Bobert Hepker
@boberthepker.bsky.social
(He/Him) Husband, father, pentester, born in a meteor crater, old console collector, enjoyer of empty mountain roads.
#Knoxville #KnoxvilleTN #HomeAssistant #FlipperZero #RetroGaming #OSCP #Pentest #RedTeam #Pi #ESP32 #ESP8266 #Marauder #NRF24
#Knoxville #KnoxvilleTN #HomeAssistant #FlipperZero #RetroGaming #OSCP #Pentest #RedTeam #Pi #ESP32 #ESP8266 #Marauder #NRF24
Reposted by Bobert Hepker
Calling all Sponsors!
Halloween is this Friday, give the board a scare 😂
BSides Knoxville 2026 Prospectus
buff.ly/jJYtKjZ
#BSK2026 #callforsponsors
Halloween is this Friday, give the board a scare 😂
BSides Knoxville 2026 Prospectus
buff.ly/jJYtKjZ
#BSK2026 #callforsponsors
October 26, 2025 at 3:58 PM
Calling all Sponsors!
Halloween is this Friday, give the board a scare 😂
BSides Knoxville 2026 Prospectus
buff.ly/jJYtKjZ
#BSK2026 #callforsponsors
Halloween is this Friday, give the board a scare 😂
BSides Knoxville 2026 Prospectus
buff.ly/jJYtKjZ
#BSK2026 #callforsponsors
Reposted by Bobert Hepker
This Korean data center fire keeps getting more and more tragic. Here’s what I know, to catch you up.
1. Back in 2017, S.Korea built “G Drive” for government officials to store all their files (no relation to Google drive, the ‘G’ stands for Government)
1. Back in 2017, S.Korea built “G Drive” for government officials to store all their files (no relation to Google drive, the ‘G’ stands for Government)
October 14, 2025 at 9:30 PM
This Korean data center fire keeps getting more and more tragic. Here’s what I know, to catch you up.
1. Back in 2017, S.Korea built “G Drive” for government officials to store all their files (no relation to Google drive, the ‘G’ stands for Government)
1. Back in 2017, S.Korea built “G Drive” for government officials to store all their files (no relation to Google drive, the ‘G’ stands for Government)
Reposted by Bobert Hepker
Our nation's federal employees are more than just numbers on a spreadsheet.
They make sure we have clean water.
They protect us from financial fraud.
They provide healthcare to our communities.
They make our government actually work for people.
Do not forget this.
They make sure we have clean water.
They protect us from financial fraud.
They provide healthcare to our communities.
They make our government actually work for people.
Do not forget this.
October 10, 2025 at 8:01 PM
Our nation's federal employees are more than just numbers on a spreadsheet.
They make sure we have clean water.
They protect us from financial fraud.
They provide healthcare to our communities.
They make our government actually work for people.
Do not forget this.
They make sure we have clean water.
They protect us from financial fraud.
They provide healthcare to our communities.
They make our government actually work for people.
Do not forget this.
Reposted by Bobert Hepker
Remember that time Oracle forgot to include access control for virtual disks, and you could mount any disk image belonging to any other Oracle Cloud customer if you knew the disk id?
This thing Microsoft did is worse
dirkjanm.io/obtaining-gl...
This thing Microsoft did is worse
dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 20, 2025 at 8:05 PM
Remember that time Oracle forgot to include access control for virtual disks, and you could mount any disk image belonging to any other Oracle Cloud customer if you knew the disk id?
This thing Microsoft did is worse
dirkjanm.io/obtaining-gl...
This thing Microsoft did is worse
dirkjanm.io/obtaining-gl...
Reposted by Bobert Hepker
Here it is: The @wired.com Politics Issue is now live, with more stories rolling out all week. We're so proud of this one.
Behold this cover; truly a work of art.
And we're treating it that way: Starting today, you can find it on murals, billboards, and posters across in five U.S. cities.
Behold this cover; truly a work of art.
And we're treating it that way: Starting today, you can find it on murals, billboards, and posters across in five U.S. cities.
September 22, 2025 at 1:02 PM
Here it is: The @wired.com Politics Issue is now live, with more stories rolling out all week. We're so proud of this one.
Behold this cover; truly a work of art.
And we're treating it that way: Starting today, you can find it on murals, billboards, and posters across in five U.S. cities.
Behold this cover; truly a work of art.
And we're treating it that way: Starting today, you can find it on murals, billboards, and posters across in five U.S. cities.
