ɐʞsǝS
@trapdoorsec.com
1999→Dev→AppSec→Blue Team→GRC→Leadership→Even more appsec→Cat wrangling →Blogging→2025
https://linktr.ee/akses.null
https://linktr.ee/akses.null
Unsloppifying my avatar while waiting for Claude code to do menial tasks
December 26, 2025 at 12:28 PM
Unsloppifying my avatar while waiting for Claude code to do menial tasks
Reposted by ɐʞsǝS
Password vaults stolen from LastPass at the end of 2022 were cracked and used to steal cryptocurrency as recently as this year, with the stolen funds being laundered through Russia-based cryptocurrency exchanges
www.trmlabs.com/resources/bl...
www.trmlabs.com/resources/bl...
TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement | TRM Blog
TRM traced LastPass-linked Bitcoin laundering through mixers to high-risk Russian exchanges, showing how demixing exposes infrastructure reuse and limits mixer anonymity.
www.trmlabs.com
December 25, 2025 at 1:36 PM
Password vaults stolen from LastPass at the end of 2022 were cracked and used to steal cryptocurrency as recently as this year, with the stolen funds being laundered through Russia-based cryptocurrency exchanges
www.trmlabs.com/resources/bl...
www.trmlabs.com/resources/bl...
get you some chiptune www.youtube.com/watch?v=vVe4...
zabutom - where do i start? (2004)
YouTube video by zabutom
www.youtube.com
December 24, 2025 at 3:18 PM
get you some chiptune www.youtube.com/watch?v=vVe4...
Reposted by ɐʞsǝS
Reposted by ɐʞsǝS
Let's talk about AI Hype and the Theory of Constraints. From a business perspective, the key metric is "lead time." The time it takes to get an idea to the point where it's producing revenue ("in the customer's hands").
1/10
1/10
December 21, 2025 at 6:29 PM
Let's talk about AI Hype and the Theory of Constraints. From a business perspective, the key metric is "lead time." The time it takes to get an idea to the point where it's producing revenue ("in the customer's hands").
1/10
1/10
kinda wish MFA here wasn't bound to email
December 21, 2025 at 2:34 AM
kinda wish MFA here wasn't bound to email
Reposted by ɐʞsǝS
I'm so used to telling people "you're not interesting enough to be targeted by spies", but ever since DPRK went all in on state-sponsored cybercrime, now it's more like "no, actually it's entirely plausible the dude who stole your Roblox works for a foreign intelligence agency".
December 11, 2025 at 9:21 PM
I'm so used to telling people "you're not interesting enough to be targeted by spies", but ever since DPRK went all in on state-sponsored cybercrime, now it's more like "no, actually it's entirely plausible the dude who stole your Roblox works for a foreign intelligence agency".
Confirmation Bias as a Service
December 10, 2025 at 11:00 AM
Confirmation Bias as a Service
Everything's "agentic" now. Sprinkle some magic agentic fairy dust on your marketing folks.
December 7, 2025 at 5:29 AM
Everything's "agentic" now. Sprinkle some magic agentic fairy dust on your marketing folks.
🎧 💻 Do you listen to music when you hack or code? For me it has to be either metal or non-vocal beats. Lyrics or podcasts seem to break my concentration. Current go-to: www.youtube.com/watch?v=-P1z...
1993 Will come back again // Synthwave, Retrowave, Outrun, Cyberpunk, Chillwave
🎧 Immerse yourself in the sonic world of synthwave—a vibrant fusion of 80s nostalgia, cutting-edge cyberpunk, and dreamy electronic melodies. Whether you're cruising through city streets at night or…
www.youtube.com
December 1, 2025 at 6:30 AM
🎧 💻 Do you listen to music when you hack or code? For me it has to be either metal or non-vocal beats. Lyrics or podcasts seem to break my concentration. Current go-to: www.youtube.com/watch?v=-P1z...
Seems sysmon is getting turned on by default in win11 soon - better log information is always welcome. Just watch out for the spike in log storage requirements! techcommunity.microsoft.com/blog/windows...
