#Infosec red informs blue #purpleteam
Space is awesome
Locksport albeit poorly
#HTHackers
#BSidesCMH
#DerbyCon please come back!
@krypt3ia is my spirit.
All opinions are my own and in no way represent my employer.
| bsky.social | @popio |
After six years only using #Contabo, I am looking for other #VPS #hosting options. I do not feel they are particularly reliable any more (maybe they have never been), and I would prefer to go for a provider with a good track record.
I have looked at websites comparing other hosting options, but of course everything is super chaotic and flashy and aaaargh
I trust folks here for advice on affordable, reliable, trustworthy European providers. I would like to add cooperative and sustainable too, but they all seem to be way more expensive and I am afraid I cannot afford them right now.
Because I am a student, I have emailed some more “progressive” hosting providers asking for discounts, but I feel a bit bad doing that.
RE: https://infosec.exchange/@metacurity/116420216155655162
Mythos is quickly becoming its own mythological beast.
They’ve automated the vulnerability hype train - an expression I used where researchers would find real vulnerabilities, which had no real impact in the real world. People would get very excited for no reason. Now they’ve automated that process with execs.
Don't run your ICS/OT across the Corporate IT.
Make your own fucking ICS/OT network.
New video from @deviantollam on security fog
https://www.youtube.com/watch?v=RPgcysyFUiI
It is an interesting idea, though I remain suspicious about how effective and practical it would be.
Good writeup on @wdormann's recent efforts.
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the way the Microsoft’s Security […]
There's a new Windows 0day LPE that has been disclosed called BlueHammer. The reporter suggests that it's being disclosed due to how MSRC operates these days.
MSRC used to be quite excellent to work with.
But to save money Microsoft fired the skilled people, leaving flowchart followers.
I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now. 😂
Anyway, yeah, it works. Maybe not 100% reliably, but well enough...
Putting hidden text in web pages just to pwn AI agents for fun and profit sounds like a good time.
https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/
Bill
Tommi 🤯
Kevin Beaumont
Krypt3ia
Secure ICS OT 
iam-py-test 
Will Dormann