Chris (stof) Langton
@0x73746f66.bsky.social
Co-founder & CTO of Vulnetix
Bits of Cyber @ Substack
Bits of Cyber @ Substack
Our plans for interopability means you control your data, even if you ingest your reports from 30 tools in our system! We know having context for prioritisation so things aren't lost in a sea of duplicates and false positives will solve 80% of the admin you do today. Wait to see what we do next
April 12, 2025 at 5:03 AM
Our plans for interopability means you control your data, even if you ingest your reports from 30 tools in our system! We know having context for prioritisation so things aren't lost in a sea of duplicates and false positives will solve 80% of the admin you do today. Wait to see what we do next
Vulnetix has a vision to transform this broken system with our implementation of the privacy-preserving vulnerability disclosures so that bug bounty and even a pentest can trigger everyone affected to be notified immediately
April 12, 2025 at 5:03 AM
Vulnetix has a vision to transform this broken system with our implementation of the privacy-preserving vulnerability disclosures so that bug bounty and even a pentest can trigger everyone affected to be notified immediately
There are so many exploitable vulnerabilities going unnoticed even when numbered by CVE, in the sea of findings, regardless of being vulnerable for years before, a lot of post breach investigations unveil the team had knowledge of the CVE at the time of the breach, but that was 1 in 10s of thousands
April 12, 2025 at 5:03 AM
There are so many exploitable vulnerabilities going unnoticed even when numbered by CVE, in the sea of findings, regardless of being vulnerable for years before, a lot of post breach investigations unveil the team had knowledge of the CVE at the time of the breach, but that was 1 in 10s of thousands
Yeah npm has deleted the package. Doing searches like yours too it seems unlikely to be a risk for ghost but if I was using bots to trade Solana I'd seriously be concerned
Looks like 3 district bots use keypair-utils directly 😱😲
Looks like 3 district bots use keypair-utils directly 😱😲
April 2, 2025 at 12:24 PM
Yeah npm has deleted the package. Doing searches like yours too it seems unlikely to be a risk for ghost but if I was using bots to trade Solana I'd seriously be concerned
Looks like 3 district bots use keypair-utils directly 😱😲
Looks like 3 district bots use keypair-utils directly 😱😲
No default confinement?
Yolo K8s
No 'known good' seccomp?
Yolo all syscalls K8s
No identities for requests in your zero trust?
Yolo only server identity authenticated once and blind trust them for a year with all requests allowed through with K8s UNcontrol planes
Co trainers are doing just fine
Yolo K8s
No 'known good' seccomp?
Yolo all syscalls K8s
No identities for requests in your zero trust?
Yolo only server identity authenticated once and blind trust them for a year with all requests allowed through with K8s UNcontrol planes
Co trainers are doing just fine
March 27, 2025 at 9:30 AM
No default confinement?
Yolo K8s
No 'known good' seccomp?
Yolo all syscalls K8s
No identities for requests in your zero trust?
Yolo only server identity authenticated once and blind trust them for a year with all requests allowed through with K8s UNcontrol planes
Co trainers are doing just fine
Yolo K8s
No 'known good' seccomp?
Yolo all syscalls K8s
No identities for requests in your zero trust?
Yolo only server identity authenticated once and blind trust them for a year with all requests allowed through with K8s UNcontrol planes
Co trainers are doing just fine
Of course, no screenshots, all high level buzzwords
March 27, 2025 at 9:24 AM
Of course, no screenshots, all high level buzzwords
Share a public version we can read
March 27, 2025 at 9:18 AM
Share a public version we can read
The higher version isn't improvement, the version is more like a mode
V1 and V6 are time based, but 6 has a clock sequence and variant to be more precise
V7 is like V1 but has a different ra.dom segment
V8 is just guidelines for a custom UUID where you won't get a generator
And experimental
V1 and V6 are time based, but 6 has a clock sequence and variant to be more precise
V7 is like V1 but has a different ra.dom segment
V8 is just guidelines for a custom UUID where you won't get a generator
And experimental
March 27, 2025 at 9:12 AM
The higher version isn't improvement, the version is more like a mode
V1 and V6 are time based, but 6 has a clock sequence and variant to be more precise
V7 is like V1 but has a different ra.dom segment
V8 is just guidelines for a custom UUID where you won't get a generator
And experimental
V1 and V6 are time based, but 6 has a clock sequence and variant to be more precise
V7 is like V1 but has a different ra.dom segment
V8 is just guidelines for a custom UUID where you won't get a generator
And experimental
Tools that don't output to standard formats like SARIF and VEX
Means I need to adjust business process, automation, and reporting logic - to use the proprietary tooling whereas tools that follow standards slide in and out without effecting any of that
Means I need to adjust business process, automation, and reporting logic - to use the proprietary tooling whereas tools that follow standards slide in and out without effecting any of that
March 9, 2025 at 4:36 AM
Tools that don't output to standard formats like SARIF and VEX
Means I need to adjust business process, automation, and reporting logic - to use the proprietary tooling whereas tools that follow standards slide in and out without effecting any of that
Means I need to adjust business process, automation, and reporting logic - to use the proprietary tooling whereas tools that follow standards slide in and out without effecting any of that
Google Docs + ChatGPT
March 9, 2025 at 4:17 AM
Google Docs + ChatGPT