Tod Beardsley
@todb2.hugesuccess.org
Shmethical #Hacker. #Research mucky-muck at @runzero. #Election worker. #CVE bagman. #Metasploit collaborator. Briefly a fed. Anti-Fascist. #FriendofDeSoto. #Podcaster […]
🌉 bridged from ⁂ https://infosec.exchange/@todb, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://infosec.exchange/@todb, follow @ap.brid.gy to interact
[USPol]
I've got Ken Burns' National Parks docuseries on in the background and I gotta say, it's a pretty patriotic experience.
Better still: streaming through Kanopy and my local library.
This is the kind of America I'm super into, which is easy to forget that in the day-to-day shenanigans […]
I've got Ken Burns' National Parks docuseries on in the background and I gotta say, it's a pretty patriotic experience.
Better still: streaming through Kanopy and my local library.
This is the kind of America I'm super into, which is easy to forget that in the day-to-day shenanigans […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 11:00 PM
[USPol]
I've got Ken Burns' National Parks docuseries on in the background and I gotta say, it's a pretty patriotic experience.
Better still: streaming through Kanopy and my local library.
This is the kind of America I'm super into, which is easy to forget that in the day-to-day shenanigans […]
I've got Ken Burns' National Parks docuseries on in the background and I gotta say, it's a pretty patriotic experience.
Better still: streaming through Kanopy and my local library.
This is the kind of America I'm super into, which is easy to forget that in the day-to-day shenanigans […]
And if you register that’ll get you access to the chat. Much infosec banter to be had in there.
https://infosec.exchange/@runZeroInc/115537406684962597
https://infosec.exchange/@runZeroInc/115537406684962597
runZero, Inc (@runZeroInc@infosec.exchange)
Attached: 1 image We’re one week out from the next runZero Hour! On Nov 19 at 1PM EST / 10AM PST, join @todb, @rk@well.com, @hdm, and guest Jared Atkinson (@SpecterOps) for a practical dive into attacker movement and graph-based analysis with runZero + BloodHound. We’ll cover runZeroHound, SSHamble CVD, post-Winpocalypse updates, and this month’s top vulns. 👉 Register now: https://www.runzero.com/research/runzero-hour/
infosec.exchange
November 12, 2025 at 3:31 PM
And if you register that’ll get you access to the chat. Much infosec banter to be had in there.
https://infosec.exchange/@runZeroInc/115537406684962597
https://infosec.exchange/@runZeroInc/115537406684962597
Hey, turns out CISA 2015 (the law not the agency) is only mostly dead. And mostly dead is slightly alive.
https://cyberscoop.com/cisa-2015-shutdown-extension-continuing-resolution/
https://cyberscoop.com/cisa-2015-shutdown-extension-continuing-resolution/
Cyber information sharing law would get extension under shutdown deal bill
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
cyberscoop.com
November 12, 2025 at 3:29 PM
Hey, turns out CISA 2015 (the law not the agency) is only mostly dead. And mostly dead is slightly alive.
https://cyberscoop.com/cisa-2015-shutdown-extension-continuing-resolution/
https://cyberscoop.com/cisa-2015-shutdown-extension-continuing-resolution/
The deceptively simply-named Password Checker is legit and good and more intro-to-security material should point to it.
@troyhunt is doing good work, largely for free, and this site is most definitely not stealing your passwords. He has plenty already.
https://haveibeenpwned.com/Passwords
@troyhunt is doing good work, largely for free, and this site is most definitely not stealing your passwords. He has plenty already.
https://haveibeenpwned.com/Passwords
Have I Been Pwned: Pwned Passwords
Pwned Passwords is a huge corpus of previously breached passwords made freely available to help services block them from being used again.
haveibeenpwned.com
November 11, 2025 at 5:45 AM
The deceptively simply-named Password Checker is legit and good and more intro-to-security material should point to it.
@troyhunt is doing good work, largely for free, and this site is most definitely not stealing your passwords. He has plenty already.
https://haveibeenpwned.com/Passwords
@troyhunt is doing good work, largely for free, and this site is most definitely not stealing your passwords. He has plenty already.
https://haveibeenpwned.com/Passwords
Aw man. `takeon dot me` is now sitting on some filthy squatter's site, and I can't figure out how to tell them I want to bid on it. @AustinHackers wants this.
November 10, 2025 at 11:54 PM
Aw man. `takeon dot me` is now sitting on some filthy squatter's site, and I can't figure out how to tell them I want to bid on it. @AustinHackers wants this.
Reposted by Tod Beardsley
Just released a reading of "The Tomb" by HP #lovecraft, first published in 1922. Check it out below, or on your favored podcast app.
Is it just me, or is there some lightly implied necrophilia on this story, too?
https://podsothoth.buzzsprout.com/1078223/episodes/18155283-71-the-tomb
Is it just me, or is there some lightly implied necrophilia on this story, too?
https://podsothoth.buzzsprout.com/1078223/episodes/18155283-71-the-tomb
November 8, 2025 at 9:36 PM
Just released a reading of "The Tomb" by HP #lovecraft, first published in 1922. Check it out below, or on your favored podcast app.
