Seth Hanford 🐡

@[email protected]
473 Followers
981 Following
1.6K Posts

CSIRT primarily, currently doing large-scale detection engineering. I ❤️ ISO 8601

Spent a good amount of time in intelligence, ran operations for a vulnerability database, and worked a lot on some industry standards working groups CVSS (v2, v3), CPE (2.3). Did PSIRT a few places, too.

Do a lot with OpenBSD, Python, and Oxford commas. Worked as a manager for some world-class, global teams. Use that experience as a super power now that I’m back as a senior technical IC.

PronounsHe/Him
CommasOxford
TimestampsISO8601
Githubhttps://www.github.com/SethHanford
Websitehttps://trustworth.ee/SethHanford.html
:otter::otter:
Seth Hanford 🐡19h ago
Taggart22h ago

A few days old, but what a read. A Lumma infection gave up, among others things, definitive proof of DPRK attribution for the Polyfill compromise. Also solid details on fake IT employee tradecraft.

https://www.infostealers.com/article/how-one-infostealer-infection-solved-a-global-supply-chain-mystery-and-unmasked-dprk-spies-in-u-s-crypto/

Seth Hanford 🐡1d ago
Zig Claybourne1d ago
The long game requires so much preparation but is deeply satisfying in the end.
Seth Hanford 🐡5d ago

https://translate.kagi.com/?from=en&to=thri+kreen&text=I+think+we+should+break+up

I chose Thri Kreen because I thought “surely it won’t know this!” #ttrpg #dnd

Kagi Translate

Kagi Translate uses powerful AI models to instantly and accurately translate any content in any language.

Seth Hanford 🐡6d ago
Security Research Labs6d ago

We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)

Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.

For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.

https://srlabs.de/blog/hacking-ai-agent

#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

We strolled through an enterprise AI assistant's backend, helped ourselves to full application takeover and access to every chat log, and had a Microsoft Entra ID dump for dessert — no prompt injection, no model tricks, no AI expertise required.

SRLabs
Seth Hanford 🐡Mar 16

RE: https://mstdn.social/@lowqualityfacts/116228373137682903

@synfinatic

Seth Hanford 🐡Mar 16
da_667Mar 16
tomorrow its back to it.
Seth Hanford 🐡Mar 13

RE: https://journa.host/@msfreepress/116223198239794546

So sad to hear of Dr. Perkins passing, but also grateful to know that his work was guided day to day by his faith, and that he was very fruitful in effecting change that reflected the restorative and unifying teachings of Jesus.

As a congregant of a church whose pastor was a friend and mentee of Dr. Perkins, his legacy lives on in me and in my church community. I hope to carry on his work & legacy as long as I am able.

Seth Hanford 🐡Mar 11

Been an insomniac this week, and have been enjoying Brandon Sanderson’s 2025 SciFi / Fantasy Writers lecture series while I’m unable to sleep. I’m through the intro and Plot 1 & 2. He delivers it to an assumed audience of “you want to be a professional SFF author” and I’m really liking it.

I especially love, despite that pro-focused perspective, his advice (Paraphrased):
“Writing is good for you just like doing pickup games of basketball at the gym is good for you. Nobody asks a gym baller when they’re signing with the pros. So go be a novelist. It’s good for you. Just ignore those asking when you’ll get paid.”

Seth Hanford 🐡Mar 7
Michael W Lucas Mar 7

Two days left to help people!

Well, sure, you can help people after that, but right now you can get something for helping them!

https://mwl.io/archives/24580

Seth Hanford 🐡Mar 7
Natasha  🇪🇺Mar 7
One of the last methane-powered cows.
Most cows are all electric now.