gregf

@[email protected]
17 Followers
197 Following
67 Posts
gregfMar 6
crikeyconMar 6
Wow!
We’re over 2/3 of the way through the tickets now, we’ll keep on selling til capacity or the day before, but merchandise pre-sales will end on Sunday as we have to finalise the order!
There will be some for sale on the day too but no guarantees on sizes....
Head to www.crikeycon.com or https://events.humanitix.com/crikeycon-11
See you there :D
CrikeyCon 11

Brisbane hacker conference, run by the community for the community.

gregfJan 19
crikeyconJan 19

The team at @division5io have been long time sponsors, and so we're super grateful to have them back again as Silver sponsors in 2026! Check them out here or online at: https://division5.io/

Thank you so much! See you in March!

Division 5 | Cyber Security That Means Business

The Division 5 team provides expert strategy, testing, and attack simulation to help you prepare for cyber attacks before they happen.

Division 5
gregfJan 8
crikeyconJan 7

Happy New Year!

CrikeyCon 11 is three months away. Year on year we put on a community conference, where we mix informal vibes and community to host the experienced and beginners alike.

Come join us in Brisbane on 21st of March for informal, welcoming, real knowledge sharing — from hard-won lessons, to clever demos and challenges, or testing fresh ideas. Grab your ticket: https://events.humanitix.com/crikeycon-11

CrikeyCon 11

Brisbane hacker conference, run by the community for the community.

gregfDec 9
crikeyconNov 8

Tickets are up and on sale! Grab yours at:

https://events.humanitix.com/crikeycon-11

CrikeyCon 11

Brisbane hacker conference, run by the community for the community.

gregfApr 16, 2025
Show threadAdam Shostack  Apr 16, 2025

@briankrebs Sorry, this is ... not right.

"“What the CVE lists really provide is a standardized way to describe the severity of that defect"

CVSS provides severity. CVSS analysis is typically added to a CVE by NVD, not CVE. CVE started as a naming system, and that's the program's most important role: identifiers. Severity is... priority 2.

gregfApr 12, 2025
crikeyconApr 12, 2025
Droppy and the Sleuth are having a well earned rest. Thank you again to all of you who joined us, sponsored us, and volunteered to make our 10th birthday such a success. Many hugs, and we'll reach out soon!
gregfMar 26, 2025
Cassidy James   Mar 26, 2025

I get that issue trackers are hard, but I feel like stale bots that *close issues* come off as so hostile. I shouldn't have to come back to the issue tracker every month to confirm, “Yes, this is still an issue!” to prevent the issue from getting closed.

Tag an issue as “stale” for easier triage—that’s fine! But “oops you aren’t engaged enough, sorry, your issue doesn’t exist anymore” feels like a bit of a slap in the face. Especially if it gets closed as “not planned.”

gregfMar 20, 2025
crikeyconMar 19, 2025

Ooooh! Last minute ticket frenzy this week, will we break last years total of 966, or even that elusive 1000 tickets?

Get 'em while they're hot!

https://events.humanitix.com/crikeycon-x

CrikeyCon X

Get Tickets on Humanitix - CrikeyCon X hosted by Droppy & The Sleuth. Royal International Convention Centre (Royal ICC), 600 Gregory Terrace, Bowen Hills QLD 4006, Australia. Saturday 22nd March 2025. Find event information.

gregfMar 18, 2025
Liran Tal Mar 18, 2025
My colleague Micah Silverman dropped a write-up of the TJ changed-files GitHub Actions compromise that explains how this happened by reproducing this supply chain attack so you can get first-hand experience to learn from this incident: https://snyk.io/blog/reconstructing-tj-actions-changed-files-github-actions-compromise/
Reconstructing the TJ Actions Changed Files GitHub Actions Compromise | Snyk

A critical security exploit in the popular GitHub Action changed-files (tj-actions/changed-files) exposed encrypted secrets in plaintext within GitHub Action logs. This vulnerability, affecting over 23,000 repositories, was enabled by orphaned commits and manipulated release tags. Learn how to protect your GitHub workflows from similar exploits.

Snyk
gregfMar 17, 2025
Jake WilliamsMar 17, 2025

Talked to yet another client today who asked how to solve a problem, I give them the solution, and they say "but will that work with BYOD?" (already knowing the answer was a hard no).

But folks: GET RID OF BYOD. That's the issue, plain and simple.