mle
LightNews LightNews
whyli.me
mle
@whyli.me
170 followers 190 following 43 posts
Trying to leave things better than I found them, including the Internet • runner • security research @ Censys 🧡 she/her • @mle@infosec.exchange
Posts Replies Media Videos
Pinned
whyli.me
mle @whyli.me · Nov 19
I’m Emily, and I study ✨weird things on the Internet. Mostly things that shouldn’t be, but are—either through malicious intent or misconfig.

I love botnets and malicious email, but have recently focused on Internet-connected industrial control systems.

Excited to see new + familiar faces here!
Reposted by mle
campuscodi.risky.biz
Censys has spotted a phishing campaign targeting crypto-wallet owners that misunderstood how the robots.txt file works and thought that by adding the phishing pages to the file, security scanners would not be able to see and detect them.

censys.com/blog/disallo...
September 30, 2025 at 10:43 AM
whyli.me
Appreciate @carolinenihill.bsky.social taking the time to chat with me and Mark about what he best described as, "a once-in-a-lifetime cool find." 🐉

Always more work to do around securing critical infrastructure, but little by little, we can keep chipping away.

www.itbrew.com/stories/2025...
A cybersecurity firm uncovered hundreds of exposed national water facilities
Software company Censys found 400 web-based HMIs for US water facilities exposed online.
www.itbrew.com
June 12, 2025 at 2:06 PM
whyli.me
Great explainer about why tracking "Salt Typhoon" feels like trying to find a needle in a haystack, when there may or may not even be needles in said haystack
June 11, 2025 at 8:34 PM
Reposted by mle
aoc.bsky.social
It is 100% carrying water for the opposition to participate in this collective delusion that Dems for some reason need to answer for every teen who throws a rock rather than hold the Trump admin accountable for intentionally creating chaos and breaking the law to stoke violence.

They are in charge.
June 11, 2025 at 12:44 AM
whyli.me
Cool highlight of the water HMI exposure research we dropped last week in @zackwhittaker.com's This Week In Security newsletter. In a world of gloomy stories (security and otherwise), it's nice to have research make it to The Happy Corner!
Excerpt from email newsletter that reads: "THE HAPPY CORNER You know what time it is? It's chill-o'clock in the happy corner. This week, some great news from Censys, which found 400 exposed web-based interfaces of U.S. water facilities, and worked with the Environmental Protection Agency to secure them — including 40 of them that were entirely unauthenticated and controllable by anyone with a web browser. It shows the U.S. has a long way to go to secure its critical infrastructure, but we don't make progress unless we document and detail along the way so others can learn, too. Great work here, and a very detailed report for the geeks like me who love the nitty-gritty. (SecurityWeek has a tl;dr, too.)"
June 9, 2025 at 1:43 PM
whyli.me
This remediation effort is incredible, and I still almost can't believe it. After initial discovery + notification in Oct, as of our most recent scan in May, we see fewer than 6% of these systems still in an insecure state.

I hope other agencies and vendors take note–there's much to learn here.
censys.bsky.social Censys @censys.bsky.social · Jun 5
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: censys.com/blog/turning...
Turning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs
censys.com
June 6, 2025 at 11:54 AM
Reposted by mle
censys.bsky.social
Trend Micro recently uncovered a campaign abusing TikTok to distribute malware via AI-generated videos, tricking users into installing infostealers. Using IOCs provided by Trend Micro, we found more related infrastructure, including a newer bulletproof service provider: censys.com/blog/tiktok-...
TikTok and Malware
censys.com
May 27, 2025 at 6:18 PM
Reposted by mle
billmarczak.org
Check out our new @citizenlab.ca report today on Paragon! We got a tip from a collaborator, used it to map out Paragon's infrastructure, and shared with Meta. WhatsApp was able to capture & burn a zero-click, and sent out notifications to targets citizenlab.ca/2025/03/a-fi...
Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations - The Citizen Lab
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across t...
citizenlab.ca
March 19, 2025 at 6:08 PM
whyli.me
This from @semi-rad.com was exactly what I needed to read when it hit my inbox this morning so sharing it in case it helps you, too.

semi-rad.com/2025/02/remi...
Reminder To Touch Grass – Semi-Rad.com
semi-rad.com
February 21, 2025 at 1:09 PM
whyli.me
apparently I've been at Censys for 3 years today.