Native Sysmon functionality coming to Windows | Microsoft Community Hub
Learn how to eliminate manual deployment and reduce operational risk with Sysmon functionality in Windows.
techcommunity.microsoft.com
November 29, 2025 at 11:28 PM
Seems sysmon is getting turned on by default in win11 soon - better log information is always welcome. Just watch out for the spike in log storage requirements! techcommunity.microsoft.com/blog/windows...
Someone is taking the piss or LARP'ing. I guess thats what happens when inputs are blindly accepted.
seclists.org/fulldisclosu...
seclists.org/fulldisclosu...
Full Disclosure: Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
seclists.org
November 28, 2025 at 10:07 PM
Someone is taking the piss or LARP'ing. I guess thats what happens when inputs are blindly accepted.
seclists.org/fulldisclosu...
seclists.org/fulldisclosu...
Me: "I'll just root this HTB machine before dinner"
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
November 26, 2025 at 10:23 AM
Me: "I'll just root this HTB machine before dinner"
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
Welp, time to put this in the security training
November 26, 2025 at 6:31 AM
Welp, time to put this in the security training
20 years in AppSec, visualized.
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
November 25, 2025 at 1:18 PM
20 years in AppSec, visualized.
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
Reposted by ɐʞsǝS
Bluesky when Adobe showed up for less than 1 miligram of a second
April 8, 2025 at 11:06 PM
Bluesky when Adobe showed up for less than 1 miligram of a second
Any sufficiently politically motivated media tycoon is indistinguishable from state run media.
December 27, 2024 at 2:00 PM
Any sufficiently politically motivated media tycoon is indistinguishable from state run media.
> “BIZFUM is a sophisticated malware stealer with advanced capabilities, identified as a tool designed to covertly harvest a broad spectrum of sensitive information from compromised systems.”
This kind of CISO bait word salad helps absolutely nobody. Let me try.
This kind of CISO bait word salad helps absolutely nobody. Let me try.
December 17, 2024 at 6:28 PM
> “BIZFUM is a sophisticated malware stealer with advanced capabilities, identified as a tool designed to covertly harvest a broad spectrum of sensitive information from compromised systems.”
This kind of CISO bait word salad helps absolutely nobody. Let me try.
This kind of CISO bait word salad helps absolutely nobody. Let me try.
Reposted by ɐʞsǝS
Been diving back into coding and financial planning! I built a flexible compound interest calculator that generates spreadsheets and graphs. Thinking of open-sourcing it along with some other tools I’m working on. Let me know if that’s something you’d be interested in!
December 8, 2024 at 5:11 AM
Been diving back into coding and financial planning! I built a flexible compound interest calculator that generates spreadsheets and graphs. Thinking of open-sourcing it along with some other tools I’m working on. Let me know if that’s something you’d be interested in!
To the execs: it's almost like you should assume you're already popped, and start paying for actual threat hunting professionals to find evidence of it.
A simple experiment you can do is buy a server, set up a website with nothing on it, then look at the access logs. All day, every day, there are random systems just blasting vulnerabilities at every device on the internet. Analysts call it "background noise", executives call it "cyber attacks".
December 6, 2024 at 2:48 AM
To the execs: it's almost like you should assume you're already popped, and start paying for actual threat hunting professionals to find evidence of it.
Reposted by ɐʞsǝS
A simple experiment you can do is buy a server, set up a website with nothing on it, then look at the access logs. All day, every day, there are random systems just blasting vulnerabilities at every device on the internet. Analysts call it "background noise", executives call it "cyber attacks".
December 6, 2024 at 2:15 AM
A simple experiment you can do is buy a server, set up a website with nothing on it, then look at the access logs. All day, every day, there are random systems just blasting vulnerabilities at every device on the internet. Analysts call it "background noise", executives call it "cyber attacks".
Game dev workstation turned into the game soundtrack production dept. last night
December 5, 2024 at 10:21 AM
Game dev workstation turned into the game soundtrack production dept. last night
Reposted by ɐʞsǝS
can I code fast? no. but can I code well? also no. but does my code work? alas, no
November 30, 2024 at 9:39 PM
can I code fast? no. but can I code well? also no. but does my code work? alas, no
Just know that whenever you say you’re skeeting, what goes through my brain is Skeet Ulrich in a horror movie
December 1, 2024 at 4:30 AM
Just know that whenever you say you’re skeeting, what goes through my brain is Skeet Ulrich in a horror movie