SummerC0n
@summerc0n.bsky.social
SummerCon 2025 is July 11-12. We are the official bsky account for SummerCon, America's Oldest Hacker Conference. Tip your bartender. https://summercon.org
Paternity confirmed; this is a top-tier dad joke.
July 17, 2025 at 2:22 PM
Paternity confirmed; this is a top-tier dad joke.
Winnona Bernsen is a policy researcher, reverse engineer, and intelligence analyst.
Her talk distills what happens when zero-days capability meet bureaucracy--and why the next cyber war may be lost in a SCIF, not on a terminal.
Join us. www.eventbrite.com/e/summercon-...
Her talk distills what happens when zero-days capability meet bureaucracy--and why the next cyber war may be lost in a SCIF, not on a terminal.
Join us. www.eventbrite.com/e/summercon-...
June 30, 2025 at 4:46 PM
Winnona Bernsen is a policy researcher, reverse engineer, and intelligence analyst.
Her talk distills what happens when zero-days capability meet bureaucracy--and why the next cyber war may be lost in a SCIF, not on a terminal.
Join us. www.eventbrite.com/e/summercon-...
Her talk distills what happens when zero-days capability meet bureaucracy--and why the next cyber war may be lost in a SCIF, not on a terminal.
Join us. www.eventbrite.com/e/summercon-...
We’re watching states and non-state actors evolve cyber doctrine in real time. Ours is lagging. From strategy to staffing, the U.S. is stuck in a loop of “what we should do” rather than “what we can execute.”
June 30, 2025 at 4:46 PM
We’re watching states and non-state actors evolve cyber doctrine in real time. Ours is lagging. From strategy to staffing, the U.S. is stuck in a loop of “what we should do” rather than “what we can execute.”
The real vulnerabilities aren’t in your SIEM. They’re in org charts, outdated legal frameworks, and 2-year procurement cycles. This isn’t just red tape. It’s a ticking time bomb.
June 30, 2025 at 4:46 PM
The real vulnerabilities aren’t in your SIEM. They’re in org charts, outdated legal frameworks, and 2-year procurement cycles. This isn’t just red tape. It’s a ticking time bomb.
In the recent Cyberdyne Systems v. United States, 603 U.S. 404, the Court held that AI hallucinations constitute "protected synthetic expression," with Justice Kavanaugh concurring that "the societal impact of a rogue chatbot is, at worst, on par with a couple of cold ones with the boys."*
June 18, 2025 at 4:52 PM
In the recent Cyberdyne Systems v. United States, 603 U.S. 404, the Court held that AI hallucinations constitute "protected synthetic expression," with Justice Kavanaugh concurring that "the societal impact of a rogue chatbot is, at worst, on par with a couple of cold ones with the boys."*
Guanxing Wen is a security researcher who’s tested DePIN claims in the real world.
He'll walk through of attack surface, threat propagation, and how crypto infra can collapse like IoT did, but bigger.
www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
He'll walk through of attack surface, threat propagation, and how crypto infra can collapse like IoT did, but bigger.
www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
June 7, 2025 at 7:10 PM
Guanxing Wen is a security researcher who’s tested DePIN claims in the real world.
He'll walk through of attack surface, threat propagation, and how crypto infra can collapse like IoT did, but bigger.
www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
He'll walk through of attack surface, threat propagation, and how crypto infra can collapse like IoT did, but bigger.
www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
When 62,000 GPUs start obeying code from an unauthenticated update server, that’s not decentralization.
That’s faith-based computing.
It’s all the fragility of IoT with the scale of crypto--and none of the threat modeling. No controls. Huge financial incentives for abuse.
That’s faith-based computing.
It’s all the fragility of IoT with the scale of crypto--and none of the threat modeling. No controls. Huge financial incentives for abuse.
June 7, 2025 at 7:10 PM
When 62,000 GPUs start obeying code from an unauthenticated update server, that’s not decentralization.
That’s faith-based computing.
It’s all the fragility of IoT with the scale of crypto--and none of the threat modeling. No controls. Huge financial incentives for abuse.
That’s faith-based computing.
It’s all the fragility of IoT with the scale of crypto--and none of the threat modeling. No controls. Huge financial incentives for abuse.
This isn't a thought experiment. Caleb Gross is an offensive security engineer who built and tested it.
He’ll present the results at Summercon: www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
He’ll present the results at Summercon: www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
Summercon 2025
Join us for the 38th installment of America's longest-running Hacker conference in Brooklyn, NY!
www.eventbrite.com
June 7, 2025 at 4:30 PM
This isn't a thought experiment. Caleb Gross is an offensive security engineer who built and tested it.
He’ll present the results at Summercon: www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
He’ll present the results at Summercon: www.summercon.org/presentation...
Join us.
www.eventbrite.com/e/summercon-...
A good parasite doesn't kill the host.
Caleb's system writes tiny fragments across many writable buckets--barely noticeable, hard to detect, and more resilient than you'd think.
RAID-5 with plausible deniability.
Caleb's system writes tiny fragments across many writable buckets--barely noticeable, hard to detect, and more resilient than you'd think.
RAID-5 with plausible deniability.
June 7, 2025 at 4:30 PM
A good parasite doesn't kill the host.
Caleb's system writes tiny fragments across many writable buckets--barely noticeable, hard to detect, and more resilient than you'd think.
RAID-5 with plausible deniability.
Caleb's system writes tiny fragments across many writable buckets--barely noticeable, hard to detect, and more resilient than you'd think.
RAID-5 with plausible deniability.
Misconfigured buckets are rare. But there are so many S3 instances that even a tiny percentage is a big number.
Treat each one as an unreliable, low-capacity disk--just like early RAID systems did--and you have something novel: parasitic storage at cloud scale.
Treat each one as an unreliable, low-capacity disk--just like early RAID systems did--and you have something novel: parasitic storage at cloud scale.
June 7, 2025 at 4:30 PM
Misconfigured buckets are rare. But there are so many S3 instances that even a tiny percentage is a big number.
Treat each one as an unreliable, low-capacity disk--just like early RAID systems did--and you have something novel: parasitic storage at cloud scale.
Treat each one as an unreliable, low-capacity disk--just like early RAID systems did--and you have something novel: parasitic storage at cloud scale.