uoxc

@[email protected]
27 Followers
98 Following
263 Posts
Entry-level what-am-i-doing blue team generalist managing all them vulns (or trying).
My mouth is dry, my todo list is long, my work is surprisingly enjoyable
tootfindertootfinder
uoxcMar 5
WurzelmannMar 5
Wieso darf Haferdrink nicht "Hafermilch" heißen, aber Cisco darf ihre Produkte "Cisco Secure Firewall" nennen?
uoxcFeb 26
Effin' BirdsFeb 26
uoxcFeb 7
I AM BANKSY ☕ / 🗑‍🔥Feb 7
Okay, I'd like to know more.
uoxcFeb 3
Glenn 📎Feb 2

RE: https://infosec.exchange/@greynoise/116002702711084624

My latest pet project, an RSS feed to alert you to the silent KEV knownRansomwareCampaignUse flips!

(Did you know there were four CVEs flipped last week?) #threatintel

uoxcFeb 2
bert hubert 🇺🇦🇪🇺🇺🇦Feb 2
so I like to make plaintext outlines of presentations I do. Today is a banger.
uoxcJan 27
Andy GreenbergJan 27

Last year, a human trafficking victim trapped in a crypto scam compound in the Golden Triangle region of Laos contacted me. He proceeded to leak to me a huge collection of the compound's internal materials.

Then he had to get out alive. This is his story.

🧵👇
https://www.wired.com/story/he-leaked-the-secrets-southeast-asian-scam-compound-then-had-to-get-out-alive/

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive

A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story.

WIRED
uoxcJan 27
stefan brunthalerJan 20

Just read this via repost from @HalvarFlake
https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

This post from Sean Heelan is probably the most important post in that domain (being LLMs in offensive security contexts) in quite a while. We're already discussing this in my research group, and I have some initial thoughts. Exciting times!

On the Coming Industrialisation of Exploit Generation with LLMs

Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Sean Heelan's Blog
uoxcJan 15
Show threadAndy GreenbergJan 15
This was caused by flawed implementations of Google's Fast Pair one-tap Bluetooth protocol. But it doesn't just affect Android users. Anyone (yes, iPhone users) with audio accessories from Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself may be vulnerable.
uoxcJan 5
HalvarFlakeJan 5

LLMs are reshaping software dev. I don't buy "the end of software dev": Project ambition will grow dramatically.

Ancient Egyptians could build the Pyramids but not the Empire State Building.

Pre-LLM software will be viewed like we view the Pyramids.

uoxcJan 3
Show threadGlyphJan 2

Now, imagine you are this VC, holding this huge wad of cash, trying to find someone to give it to. You hear two stories:

1. I will hire 10 engineers for 3 years. During that time, we will build a software system that users will love and will be happy to pay us a profitable margin for. This product is novel so we're not exactly sure on the margin.

2. I will buy a facility where I will place one trillion dollars worth of GPUs. I will rent those GPUs for one trillion, ten billion dollars.