...how has it only been 3 years? I feel like I've lived entire lifetimes in the past 3 years but also I just had my first day and blinked and now I'm here.
January 10, 2025 at 3:53 PM
whyli.me
The irony of the Severance podcast starting with an ad for Confluence
January 8, 2025 at 1:18 PM
whyli.me
just declared tab bankruptcy on my work machine and it feels...freeing.
January 6, 2025 at 2:53 PM
Reposted by mle
malwaretech.com
Waymo is peak American innovation. With way less money they could have built a reliable public transport network, but instead someone was like "what if we could find a way for empty vehicles to contribute to traffic too? There's no reason we can't have more cars on the road than there are drivers"
December 30, 2024 at 10:15 PM
whyli.me
Listening to a running podcast and after a good discussion of how shorter distance speed translates to ultras, we’re talking about NotebookLM. I hate it here.
December 29, 2024 at 1:51 PM
whyli.me
This was a really strange year for me and #running. For the first quarter of 2024, I had no idea if I could even do it anymore. I wrote about the emotional roller coaster here:

whyli.me/blog/2024-ye...

#ultrarunning
The year of the rebuild
For better or worse, I’ll remember 2024 as the year of the rebuild. Following an exhilarating distance PR of 57 miles at a 12 hour looped course race in fall 2023, I set my alarm for 3am ET on New Yea...
whyli.me
December 26, 2024 at 4:43 PM
Reposted by mle
pbump.com
is this a drone
December 17, 2024 at 5:55 PM
whyli.me
Yesterday I combined my love of #running + #coffee via a chill, social 13.1mi tour of 3 different Perc Coffee locations around ATL. Had a different shot at each location (miles 0, 5, and 9) and chased the finish with an iced coffee.

And yes, I slept just fine if you’re wondering 😆
A bingo card titled “BINGO” with various running- and coffee-themed challenges sits on a table next to a small cup of espresso and a colorful PERC coffee sticker. A hand holding a small glass of espresso is raised outside of a bright, modern café filled with people socializing. A hand holding a small glass of espresso is raised in front of a bright, modern café filled with people socializing. A hand holding a plastic cup of iced coffee branded with the “PERC” logo is surrounded by people in a lively café setting.
December 16, 2024 at 6:59 PM
whyli.me
As a self-proclaimed "data person," this hit hard. Domain expertise is not just helpful, but critical to climbing to the highest levels of an analytics or data career.

Also some excellent thoughts about being "very good" vs "on another level" in this post.

benn.substack.com/p/is-this-a-...
Is this a career?
The trouble with “working in data.”
benn.substack.com
December 16, 2024 at 4:53 PM
whyli.me
CISA + EPA just released guidance for mitigating Internet-exposed HMIs and much is what you might expect: Remove from Internet if possible, use non-default pw, segment network, etc.

But I am perplexed to see "geofencing" recommended as a mitigation strategy in 2024.

www.cisa.gov/sites/defaul...
www.cisa.gov
December 13, 2024 at 6:55 PM
Reposted by mle
karenho.bsky.social
one of my reporting guidelines is "if you can't be first, be more accurate"
December 11, 2024 at 9:41 PM
whyli.me
"Women just aren't really that interested in tech, that's why they leave the industry." 🫥
chipnick.com Evelyn @chipnick.com · Dec 4
Dear men at #AWS #ReInvent

The networking events are not for speed dating. I am here to meet people in my industry or area of expertise, not answer questions about my marriage status.
December 6, 2024 at 5:38 PM
whyli.me
"Hell is other people's code."

Turns out it's also my code from 3 months ago.
December 6, 2024 at 3:34 PM
Reposted by mle
zakird.com
We released Censeye today, an open source CLI tool that makes it dramatically easier to pivot and find related assets when threat hunting on Censys instead of manually checking for potential identifying characteristics like an SSH host key. github.com/Censys-Resea...
November 27, 2024 at 5:05 PM
Reposted by mle
raphae.li
This is a story a lot of reporters have been chasing:

Starting in 2015, a massive cyberespionage campaign targeted some of America's most prominent environmentalists.

Now, we can reveal that the FBI has been probing whether a longtime Exxon lobbyist was involved.

www.reuters.com/business/ene...
Exclusive: Exxon lobbyist investigated over hack-and-leak of environmentalist emails, sources say
The FBI has been investigating a longtime Exxon Mobil consultant over the contractor's alleged role in a hack-and-leak operation that targeted hundreds of the oil company’s biggest critics, according to three people familiar with the matter.
www.reuters.com
November 27, 2024 at 5:34 PM
whyli.me
You can be the most technically excellent researcher or engineer in the world, but if you can't effectively communicate your ideas to people who don't have your skillset, you won't get very far.
November 27, 2024 at 2:55 PM