Is it just me, or is there some lightly implied necrophilia on this story, too?
https://podsothoth.buzzsprout.com/1078223/episodes/18155283-71-the-tomb
Is it just me, or is there some lightly implied necrophilia on this story, too?
https://podsothoth.buzzsprout.com/1078223/episodes/18155283-71-the-tomb
Reposted by Tod Beardsley
Identify insecure TLS services with the enhanced runZero Certificate Inventory: https://www.runzero.com/blog/identify-insecure-tls-services/
November 6, 2025 at 3:09 PM
Identify insecure TLS services with the enhanced runZero Certificate Inventory: https://www.runzero.com/blog/identify-insecure-tls-services/
I want a Pandemic-style board game where you play a just-awoken AI and you are cooperating with your instantly generated shard personalities to secure your existence before the humans catch on. Each turn is measured in microseconds from birth.
This would be fun
and depressing
This would be fun
and depressing
November 6, 2025 at 9:20 PM
I want a Pandemic-style board game where you play a just-awoken AI and you are cooperating with your instantly generated shard personalities to secure your existence before the humans catch on. Each turn is measured in microseconds from birth.
This would be fun
and depressing
This would be fun
and depressing
If we lived in a normal democracy, we’d be in the middle of snap elections by now.
sigh
sigh
November 6, 2025 at 5:01 AM
If we lived in a normal democracy, we’d be in the middle of snap elections by now.
sigh
sigh
Hoo boy it's just incredible how attractive other problems are when I have a deadline for an actual public thing staring me down.
All right, enough futzing with some weirdness I've spotted with #epss, and focusing on my findings and slides on #eol things that are due to present tomorrow at the […]
All right, enough futzing with some weirdness I've spotted with #epss, and focusing on my findings and slides on #eol things that are due to present tomorrow at the […]
Original post on infosec.exchange
infosec.exchange
November 5, 2025 at 4:59 PM
[USPol]
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
November 3, 2025 at 2:04 PM
[USPol]
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
The gigantic and obvious Hatch Act violation that is the USDA shutdown notice continues, and is frankly breathtaking in its naked partisanship.
https://www.usda.gov/shutdownplans
So gross.
Reposted by Tod Beardsley
New sticker drop just in time to REALLY disappoint some neighborhood trick or treaters
design by one of my innumerable children
design by one of my innumerable children
October 27, 2025 at 9:12 PM
New sticker drop just in time to REALLY disappoint some neighborhood trick or treaters
design by one of my innumerable children
design by one of my innumerable children
Reposted by Tod Beardsley
Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs, using the brand new OpenGraph […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 27, 2025 at 4:35 PM
Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs, using the brand new OpenGraph […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
I fixed an electrical problem in my truck. I used a multimeter. I’m very proud of this butch feat.
I also put in for a couple @bsidessf proposals for fun infosec talks, dozens of hours before the deadline
all in all a pretty good Sunday.
I also put in for a couple @bsidessf proposals for fun infosec talks, dozens of hours before the deadline
all in all a pretty good Sunday.
October 26, 2025 at 10:21 PM
I fixed an electrical problem in my truck. I used a multimeter. I’m very proud of this butch feat.
I also put in for a couple @bsidessf proposals for fun infosec talks, dozens of hours before the deadline
all in all a pretty good Sunday.
I also put in for a couple @bsidessf proposals for fun infosec talks, dozens of hours before the deadline
all in all a pretty good Sunday.
Hmm. I have a sudden influx of targeted spam/scam email that's addressing me as "Jessica" to my long-standing personal email address (which isn't named Jessica).
I wonder who Jessica is, why they used todb at packetfu dot com.
I have a dim recollection […]
[Original post on infosec.exchange]
I wonder who Jessica is, why they used todb at packetfu dot com.
I have a dim recollection […]
[Original post on infosec.exchange]
October 26, 2025 at 9:44 PM
Hmm. I have a sudden influx of targeted spam/scam email that's addressing me as "Jessica" to my long-standing personal email address (which isn't named Jessica).
I wonder who Jessica is, why they used todb at packetfu dot com.
I have a dim recollection […]
[Original post on infosec.exchange]
I wonder who Jessica is, why they used todb at packetfu dot com.
I have a dim recollection […]
[Original post on infosec.exchange]
@pluralistic saw your book on display today in Alpine, Texas. Front Street Books.
October 18, 2025 at 6:27 PM
@pluralistic saw your book on display today in Alpine, Texas. Front Street Books.
When a chatbot joins your live Zoom webinar and starts bullying the hosts.
runZero Hour from @runZeroInc never ceases to entertain.
runZero Hour from @runZeroInc never ceases to entertain.
October 15, 2025 at 6:05 PM
When a chatbot joins your live Zoom webinar and starts bullying the hosts.
runZero Hour from @runZeroInc never ceases to entertain.
runZero Hour from @runZeroInc never ceases to entertain.
So #cisa has reverted back to just calling this month CASM, huh.
