Tod Beardsley
@todb.hugesuccess.org
#InfoSec person, wire #protocol nerd, #vuln gazer. KT0DBK is my callsign.
I post more often on https://infosec.exchange/@todb. Bridged here as @todb2.hugesuccess.org . If you follow both I promise not to manually repost between them.
I post more often on https://infosec.exchange/@todb. Bridged here as @todb2.hugesuccess.org . If you follow both I promise not to manually repost between them.
For a website called Bluesky I’m sure seeing a lot of purple, pink, and green skies in my feed. Harrumph.
November 12, 2025 at 4:15 AM
For a website called Bluesky I’m sure seeing a lot of purple, pink, and green skies in my feed. Harrumph.
Reposted by Tod Beardsley
To be clear, when I suggest that people sign up to be election pollworkers, I'm not trying to be flippant. I'm dead serious. It's a vital civic service where you help your neighbors vote. And you learn an absolute *ton* about how elections actually work, as well as meet the officials who run them.
November 8, 2025 at 11:05 PM
To be clear, when I suggest that people sign up to be election pollworkers, I'm not trying to be flippant. I'm dead serious. It's a vital civic service where you help your neighbors vote. And you learn an absolute *ton* about how elections actually work, as well as meet the officials who run them.
Reposted by Tod Beardsley
We’re so proud of everyone who made this happen. Thank you for knocking on doors, making calls, writing postcards, working the polls, and most importantly voting. Let’s have another round tonight! 💙🇺🇸
And sorry for blowing up your newsfeed today, we promise it’s all for a good cause! 😉
And sorry for blowing up your newsfeed today, we promise it’s all for a good cause! 😉
November 5, 2025 at 5:12 AM
We’re so proud of everyone who made this happen. Thank you for knocking on doors, making calls, writing postcards, working the polls, and most importantly voting. Let’s have another round tonight! 💙🇺🇸
And sorry for blowing up your newsfeed today, we promise it’s all for a good cause! 😉
And sorry for blowing up your newsfeed today, we promise it’s all for a good cause! 😉
Reposted by Tod Beardsley
[USPol]
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
November 3, 2025 at 2:04 PM
[USPol]
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
Reposted by Tod Beardsley
Posted without comment.
October 31, 2025 at 3:56 PM
Posted without comment.
Reposted by Tod Beardsley
🎃 Happy Halloween! The end of #CybersecurityAwarenessMonth means it's time for our EoL-palooza grand finale!
The scariest find? A surge of End-of-Life Proxmox systems... software zombies attackers feast on.
🧟♂️ @hdm.io has the guide to hunt them down: www.runzero.com/blog/managin...
The scariest find? A surge of End-of-Life Proxmox systems... software zombies attackers feast on.
🧟♂️ @hdm.io has the guide to hunt them down: www.runzero.com/blog/managin...
After VMware: Managing EOL for Proxmox Hypervisors
Outdated Proxmox VE installs leave systems exposed as users migrate from VMware. With runZero you can easily identify EoL hosts and expiring TLS certs.
www.runzero.com
October 31, 2025 at 1:44 PM
🎃 Happy Halloween! The end of #CybersecurityAwarenessMonth means it's time for our EoL-palooza grand finale!
The scariest find? A surge of End-of-Life Proxmox systems... software zombies attackers feast on.
🧟♂️ @hdm.io has the guide to hunt them down: www.runzero.com/blog/managin...
The scariest find? A surge of End-of-Life Proxmox systems... software zombies attackers feast on.
🧟♂️ @hdm.io has the guide to hunt them down: www.runzero.com/blog/managin...
Reposted by Tod Beardsley
Austin Hackers Anonymous (AHA) is TONIGHT (2025-10-30) takeonme.org - Have some zero-day to share? AHA is an official CNA and will issue CVEs for vulnerabilities disclosed at the meeting. I'm planning to demo more SSHamble.com findings along with BloodHound OpenGraph stuff. See yall soon!
AHA!
Austin Hackers Anonymous!
takeonme.org
October 30, 2025 at 9:18 PM
Austin Hackers Anonymous (AHA) is TONIGHT (2025-10-30) takeonme.org - Have some zero-day to share? AHA is an official CNA and will issue CVEs for vulnerabilities disclosed at the meeting. I'm planning to demo more SSHamble.com findings along with BloodHound OpenGraph stuff. See yall soon!
