dan

@dan@infosec.exchange
46 Followers
159 Following
342 Posts

Lead AppSec Engineer at F100. Developer of open source security tools like S3Scanner. 🧅 #tor relay & bridge operator. Slow reader.

Interested in #appsec, #golang, #hashcracking, #homelab, #opensource

Currently learning: #hardwarehacking, #sdr

GitHubhttps://github.com/sa7mon
Sitehttps://danthesalmon.com
dan1d ago

I think when my MacBook starts to get long in the tooth I’m going to seriously consider running Bluefin on non-Apple hardware.

“Bluefin is designed to get out of your way” really resonates with me. I want to spend next to no time maintaining and tweaking my daily driver laptop.

https://projectbluefin.io/

Bluefin

The next generation cloud-native Linux workstation, designed for reliability, performance, and sustainability.

dan1d ago
Debian1d ago
Today we celebrate Debian's 32nd birthday! #DebianDay #DebianDay2025 https://bits.debian.org/2025/08/debian-turns-32.html
Debian turns 32!

On August 16, 1993, Ian Murdock announced the Debian Project to the world. Three decades (and a bit) later, Debian is still going strong, built by a worldwide community of developers, contributors, and users who believe in a free, universal operating...

Debian Project
dan3d ago
House to myself on a weeknight and it's raining outside. Only thing to do is benchmark Proxmox VM performance with different storage types
dan4d ago
Show threadRobb Knight5d ago

Well this toot is popping off.

Buy my stickers https://rknight.me/shop/training-data

danAug 10
nullagentAug 10

I've been busy as hell this past week.

A lot of people have been asking hard questions about the security of LoRa systems when they hear about mesh radios.

I'm not one to trust the marketing so I and several friends put together two new LoRa tools to help us audit the security claims of LoRa mesh systems!

🤘🏿 📡 ✨

#radio #cybersecurity #privacy #meshtastic #lorapipe #meshmarauder #lora #mesh

danAug 5
Trail of BitsAug 5

Today, we’re disclosing two 9.8 CVSS memory corruption vulnerabilities in the NVIDIA Triton Inference Server that lets attackers crash production AI services through malicious HTTP requests (CVE-2025-23310 and CVE-2025-23311)

Found during new hire onboarding: our AI/ML Security Engineer, Will Vandevanter, followed our standard static analysis approach against Pwn2Own 2025 targets.

Read the blog: https://blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/

Uncovering memory corruption in NVIDIA Triton (as a new hire)

In my first month at Trail of Bits as an AI/ML security engineer, I found two remotely accessible memory corruption bugs in NVIDIA’s Triton Inference Server during a routine onboarding practice.

The Trail of Bits Blog
Show threaddanAug 5
Seriously debating rewriting it as a standalone HTML file
danAug 5
What are nerds using to spin up LaTeX dev environments these days? My resume rep has a docker compose script to bring up a a sharelatex (overleaf) container but there’s like 8 steps to get it up and running.
danAug 5
The Tor ProjectAug 5

Tor is hiring! Open roles:
👥 Director of People and HR
🔧 Senior Director for Internal Structures and Support
📊 Nonprofit Accounting Specialist (Part-time)

Whether you're passionate about culture, strategy, or numbers, there’s a role for you here. https://www.torproject.org/about/jobs/

The Tor Project | Privacy & Freedom Online

Defend yourself against tracking and surveillance. Circumvent censorship.

danAug 5

Lawsuits when

From: @lorenzofb
https://infosec.exchange/@lorenzofb/114971263465786044

Lorenzo Franceschi-Bicchierai (@lorenzofb@infosec.exchange)

NEW: CloudFlare says it detected Perplexity scraping and crawling websites that explicitly block it from scraping them. Based on customers' complaints and its own experiments, the company says Perplexity is using "stealth" bots and changing its bots "user agent" to circumvent restrictions. http://techcrunch.com/2025/08/04/perplexity-accused-of-scraping-websites-that-explicitly-blocked-ai-scraping/

Infosec Exchange