SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
@techbytom.bsky.social
Privacy, motorcycle, and craft beer geek. Adversarial thinker. Blue team your blue team for better red teaming.
Take notes. THIS is how you articulate the difference between warm fuzzy marketing and propaganda for a commercial dystopia.
February 11, 2026 at 5:15 AM
Take notes. THIS is how you articulate the difference between warm fuzzy marketing and propaganda for a commercial dystopia.
Good riddance @discord.com
Discord will require a face scan or ID for full access next month
Discord will require a face scan or ID for full access next month
Age verification for all.
buff.ly
February 10, 2026 at 4:11 PM
Good riddance @discord.com
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
LOOK AT THIS PRIVACY POLICY.
Look at it. You can read it because they don’t need a ton of legalese to make you stop reading all the ways they’ll sell your data.
They just don’t do that. None of it.
tessie.com/privacy
Look at it. You can read it because they don’t need a ton of legalese to make you stop reading all the ways they’ll sell your data.
They just don’t do that. None of it.
tessie.com/privacy
Privacy – Tessie
Tessie is built for you—and only you.
tessie.com
January 29, 2026 at 2:28 AM
LOOK AT THIS PRIVACY POLICY.
Look at it. You can read it because they don’t need a ton of legalese to make you stop reading all the ways they’ll sell your data.
They just don’t do that. None of it.
tessie.com/privacy
Look at it. You can read it because they don’t need a ton of legalese to make you stop reading all the ways they’ll sell your data.
They just don’t do that. None of it.
tessie.com/privacy
We want the soundtrack!
Georgia Weidman has posted some December 2010 NovaHackers talks, including my first talk on Armitage.
x.com/georgiaweidm...
Video link:
www.youtube.com/watch?v=ZtnK...
x.com/georgiaweidm...
Video link:
www.youtube.com/watch?v=ZtnK...
Georgia Weidman on X: "A few of you asked if I had the old @novahackers videos. Yes, I do, and I'm rereleasing them! Here are the talks from December 2010, including what is possibly the very first demo of Armitage (before Cobalt Strike, there was Armitage) from @armitagehacker, a talk on hacking" / X
A few of you asked if I had the old @novahackers videos. Yes, I do, and I'm rereleasing them! Here are the talks from December 2010, including what is possibly the very first demo of Armitage (before Cobalt Strike, there was Armitage) from @armitagehacker, a talk on hacking
x.com
January 23, 2026 at 8:25 PM
We want the soundtrack!
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
Early bird tickets are still available! 🎉
Use code BS312-EB20 to get 20% off your #BSides312 ticket.
Grab yours now 👉 bsides312.org
While you’re there, consider volunteering and helping make the event awesome!
#BSides
Use code BS312-EB20 to get 20% off your #BSides312 ticket.
Grab yours now 👉 bsides312.org
While you’re there, consider volunteering and helping make the event awesome!
#BSides
BSides312 - Chicago's Hacking Conference
BSides312 is Chicago's biggest little non-profit hacking & information security conference.
bsides312.org
January 16, 2026 at 9:31 PM
Early bird tickets are still available! 🎉
Use code BS312-EB20 to get 20% off your #BSides312 ticket.
Grab yours now 👉 bsides312.org
While you’re there, consider volunteering and helping make the event awesome!
#BSides
Use code BS312-EB20 to get 20% off your #BSides312 ticket.
Grab yours now 👉 bsides312.org
While you’re there, consider volunteering and helping make the event awesome!
#BSides
cupholder.exe was one of my favorite memories when growing up.
January 18, 2026 at 9:26 PM
cupholder.exe was one of my favorite memories when growing up.
To be clear. NetNTLMv1 support needs to go. But for the low security budgets, the companies that can’t navigate their way out from under this one, detection and effective response will be your saving grace (or it won’t be).
January 16, 2026 at 3:34 AM
To be clear. NetNTLMv1 support needs to go. But for the low security budgets, the companies that can’t navigate their way out from under this one, detection and effective response will be your saving grace (or it won’t be).