Reposted by Bobert Hepker
The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.
These headlines are all pretty egregiously wrong:
These headlines are all pretty egregiously wrong:
September 23, 2025 at 9:20 PM
The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.
These headlines are all pretty egregiously wrong:
These headlines are all pretty egregiously wrong:
Reposted by Bobert Hepker
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Secret Service agents dismantle network that could shut down New York cellphone system
Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.
www.nbcnews.com
September 23, 2025 at 6:49 PM
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Reposted by Bobert Hepker
May 8, 2025 at 11:01 PM
Reposted by Bobert Hepker
From Guardian to Threat: The Double Life of Security Tools with Stephen Hilt will be live at 3PM!
Find Stephen on social media: www.linkedin.com/in/stephen-h... & x.com/sjhilt
Add this talk to your schedule: bsidesknoxville2025.sched.com/event/1yuas/...
#BSK2025
Find Stephen on social media: www.linkedin.com/in/stephen-h... & x.com/sjhilt
Add this talk to your schedule: bsidesknoxville2025.sched.com/event/1yuas/...
#BSK2025
May 2, 2025 at 11:01 PM
From Guardian to Threat: The Double Life of Security Tools with Stephen Hilt will be live at 3PM!
Find Stephen on social media: www.linkedin.com/in/stephen-h... & x.com/sjhilt
Add this talk to your schedule: bsidesknoxville2025.sched.com/event/1yuas/...
#BSK2025
Find Stephen on social media: www.linkedin.com/in/stephen-h... & x.com/sjhilt
Add this talk to your schedule: bsidesknoxville2025.sched.com/event/1yuas/...
#BSK2025
Reposted by Bobert Hepker
Principal Security Consultant Adam Compton will be speaking at BSides Knoxville, May 9 at 2:00PM. Make sure you catch his talk "An Old Hillbilly's Guide to BASH for Pentests: Automating, Logging, and Covering Your Butt" if you'll be there! bsidesknoxville2025.sched.com/event/1yuaX/...
May 2, 2025 at 2:54 PM
Principal Security Consultant Adam Compton will be speaking at BSides Knoxville, May 9 at 2:00PM. Make sure you catch his talk "An Old Hillbilly's Guide to BASH for Pentests: Automating, Logging, and Covering Your Butt" if you'll be there! bsidesknoxville2025.sched.com/event/1yuaX/...
Reposted by Bobert Hepker
Flaws in Apple's AirPlay protocol for streaming media to speakers, TVs, and set-top boxes have left millions of these devices vulnerable to being hijacked by any hacker on the same Wifi network.
Many of these devices never receive patches.
www.wired.com/story/airbor...
Many of these devices never receive patches.
www.wired.com/story/airbor...
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
www.wired.com
April 29, 2025 at 12:39 PM
Flaws in Apple's AirPlay protocol for streaming media to speakers, TVs, and set-top boxes have left millions of these devices vulnerable to being hijacked by any hacker on the same Wifi network.
Many of these devices never receive patches.
www.wired.com/story/airbor...
Many of these devices never receive patches.
www.wired.com/story/airbor...
Reposted by Bobert Hepker
It's not too late to purchase your ticket! We only have NINE more days! Here's the link if you need it ----> www.eventbrite.com/e/bsides-kno... 👀
#BSK2025
#BSK2025
April 30, 2025 at 4:06 PM
It's not too late to purchase your ticket! We only have NINE more days! Here's the link if you need it ----> www.eventbrite.com/e/bsides-kno... 👀
#BSK2025
#BSK2025
New Pebble watch being announced tomorrow at noon EDT. store.repebble.com/countdown
It's the final countdown
It's the final countdown
store.repebble.com
March 18, 2025 at 2:23 AM
New Pebble watch being announced tomorrow at noon EDT. store.repebble.com/countdown
It will be interesting to see if this ends up having any impacts on copyright law and torrenting.
www.tomshardware.com/tech-industr...
www.tomshardware.com/tech-industr...
Meta defends using pirated material, claims it's legal if you don't seed content
Configuration settings were modified "so that the smallest amount of seeding possible could occur".
www.tomshardware.com
February 22, 2025 at 8:23 PM
It will be interesting to see if this ends up having any impacts on copyright law and torrenting.
www.tomshardware.com/tech-industr...
www.tomshardware.com/tech-industr...