Reposted by Tod Beardsley
A cyber work of art from @doublepulsar.com
October 29, 2025 at 12:39 PM
A cyber work of art from @doublepulsar.com
Reposted by Tod Beardsley
Talking about why vuln mgmt is broken with @todb.hugesuccess.org and @hdm.io in 9 minutes!
www.scworld.com/cybercast/fi...
www.scworld.com/cybercast/fi...
Fixing a Broken System: Why Legacy Vuln Management Tools Can’t Keep Up
For decades, vulnerability management has been the backbone of enterprise security. But as networks have grown more complex and adversaries more creative, traditional scanning approaches are showing t...
www.scworld.com
October 29, 2025 at 5:51 PM
Talking about why vuln mgmt is broken with @todb.hugesuccess.org and @hdm.io in 9 minutes!
www.scworld.com/cybercast/fi...
www.scworld.com/cybercast/fi...
Reposted by Tod Beardsley
I explained to my class week that despite all the panic about state actor capabilities:
-The biggest threat to electricity is squirrels
-Minecraft skids have the best DDoS capabilities
-No amount of disruption could ever beat misconfiguration, with DNS at the top of the list
-The biggest threat to electricity is squirrels
-Minecraft skids have the best DDoS capabilities
-No amount of disruption could ever beat misconfiguration, with DNS at the top of the list
October 27, 2025 at 9:46 PM
I explained to my class week that despite all the panic about state actor capabilities:
-The biggest threat to electricity is squirrels
-Minecraft skids have the best DDoS capabilities
-No amount of disruption could ever beat misconfiguration, with DNS at the top of the list
-The biggest threat to electricity is squirrels
-Minecraft skids have the best DDoS capabilities
-No amount of disruption could ever beat misconfiguration, with DNS at the top of the list
Reposted by Tod Beardsley
The question isn’t "why does Signal use AWS?" It’s to look at the infrastructural requirements of any global, real-time, mass comms platform and ask how it is that we got to a place where there’s no realistic alternative to AWS and the other hyperscalers. 3/
October 27, 2025 at 10:38 AM
The question isn’t "why does Signal use AWS?" It’s to look at the infrastructural requirements of any global, real-time, mass comms platform and ask how it is that we got to a place where there’s no realistic alternative to AWS and the other hyperscalers. 3/
Reposted by Tod Beardsley
a fun thing to consider is that China, and probably Russia, almost certainly have the ability to post from the president's Truth Social account. they just know that they only get to use that *once*.
I think the White House is probably absolutely riddled with spies and listening devices and also they're getting exactly as much actionable intelligence as you'd get from browsing Truth Social.
October 24, 2025 at 1:02 AM
a fun thing to consider is that China, and probably Russia, almost certainly have the ability to post from the president's Truth Social account. they just know that they only get to use that *once*.
Reposted by Tod Beardsley
This is at once one of the most gobsmacking examples of utter incompetence I've read to date coming from the current administration, and yet also a fascinating train wreck of hilarity.
Oh nooooo, Lindsey Halligan, this is not how any of this works
(15 screens into a Signal exchange) www.lawfaremedia.org/article/anna...
(15 screens into a Signal exchange) www.lawfaremedia.org/article/anna...
October 21, 2025 at 12:50 AM
This is at once one of the most gobsmacking examples of utter incompetence I've read to date coming from the current administration, and yet also a fascinating train wreck of hilarity.
Happy to see all these huge cities absolutely carpeted with humans for #NoKings
For contrast, here’s Alpine, TX. Total population of the city is about 6,000. I think maybe 150 showed up.
For contrast, here’s Alpine, TX. Total population of the city is about 6,000. I think maybe 150 showed up.
October 19, 2025 at 12:49 AM
Happy to see all these huge cities absolutely carpeted with humans for #NoKings
For contrast, here’s Alpine, TX. Total population of the city is about 6,000. I think maybe 150 showed up.
For contrast, here’s Alpine, TX. Total population of the city is about 6,000. I think maybe 150 showed up.
Reposted by Tod Beardsley
I saw a tragically AI-generated version of this poster, so I have recreated a 100% human-made version for all your protest sign needs.
October 18, 2025 at 4:00 PM
I saw a tragically AI-generated version of this poster, so I have recreated a 100% human-made version for all your protest sign needs.
Reposted by Tod Beardsley
A reminder that I have "Arkham" embedded in my name.
(not that there's anything wrong with that...)
(not that there's anything wrong with that...)
