Mark Manning
@antitree.com
Process isolationist, k8s hacker, ᴎo-prem pusher, syscall denier, container liberator
🔸Chainguard - Product Security
🔸Rochester 2600, IOIOIO Security
🔸Former: Snowflake, NCC Group, Hackerspace starter, BSidesROC Founder
🔸Chainguard - Product Security
🔸Rochester 2600, IOIOIO Security
🔸Former: Snowflake, NCC Group, Hackerspace starter, BSidesROC Founder
All the AI in the world and Google's cameras still think snow is someone walking
December 11, 2025 at 2:17 AM
All the AI in the world and Google's cameras still think snow is someone walking
I'm a sucker for books that support my belief that we're all doing infosec poorly or just for the sake of infosec. This has been an interesting read so far
November 26, 2025 at 7:19 PM
I'm a sucker for books that support my belief that we're all doing infosec poorly or just for the sake of infosec. This has been an interesting read so far
Uh oh. Check your GCP Cloud Run jobs.
November 21, 2025 at 10:09 PM
Uh oh. Check your GCP Cloud Run jobs.
This was 2600 meeting last night. It's getting overwhelming when you look closely
October 4, 2025 at 4:40 PM
This was 2600 meeting last night. It's getting overwhelming when you look closely
An answer to everyone's question: "What if a Linux syscall was an anthropomorphic action figure?"
August 24, 2025 at 8:55 PM
An answer to everyone's question: "What if a Linux syscall was an anthropomorphic action figure?"
Catching @bouncyhat.bsky.social 's talk in track 4. Pretty excited
August 8, 2025 at 6:20 PM
Catching @bouncyhat.bsky.social 's talk in track 4. Pretty excited
All I can say is I worked very hard to angle myself into a position to receive one of these today. Thanks @bsidesbuffalo.bsky.social
June 8, 2025 at 1:31 AM
All I can say is I worked very hard to angle myself into a position to receive one of these today. Thanks @bsidesbuffalo.bsky.social
Starting my talk for @bsidesbuffalo.bsky.social
June 7, 2025 at 2:59 PM
Starting my talk for @bsidesbuffalo.bsky.social
Just a Friday night with containers, seccomp profiles, and LLMs at @roc2600.bsky.social
June 7, 2025 at 1:03 AM
Just a Friday night with containers, seccomp profiles, and LLMs at @roc2600.bsky.social
Going back to CVE-2019-5736 for a true container 0day for a demo at @bsidesbuffalo.bsky.social next month.
Seccomp will save us right?
Seccomp will save us right?
May 9, 2025 at 1:07 AM
Going back to CVE-2019-5736 for a true container 0day for a demo at @bsidesbuffalo.bsky.social next month.
Seccomp will save us right?
Seccomp will save us right?
It was a great week at @chainguard.bsky.social when I found out I work with the person that wrote Crane and he pointed me at some fun registry security hints.
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
April 19, 2025 at 1:06 AM
It was a great week at @chainguard.bsky.social when I found out I work with the person that wrote Crane and he pointed me at some fun registry security hints.
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
Here are my slides from @bsidesreykjavik.com.
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
March 19, 2025 at 12:46 PM
Here are my slides from @bsidesreykjavik.com.
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
Excited to be at @bsidesreykjavik.com. I have some guilt that I am missing my hometown B-Sides ROC for the first time ever though which is also today but I can't resist Iceland.
March 19, 2025 at 8:24 AM
Excited to be at @bsidesreykjavik.com. I have some guilt that I am missing my hometown B-Sides ROC for the first time ever though which is also today but I can't resist Iceland.
As expected, Reykjavik is still pretty cool. My @bsidesreykjavik.com is tomorrow morning bright and early so laying low tonight and appreciating the scenery
March 18, 2025 at 12:10 PM
As expected, Reykjavik is still pretty cool. My @bsidesreykjavik.com is tomorrow morning bright and early so laying low tonight and appreciating the scenery
Idk how many people I've shown K9s to now but everyone has the same reaction - what is that and give it to me!
I wish I had time to hack in some of the cool Chainguard debugging tools though
I wish I had time to hack in some of the cool Chainguard debugging tools though
March 17, 2025 at 6:30 PM
Idk how many people I've shown K9s to now but everyone has the same reaction - what is that and give it to me!
I wish I had time to hack in some of the cool Chainguard debugging tools though
I wish I had time to hack in some of the cool Chainguard debugging tools though
My prize possession. A gift from @neutrino.bsky.social who is adding 3d printing to his list of expertises
January 13, 2025 at 3:11 PM
My prize possession. A gift from @neutrino.bsky.social who is adding 3d printing to his list of expertises
How I brought in 2025. Happy new year! See you at Shmoo.
January 1, 2025 at 5:05 AM
How I brought in 2025. Happy new year! See you at Shmoo.
Years ago I built this custom magnetic poetry set to come up with future vulnerability names.
Anyone interested in a pack?
Anyone interested in a pack?
December 13, 2024 at 4:11 PM
Years ago I built this custom magnetic poetry set to come up with future vulnerability names.
Anyone interested in a pack?
Anyone interested in a pack?
I just learned that part of the XZ incident, the attacker disabled Landlock, thE application sandboxing LSM (that I keep hoping grabs more use cases)
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
November 12, 2024 at 1:25 AM
I just learned that part of the XZ incident, the attacker disabled Landlock, thE application sandboxing LSM (that I keep hoping grabs more use cases)
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
I don't always buy lock picks IRL but when I do, it's from an unmarked warehouse that only accepts cash. 10/10, loved visiting Peterson Manufacturing in Rochester today for a local pickup.
November 8, 2024 at 12:14 AM
I don't always buy lock picks IRL but when I do, it's from an unmarked warehouse that only accepts cash. 10/10, loved visiting Peterson Manufacturing in Rochester today for a local pickup.
Rochester 2600 meeting this week. See you at 7pm on Friday at RIT for another interesting set of discussions for nerds and non-nerds a like.
www.rochester2600.com/meetings/202...
www.rochester2600.com/meetings/202...
October 29, 2024 at 4:24 PM
Rochester 2600 meeting this week. See you at 7pm on Friday at RIT for another interesting set of discussions for nerds and non-nerds a like.
www.rochester2600.com/meetings/202...
www.rochester2600.com/meetings/202...