If your SOC doesn’t already alert on NetNTLM with challenges of “1122334455667788” you should fix that NOW.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Releasing Rainbow Tables to Accelerate Protocol Deprecation | Google Cloud Blog
Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.
cloud.google.com
January 15, 2026 at 4:35 PM
If your SOC doesn’t already alert on NetNTLM with challenges of “1122334455667788” you should fix that NOW.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Combining NVIDIA DGX Spark + Apple Mac Studio for 4x Faster LLM Inference with EXO 1.0
Disaggregating Prefill and Decode: Faster First Tokens, Faster Streams
blog.exolabs.net
January 6, 2026 at 5:45 AM
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Fun way to host your payloads vmux.sdan.io
vmux
Run anything in the cloud. Replace uv run with vmux run.
vmux.sdan.io
January 2, 2026 at 1:27 AM
Fun way to host your payloads vmux.sdan.io
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
At 404, we’re particularly focussed on journalism that has real-world impact. Thanks to your support, this year we can trace a direct line between our work and tangible policy change. @evystadium.bsky.social names a few.
Read our Impact stories here and hny <3 www.404media.co/tag/impact/
Read our Impact stories here and hny <3 www.404media.co/tag/impact/
January 1, 2026 at 7:24 PM
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
To wrap up the year, I've published this Havoc extension that enables remote execution of Beacon Object Files (BOFs) using a PIC loader built with Crystal Palace.
github.com/pard0p/Remot...
github.com/pard0p/Remot...
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
December 31, 2025 at 11:51 PM
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
You've been targeted by government spyware. Now what? | TechCrunch
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO's Pegasus or Paragon's Graphite. What happens after re...
techcrunch.com
December 29, 2025 at 4:27 PM
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
Claude set a strong bar for structured, workflow-driven AI usage, and it’s no surprise we’re now seeing similar ideas across other platforms like OpenAI.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
Agent Skills
Give Codex new capabilities and expertise
developers.openai.com
December 27, 2025 at 12:33 AM
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
ORLY?
December 20, 2025 at 4:47 AM
ORLY?
This implies that getting a warrant for this was anything other than a rubber stamp in a web interface before now.
NARRATOR (V.O.) It wasn't.
NARRATOR (V.O.) It wasn't.
December 19, 2025 at 3:23 PM
This implies that getting a warrant for this was anything other than a rubber stamp in a web interface before now.
NARRATOR (V.O.) It wasn't.
NARRATOR (V.O.) It wasn't.
30% of the code, and 100% of the design is now done by AI
December 19, 2025 at 3:02 PM
30% of the code, and 100% of the design is now done by AI
0nrnicrosoft[.]com was registered last night
December 19, 2025 at 2:57 PM
0nrnicrosoft[.]com was registered last night
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
“ALPRs, operating at the scale that they’re operating now, with the kind of vendors that are running these systems now, are posing a direct public safety threat,” particularly in this political climate, EFF’s @tsnvaa.bsky.social told @kqednews.kqed.org. www.kqed.org/news/120669...
California Cities Double Down on License-Plate Readers as Federal Surveillance Grows | KQED
California municipalities continue to press ahead with automated license-plate reader contracts, betting the technology’s public-safety value outweighs demonstrated risks to data privacy and civil liberties.
www.kqed.org
December 19, 2025 at 2:18 PM
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
www.wsj.com/tech/ai/anth...
We Let AI Run Our Office Vending Machine. It Lost Hundreds of Dollars.
An AI agent ran a snack operation in the WSJ newsroom. It gave away a free PlayStation, ordered a live fish—and taught us lessons about the future of AI.
www.wsj.com
December 19, 2025 at 1:21 AM
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
www.wsj.com/tech/ai/anth...
Apple Maps in CarPlay does not allow you to tap on the numbers on the map. You MUST tap the item in the list, wait for the zoom animation to show you which of the map locations it was for, then (while no longer seeing the whole route) choose if you want to add to route or not.
December 18, 2025 at 3:00 PM
Apple Maps in CarPlay does not allow you to tap on the numbers on the map. You MUST tap the item in the list, wait for the zoom animation to show you which of the map locations it was for, then (while no longer seeing the whole route) choose if you want to add to route or not.
Maybe Bieber will complain and Tim Apple will do something.
December 18, 2025 at 5:39 AM
Maybe Bieber will complain and Tim Apple will do something.
Ok, but can I PLEASE tap on the destination on the map instead of being forced to use a list and back button to discover where each location is while I’m TRYING TO DRIVE?
December 18, 2025 at 5:38 AM
Ok, but can I PLEASE tap on the destination on the map instead of being forced to use a list and back button to discover where each location is while I’m TRYING TO DRIVE?