October 12, 2025 at 7:03 PM
A reminder that I have "Arkham" embedded in my name.
(not that there's anything wrong with that...)
(not that there's anything wrong with that...)
Cool Hatch Act violation you got going on there, USDA.
October 13, 2025 at 3:45 AM
Cool Hatch Act violation you got going on there, USDA.
Reposted by Tod Beardsley
Robert De Niro: “Now we have a would-be king — King Donald the First. Fuck that. I’m Robert De Niro and I’m asking you to stand up and be counted in the nationwide No Kings protest on October 18th”
👉👉 nokings.org
👉👉 nokings.org
October 11, 2025 at 9:21 PM
Robert De Niro: “Now we have a would-be king — King Donald the First. Fuck that. I’m Robert De Niro and I’m asking you to stand up and be counted in the nationwide No Kings protest on October 18th”
👉👉 nokings.org
👉👉 nokings.org
Reposted by Tod Beardsley
📺 runZero Hour: Beyond the veil with EOL OSes.
Rob King, @todb.hugesuccess.org & @nemo.tatooine.club.ap.brid.gy unpack the Oct 14 Winpocalypse + risks of zombie OSes.
📅 Oct 15 • 1PM ET / 10AM PT
👉 Register: www.runzero.com/research/run... 📖 Report: www.runzero.com/resources/un...
Rob King, @todb.hugesuccess.org & @nemo.tatooine.club.ap.brid.gy unpack the Oct 14 Winpocalypse + risks of zombie OSes.
📅 Oct 15 • 1PM ET / 10AM PT
👉 Register: www.runzero.com/research/run... 📖 Report: www.runzero.com/resources/un...
October 2, 2025 at 5:30 PM
📺 runZero Hour: Beyond the veil with EOL OSes.
Rob King, @todb.hugesuccess.org & @nemo.tatooine.club.ap.brid.gy unpack the Oct 14 Winpocalypse + risks of zombie OSes.
📅 Oct 15 • 1PM ET / 10AM PT
👉 Register: www.runzero.com/research/run... 📖 Report: www.runzero.com/resources/un...
Rob King, @todb.hugesuccess.org & @nemo.tatooine.club.ap.brid.gy unpack the Oct 14 Winpocalypse + risks of zombie OSes.
📅 Oct 15 • 1PM ET / 10AM PT
👉 Register: www.runzero.com/research/run... 📖 Report: www.runzero.com/resources/un...
Just curious: Republicans control a majority of US states as governor (27 vs 23 Dems). Of 5 territories, 2 are R-controlled (Guam and Puerto Rico). There's also D.C. with a D mayor.
There are 574 federally recognized tribal authorities. Any data around on their leadership affiliation?
There are 574 federally recognized tribal authorities. Any data around on their leadership affiliation?
October 2, 2025 at 4:01 PM
Just curious: Republicans control a majority of US states as governor (27 vs 23 Dems). Of 5 territories, 2 are R-controlled (Guam and Puerto Rico). There's also D.C. with a D mayor.
There are 574 federally recognized tribal authorities. Any data around on their leadership affiliation?
There are 574 federally recognized tribal authorities. Any data around on their leadership affiliation?
Reposted by Tod Beardsley
✨ New report: Undead by design ✨
Zombie OSes aren’t just outdated, they’re risky. On Oct 14, Windows 10 goes EOL & 1/3 of Windows assets lose support. @todb.hugesuccess.org reveals how to protect your org:
👉 Read the (ungated!) report: www.runzero.com/resources/un...
Zombie OSes aren’t just outdated, they’re risky. On Oct 14, Windows 10 goes EOL & 1/3 of Windows assets lose support. @todb.hugesuccess.org reveals how to protect your org:
👉 Read the (ungated!) report: www.runzero.com/resources/un...
October 1, 2025 at 1:55 PM
✨ New report: Undead by design ✨
Zombie OSes aren’t just outdated, they’re risky. On Oct 14, Windows 10 goes EOL & 1/3 of Windows assets lose support. @todb.hugesuccess.org reveals how to protect your org:
👉 Read the (ungated!) report: www.runzero.com/resources/un...
Zombie OSes aren’t just outdated, they’re risky. On Oct 14, Windows 10 goes EOL & 1/3 of Windows assets lose support. @todb.hugesuccess.org reveals how to protect your org:
👉 Read the (ungated!) report: www.runzero.com/resources/un...
