were released by an attacker 'who gained unauthorized npm publishing access'.
One of the legit npm packages has around 370k downloads/week, the other, 135k/week.
socket.dev/blog/rspack-...
One of the legit npm packages has around 370k downloads/week, the other, 135k/week.
socket.dev/blog/rspack-...
Hello fellow humans. I have a neighbor that informed me about a "thing" on his Amazon Fire Stick. Apparently, it's a service they pay for. ViewTV. Pretty interesting. It's clearly a side loaded app from a third-party source. I can't find any information about how the back end of this works.
December 24, 2024 at 7:23 PM
Hello fellow humans. I have a neighbor that informed me about a "thing" on his Amazon Fire Stick. Apparently, it's a service they pay for. ViewTV. Pretty interesting. It's clearly a side loaded app from a third-party source. I can't find any information about how the back end of this works.
Reposted by Ravenholm Tech
probably don't get your cybersecurity advice from youtube sponsor segments
December 19, 2024 at 5:36 PM
probably don't get your cybersecurity advice from youtube sponsor segments
Look, seriously. I don't care if it's "internal only" patch it anyway. Also, why is there a script to disable EDR when you use a certain piece of software?
December 17, 2024 at 6:05 PM
Look, seriously. I don't care if it's "internal only" patch it anyway. Also, why is there a script to disable EDR when you use a certain piece of software?
Can you even imagine months of negotiation to harden a VPN configuration? I can.
December 12, 2024 at 7:08 PM
Can you even imagine months of negotiation to harden a VPN configuration? I can.
Reposted by Ravenholm Tech
In our new #blog, Senior Security Consultant
@two06.bsky.social goes over methodology that led him to discovering a deserialization vulnerability in #LINQPad, a .NET scratchpad application commonly used by developers. Read it now! trustedsec.com/blog/discove...
@two06.bsky.social goes over methodology that led him to discovering a deserialization vulnerability in #LINQPad, a .NET scratchpad application commonly used by developers. Read it now! trustedsec.com/blog/discove...
Discovering a Deserialization Vulnerability in LINQPad
trustedsec.com
December 3, 2024 at 4:14 PM
In our new #blog, Senior Security Consultant
@two06.bsky.social goes over methodology that led him to discovering a deserialization vulnerability in #LINQPad, a .NET scratchpad application commonly used by developers. Read it now! trustedsec.com/blog/discove...
@two06.bsky.social goes over methodology that led him to discovering a deserialization vulnerability in #LINQPad, a .NET scratchpad application commonly used by developers. Read it now! trustedsec.com/blog/discove...
Reposted by Ravenholm Tech
Open-Source Tools
Forensic Kit - exterro.com/forensic-toolkit
Autopsy - autopsy.com
Volatility - volatilityfoundation.org
Zimmerman - ericzimmerman.github.io/#lindex.md
Wireshark - wireshark.org
iLEAPP/aLEAPP - github.com/abrignoni/iLEAPP
github.com/abrignoni/aLEAPP
Klogg - klogg.filimonov.dev
Forensic Kit - exterro.com/forensic-toolkit
Autopsy - autopsy.com
Volatility - volatilityfoundation.org
Zimmerman - ericzimmerman.github.io/#lindex.md
Wireshark - wireshark.org
iLEAPP/aLEAPP - github.com/abrignoni/iLEAPP
github.com/abrignoni/aLEAPP
Klogg - klogg.filimonov.dev
Data Risk Management - Data Discovery & Privacy Platform | Exterro
Exterro's powerful data risk management platform unifies e-discovery, privacy, data governance, digital forensics, and cybersecurity compliance to…
exterro.com
December 4, 2024 at 8:43 PM
Open-Source Tools
Forensic Kit - exterro.com/forensic-toolkit
Autopsy - autopsy.com
Volatility - volatilityfoundation.org
Zimmerman - ericzimmerman.github.io/#lindex.md
Wireshark - wireshark.org
iLEAPP/aLEAPP - github.com/abrignoni/iLEAPP
github.com/abrignoni/aLEAPP
Klogg - klogg.filimonov.dev
Forensic Kit - exterro.com/forensic-toolkit
Autopsy - autopsy.com
Volatility - volatilityfoundation.org
Zimmerman - ericzimmerman.github.io/#lindex.md
Wireshark - wireshark.org
iLEAPP/aLEAPP - github.com/abrignoni/iLEAPP
github.com/abrignoni/aLEAPP
Klogg - klogg.filimonov.dev
Finally got my CISSP certification today. The wait is over!!!
November 28, 2024 at 6:18 AM
Finally got my CISSP certification today. The wait is over!!!
Ugh... Week 5 of waiting for ISC2 to click the checkbox on my CISSP cert.
November 25, 2024 at 5:42 AM
Ugh... Week 5 of waiting for ISC2 to click the checkbox on my CISSP cert.
I still see those log4j vulnerabilities out there.....
#CyberSecurity
#CyberSecurity
November 25, 2024 at 1:42 AM
I still see those log4j vulnerabilities out there.....
#CyberSecurity
#CyberSecurity
I really gotta get back to work on this. Took a little break. Time to go for pro hacker.
November 22, 2024 at 10:48 PM
I really gotta get back to work on this. Took a little break. Time to go for pro hacker.
security.paloaltonetworks.com/CVE-2024-0012
Authentication Bypass
security.paloaltonetworks.com/CVE-2024-9474
Privilege Escalation
Finding these two together isn't good news. If you're running palo alto firewalls update them... yes... even if they are "internal only"
Authentication Bypass
security.paloaltonetworks.com/CVE-2024-9474
Privilege Escalation
Finding these two together isn't good news. If you're running palo alto firewalls update them... yes... even if they are "internal only"
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perfor...
security.paloaltonetworks.com
November 22, 2024 at 10:41 PM
security.paloaltonetworks.com/CVE-2024-0012
Authentication Bypass
security.paloaltonetworks.com/CVE-2024-9474
Privilege Escalation
Finding these two together isn't good news. If you're running palo alto firewalls update them... yes... even if they are "internal only"
Authentication Bypass
security.paloaltonetworks.com/CVE-2024-9474
Privilege Escalation
Finding these two together isn't good news. If you're running palo alto firewalls update them... yes... even if they are "internal only"
So... where are all of the other #CyberSecurity people?
I remember a few from the .... other place.
Either way, keep an eye here for complaints about vulnerabilities that terrorize me throughout the day or the evils of cloud storage and using email for critical business processes (don't).
I remember a few from the .... other place.
Either way, keep an eye here for complaints about vulnerabilities that terrorize me throughout the day or the evils of cloud storage and using email for critical business processes (don't).
November 22, 2024 at 10:29 PM
So... where are all of the other #CyberSecurity people?
I remember a few from the .... other place.
Either way, keep an eye here for complaints about vulnerabilities that terrorize me throughout the day or the evils of cloud storage and using email for critical business processes (don't).
I remember a few from the .... other place.
Either way, keep an eye here for complaints about vulnerabilities that terrorize me throughout the day or the evils of cloud storage and using email for critical business processes (don't).