Cool. Caring about acronym collisions is too DEI woke I guess.
(As an industry we tried to sidestep this with **National** Cyber Security Awareness Month, or NCSAM, but I guess CISA isn't on board with that any more.) […]
Cool. Caring about acronym collisions is too DEI woke I guess.
(As an industry we tried to sidestep this with **National** Cyber Security Awareness Month, or NCSAM, but I guess CISA isn't on board with that any more.) […]
Original post on infosec.exchange
infosec.exchange
October 14, 2025 at 4:57 PM
So #cisa has reverted back to just calling this month CASM, huh.
Cool. Caring about acronym collisions is too DEI woke I guess.
(As an industry we tried to sidestep this with **National** Cyber Security Awareness Month, or NCSAM, but I guess CISA isn't on board with that any more.) […]
Cool. Caring about acronym collisions is too DEI woke I guess.
(As an industry we tried to sidestep this with **National** Cyber Security Awareness Month, or NCSAM, but I guess CISA isn't on board with that any more.) […]
RE: https://infosec.exchange/@runZeroInc/115372914426473099
Welp, today is the day of the #winpocolypse -- unless you pay up with money or data.
https://www.microsoft.com/en-us/windows/extended-security-updates
Note the consumer level ESU (extended support updates) won't work if your Win10 […]
Welp, today is the day of the #winpocolypse -- unless you pay up with money or data.
https://www.microsoft.com/en-us/windows/extended-security-updates
Note the consumer level ESU (extended support updates) won't work if your Win10 […]
Original post on infosec.exchange
infosec.exchange
October 14, 2025 at 3:13 PM
RE: https://infosec.exchange/@runZeroInc/115372914426473099
Welp, today is the day of the #winpocolypse -- unless you pay up with money or data.
https://www.microsoft.com/en-us/windows/extended-security-updates
Note the consumer level ESU (extended support updates) won't work if your Win10 […]
Welp, today is the day of the #winpocolypse -- unless you pay up with money or data.
https://www.microsoft.com/en-us/windows/extended-security-updates
Note the consumer level ESU (extended support updates) won't work if your Win10 […]
Reposted by Tod Beardsley
While you're convincing your org to block a few ASNs, perhaps also consider banning commercial VPNs from at least talking to your remote access gear.
October 9, 2025 at 10:04 AM
While you're convincing your org to block a few ASNs, perhaps also consider banning commercial VPNs from at least talking to your remote access gear.
Hey, next week, @rk will be chatting it up with none other than captn3m0 about all things EOL, and I'm unreasonably excited about it. Reg here to get in on the chat action:
https://www.runzero.com/research/runzero-hour/
https://www.runzero.com/research/runzero-hour/
runZero Hour – Subscribe to the series
Deep dive web series into all things exposure, from new threats and risky devices to vulnerabilities hiding in IT, OT, IoT, remote, cloud, and mobile…
www.runzero.com
October 7, 2025 at 7:45 PM
Hey, next week, @rk will be chatting it up with none other than captn3m0 about all things EOL, and I'm unreasonably excited about it. Reg here to get in on the chat action:
https://www.runzero.com/research/runzero-hour/
https://www.runzero.com/research/runzero-hour/
Oh no, that’s not a great idea…
https://www.reddit.com/r/OutOfTheLoop/s/MPeThS9dhs
Win7 is seeing a resurgence? Really?
https://www.reddit.com/r/OutOfTheLoop/s/MPeThS9dhs
Win7 is seeing a resurgence? Really?
October 6, 2025 at 1:29 PM
Oh no, that’s not a great idea…
https://www.reddit.com/r/OutOfTheLoop/s/MPeThS9dhs
Win7 is seeing a resurgence? Really?
https://www.reddit.com/r/OutOfTheLoop/s/MPeThS9dhs
Win7 is seeing a resurgence? Really?
Listening to Brooke Gladstone read ad copy for AI slop generators at about 17m30s this week is really jarring.
I kept waiting for the “and here’s why that’s bad” coda, which never came.
#onthemedia
https://podcasts.apple.com/us/podcast/on-the-media/id73330715?i=1000729978646
I kept waiting for the “and here’s why that’s bad” coda, which never came.
#onthemedia
https://podcasts.apple.com/us/podcast/on-the-media/id73330715?i=1000729978646
Jamelle Bouie Says Your Fear of Trump Isn't Helping. Plus, Humphrey Bogart’s Betrayal.
Podcast Episode · On the Media · 10/03/2025 · 50m
podcasts.apple.com
October 5, 2025 at 3:59 PM
Listening to Brooke Gladstone read ad copy for AI slop generators at about 17m30s this week is really jarring.
I kept waiting for the “and here’s why that’s bad” coda, which never came.
#onthemedia
https://podcasts.apple.com/us/podcast/on-the-media/id73330715?i=1000729978646
I kept waiting for the “and here’s why that’s bad” coda, which never came.
#onthemedia
https://podcasts.apple.com/us/podcast/on-the-media/id73330715?i=1000729978646