Aaron Galbraith

@[email protected]
118 Followers
402 Following
444 Posts

Weird, loud, partially funny. On topic: overwhelming passionate, Off topic: trying to slip out of room. I'm ¼ Red/Mostly Blue #infosec, hoody-less. Opinions. (He/Him)

Profile pic by the great and wonderful Nathan Pyle (strange planet). Background by Randall Munroe (xkcd)

Aaron Galbraith1d ago
BrianKrebs1d ago

One thing I've noticed after tracking down so many cybercriminals is that it's super common for the person's first sales thread on a forum to include data stolen from an organization in the country where they live. This is more remarkable when the threat actor is outside the United States, because it very often tells you exactly which country they are from.

You might think that this would be a very dumb thing to do from a self-preservation perspective, but a lot of times they are eager to make a splash on the forums and the best data or access they have is their government's data or some company working with their country's govt. And if you consider that many young people get started in hacking by sticking it to the local authorities and trying to make them look like clowns, it makes a lot more sense.

Aaron GalbraithJun 3
Jerry 🦙💝🦙Jun 3

RE: https://mastodon.social/@MastodonEngineering/116686417226647939

If you run a mastodon instance, it's time to patch! some security fixes in this release.

Aaron GalbraithMay 21
404 MediaMay 21

After five teen girls were targeted by AI-generated child sexual abuse material, Radnor Township High School in Pennsylvania has become a case study in how schools and police around the country grapple with how to response to deepfake crimes involving children.

https://www.404media.co/radnor-high-school-pennsylvania-ai-deepfakes-child-sexual-abuse-material/

How Deepfakes Tore a High School Apart

After five teen girls were targeted by AI-generated child sexual abuse material, Radnor Township High School in Pennsylvania has become a case study in how schools and police around the country grapple with how to response to deepfake crimes involving children.

404 Media
Aaron GalbraithMay 12
Troy HuntMay 12
Welcome, Bangladesh, to HIBP’s free gov service, our 43rd national government onboarded! BGD e-GOV CIRT can now freely monitor their government domains and identify exposed public sector email addresses https://www.troyhunt.com/welcoming-the-bangladesh-government-to-have-i-been-pwned/
Welcoming the Bangladesh Government to Have I Been Pwned

Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches. Bangladesh joins a growing list of national governments using HIBP to

Troy Hunt
Aaron GalbraithMay 6
Show threadTinker ☀️May 6

A couple updates (all good news) on the Free Fridges:

- Others in my group have taken lead on the free fridges and community pantries. This is amazing as it indicates that my group has grown and is empowered enough that they dont need me to direct them. I'm still involved, but I'm focusing on building out the food rescue side of the house

- Both fridges are going strong! Many neighbors, people we've never met, are stocking the fridge. Other neighbors are utilizing it. And many contribute AND utilize. The infrastructure is working!

- A couple other places in town have expressed interest in hosting more fridges! So we're in talks with them. Irons in the fire! The program is getting noticed and is expanding.

- Lastly (pictured), I installed some grocery bag dispensers at each site. Folks can put in their used "single-use" grocery bags and others can take those and use them to fill up and carry food they utilize from the free fridges!

#freeFridge #solarPunk #mutualAid #foodSecurity

Aaron GalbraithMay 5
Marcus Hutchins May 5
I built an AI that autonomously finds zero day exploits https://www.youtube.com/watch?v=BLqRiL_GY3A
I Built an AI That Builds Zero Day Exploits

YouTube
Aaron GalbraithApr 17
Troy HuntApr 17
Damn, 500 episodes 😮 This is a special one - with a special person - going live in 12 hours from now: Episode 500! A Look Back at 500 Weeks of Vids, Pwning, and Life at HIBP HQ with Charlotte https://youtube.com/live/57W4BAMSY8c?feature=share
Weekly Update 500

YouTube
Aaron GalbraithMar 9
BrianKrebsMar 9

New, by me: How AI Assistants are Moving the Security Goalposts

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

Read more (and boost please!):

https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/

#openclaw #AI #agentic #aiagents #lethaltrifecta

Aaron GalbraithFeb 22
evacideFeb 21

Hacktivists tried to find a workaround to Discord’s age-verification software, Persona. Instead, they found its frontend exposed to the open internet, and that was just the beginning.

https://www.therage.co/persona-age-verification/

Hackers Expose Age-Verification Software Powering Surveillance Web

Three hacktivists tried to find a workaround to Discord’s age-verification software. Instead, they found its frontend exposed to the open internet.

The Rage
Aaron GalbraithFeb 6
Show threadLesley Carhart Feb 6
I think we all need to step back occasionally and evaluate if we are the villain in anyone’s story.