Reposted by Bobert Hepker
Russia-linked hackers have been phishing Ukrainian military with Signal QR codes that look like group invites but instead add a linked device that eavesdrops on messages. Update Signal now to get its fix for a tactic that’s likely to spread beyond Ukraine. www.wired.com/story/russia...
A Signal Update Fends Off a Phishing Technique Used in Russian Espionage
Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.
www.wired.com
February 19, 2025 at 11:09 AM
Russia-linked hackers have been phishing Ukrainian military with Signal QR codes that look like group invites but instead add a linked device that eavesdrops on messages. Update Signal now to get its fix for a tactic that’s likely to spread beyond Ukraine. www.wired.com/story/russia...
Reposted by Bobert Hepker
Public education is the backbone of American democracy.
In the richest country in the history of the world, we cannot abandon our teachers and our public schools.
In the richest country in the history of the world, we cannot abandon our teachers and our public schools.
February 14, 2025 at 9:04 PM
Public education is the backbone of American democracy.
In the richest country in the history of the world, we cannot abandon our teachers and our public schools.
In the richest country in the history of the world, we cannot abandon our teachers and our public schools.
February 12, 2025 at 3:32 AM
Reposted by Bobert Hepker
So, when people produce stories about EVs which are specifically about where and how people charge them, not mentioning home charging is I think a terrible omission.
Specifically because if more people understood how that works, there'd be more pressure to solve at-home charging for apartments etc.
Specifically because if more people understood how that works, there'd be more pressure to solve at-home charging for apartments etc.
February 9, 2025 at 10:47 PM
So, when people produce stories about EVs which are specifically about where and how people charge them, not mentioning home charging is I think a terrible omission.
Specifically because if more people understood how that works, there'd be more pressure to solve at-home charging for apartments etc.
Specifically because if more people understood how that works, there'd be more pressure to solve at-home charging for apartments etc.
Reposted by Bobert Hepker
When asked about the feasibility of abusing this sort of abandoned internet infrastructure, watchTowr CEO Benjamin Harris told me it would be "terrifyingly simple" to pull off.
Reused AWS S3 buckets a weak link in supply chain security
When cloud customers don't clean up after themselves, part 97
www.theregister.com
February 4, 2025 at 10:38 PM
When asked about the feasibility of abusing this sort of abandoned internet infrastructure, watchTowr CEO Benjamin Harris told me it would be "terrifyingly simple" to pull off.
Reposted by Bobert Hepker
Reposted by Bobert Hepker
They covered up with brown paper the photos of Women in American Cryptology—members of the Hall of Honor like Elisabeth Friedman and Ann Caracristi—and People of Color in Cryptologic History honorees—like Wash Wong and Ralph Adams. All in response to President Trump’s anti-diversity order. /2
February 2, 2025 at 3:23 AM
They covered up with brown paper the photos of Women in American Cryptology—members of the Hall of Honor like Elisabeth Friedman and Ann Caracristi—and People of Color in Cryptologic History honorees—like Wash Wong and Ralph Adams. All in response to President Trump’s anti-diversity order. /2
Reposted by Bobert Hepker
I missed this entirely:
The FAA Administrator criticized Space X’s safety record and threatened fines.
Musk demanded he resign.
He did.
On January 20th.
www.thedailybeast.com/faa-chief-mi...
The FAA Administrator criticized Space X’s safety record and threatened fines.
Musk demanded he resign.
He did.
On January 20th.
www.thedailybeast.com/faa-chief-mi...
FAA Chief Quit on Jan. 20 After Elon Musk Told Him to Resign
Michael Whitaker had only been in the role for a year but the SpaceX chief accused him of “harassment.”
www.thedailybeast.com
January 30, 2025 at 12:13 PM
I missed this entirely:
The FAA Administrator criticized Space X’s safety record and threatened fines.
Musk demanded he resign.
He did.
On January 20th.
www.thedailybeast.com/faa-chief-mi...
The FAA Administrator criticized Space X’s safety record and threatened fines.
Musk demanded he resign.
He did.
On January 20th.
www.thedailybeast.com/faa-chief-mi...
Reposted by Bobert Hepker
Security flaws in a Subaru web portal let hackers unlock, start ignition or access a year of detailed location history for millions of cars.
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still ca...
www.wired.com
January 23, 2025 at 1:04 PM
Security flaws in a Subaru web portal let hackers unlock, start ignition or access a year of detailed location history for millions of cars.
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...