So are tech journos going to cover the sunsetting of the Cybersecurity Information Sharing Act(2015)?
Or are we just going to keep sharing IOCs and TTPs with the USG and risking pre-2015 evidentiary exposure and just be cool now? I like being cool. I also kinda liked that law. #lawfare
Or are we just going to keep sharing IOCs and TTPs with the USG and risking pre-2015 evidentiary exposure and just be cool now? I like being cool. I also kinda liked that law. #lawfare
October 1, 2025 at 9:23 PM
So are tech journos going to cover the sunsetting of the Cybersecurity Information Sharing Act(2015)?
Or are we just going to keep sharing IOCs and TTPs with the USG and risking pre-2015 evidentiary exposure and just be cool now? I like being cool. I also kinda liked that law. #lawfare
Or are we just going to keep sharing IOCs and TTPs with the USG and risking pre-2015 evidentiary exposure and just be cool now? I like being cool. I also kinda liked that law. #lawfare
Reposted by Tod Beardsley
👻 ATX, Oct 9: the horror gets real. We're conjuring up a haunted house pop-up with our friends at Ghost Security with:
💀 Spooky cocktails + treats
🎤 @todb.hugesuccess.org talking creepy EoL things
🕷️ Maxim G analyzing evil at scale
🔮 Greg Martin on AI in AppSec
🎟️ Get your creds: luma.com/klzl0t1h
💀 Spooky cocktails + treats
🎤 @todb.hugesuccess.org talking creepy EoL things
🕷️ Maxim G analyzing evil at scale
🔮 Greg Martin on AI in AppSec
🎟️ Get your creds: luma.com/klzl0t1h
September 26, 2025 at 4:04 PM
👻 ATX, Oct 9: the horror gets real. We're conjuring up a haunted house pop-up with our friends at Ghost Security with:
💀 Spooky cocktails + treats
🎤 @todb.hugesuccess.org talking creepy EoL things
🕷️ Maxim G analyzing evil at scale
🔮 Greg Martin on AI in AppSec
🎟️ Get your creds: luma.com/klzl0t1h
💀 Spooky cocktails + treats
🎤 @todb.hugesuccess.org talking creepy EoL things
🕷️ Maxim G analyzing evil at scale
🔮 Greg Martin on AI in AppSec
🎟️ Get your creds: luma.com/klzl0t1h
Reposted by Tod Beardsley
North Carolina secures 1.3M+ devices across 343 schools with only a handful of IT staff.
Learn how in our live webcast with Samuel Carter & @todb.hugesuccess.org.
📅 Oct 21 | 10AM PT / 1PM ET
👉 www.runzero.com/north-caroli...
Learn how in our live webcast with Samuel Carter & @todb.hugesuccess.org.
📅 Oct 21 | 10AM PT / 1PM ET
👉 www.runzero.com/north-caroli...
September 26, 2025 at 12:01 PM
North Carolina secures 1.3M+ devices across 343 schools with only a handful of IT staff.
Learn how in our live webcast with Samuel Carter & @todb.hugesuccess.org.
📅 Oct 21 | 10AM PT / 1PM ET
👉 www.runzero.com/north-caroli...
Learn how in our live webcast with Samuel Carter & @todb.hugesuccess.org.
📅 Oct 21 | 10AM PT / 1PM ET
👉 www.runzero.com/north-caroli...
Reposted by Tod Beardsley
The CVE program nearly lost its funding. Cue the collective InfoSec panic.
But only ~20% of incidents start with a CVE exploit. The rest? Misconfigs + bad segmentation exposures tools shrug at.
@todb.hugesuccess.org explores what a post-CVE world might mean: www.runzero.com/blog/grappli...
But only ~20% of incidents start with a CVE exploit. The rest? Misconfigs + bad segmentation exposures tools shrug at.
@todb.hugesuccess.org explores what a post-CVE world might mean: www.runzero.com/blog/grappli...
September 25, 2025 at 7:01 PM
The CVE program nearly lost its funding. Cue the collective InfoSec panic.
But only ~20% of incidents start with a CVE exploit. The rest? Misconfigs + bad segmentation exposures tools shrug at.
@todb.hugesuccess.org explores what a post-CVE world might mean: www.runzero.com/blog/grappli...
But only ~20% of incidents start with a CVE exploit. The rest? Misconfigs + bad segmentation exposures tools shrug at.
@todb.hugesuccess.org explores what a post-CVE world might mean: www.runzero.com/blog/grappli...