tehfishman

@[email protected]
12 Followers
77 Following
965 Posts
"professional" peanut gallery for security stuff
tehfishman4h ago
cR0w8h ago
Reminder: Security companies exist to protect the wealthy. Community protects community.
tehfishman9h ago
Show threadPaul Cantrell9h ago
@cR0w @catsalad @tehfishman @darfplatypus
Full link, still a classic: https://reductress.com/post/quiz-are-you-even-good-enough-to-have-imposter-syndrome/
QUIZ: Are You Even Good Enough to Have Imposter Syndrome?

Imposter Syndrome can be debilitating, especially when you know you’re trying your very best and still feel like you’re coming up short. But consider this: Are you even good enough to actually have Imposter Syndrome? Like, maybe you’re just not worthy and kind of a phony? Take this quiz to find out!

Reductress
tehfishman10h ago
Show threadWill Dormann11h ago

@christopherkunz
I also tested another PoC and it was even more fake. i.e. it didn't even create a CLDAP structure that made sense.

I get that PoC||GTFO is a thing, but we've clearly entered a phase where it needs to be Verified PoC||GTFO. 🤦‍♂️

tehfishman10h ago

Turn any Creative Katana V2X into a rubber ducky over bluetooth. Creative says it's not a security risk, so nbd

https://blog.nns.ee/2026/06/03/katana-badusb/

Pwnd Blaster: Hacking your PC using your speaker without ever touching it | nns.ee

Abusing an unauthenticated Bluetooth protocol to turn a PC speaker into a Rubber Ducky.

tehfishman17h ago
nixCraft 🐧1d ago
TIL, Vim Classic is HERE. A fork of Vim 8.x, built for long-term stability, maintained entirely by humans. No chaos. No breaking changes. Just the editor you trust, kept alive https://vim-classic.org
Vim Classic

tehfishman23h ago
Show threadK. Reid Wightman  🌻  1d ago
@da_667 @cR0w here's another one along a similar vein.
tehfishman1d ago
Show threadChilly  🛡️  1d ago
@darfplatypus
Good luck I'm behind seven Boxxys
@cR0w @corq @da_667
tehfishman1d ago
pquirrel  1d ago
what is keygen music if not the software pirate's sea shanty
tehfishman1d ago
IFIN - The Independent Federated Intelligence Network1d ago

Patches are available for Nginx and Apache against the latest HTTP/2 DoS. Other servers, who knows??

https://discourse.ifin.network/t/cve-2026-49975-http-2-bomb-remote-dos-against-most-major-web-servers/536

CVE-2026-49975: HTTP/2 Bomb: Remote DoS against most major web servers

Last Updated: 2026-06-03T20:33:07Z (UTC) What’s Happening Another model-discovered vulnerability can shut down most HTTP servers, including Nginx and Apache. Proofs of concept available on GitHub. Actions Apply available patches. Nginx: patched in 1.29.8 Apache: Fixed in mod_http2 v2.0.41 IIS, Cloudflare Pingora, Envoy, (Caddy??): Unknown.

IFIN
tehfishman1d ago
Taggart 1d ago

Fundamentally. Unsecurable.

You can't rid yourself of this vulnerability in LLMs.

https://www.safebreach.com/blog/gemini-voice-assistant-prompt-injection-exploit/

Exploiting Gemini via Prompt Injection | SafeBreach Original Research

See how SafeBreach Labs researchers uncovered a way to hijack Google Gemini via WhatsApp and Slack using a novel indirect prompt injection technique.

SafeBreach