otr

@IAMERICAbooted Thanks! I would have missed this one!

This article was amazing work. Must read!

. @mubix shared this on LinkedIn and thought some of you might find it useful: “A Practical Reprioritization Guide for CISOs Entering the AI Vulnerability Era” linkedin.com/posts/mubix_th…

Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation - @Blurbdust cloud.google.com/blog/topics/th…

There goes the home planet. Anthropic discovered 600 open source vulns in well-fuzzed open source projects, using Opus 4.6. red.anthropic.com/2026/zero-days/ It's time for action. A short thread.

Prediction: you will see documentation disappear from most proprietary softwares websites

@hkashfi @Dinosn I set up a lab with some data in mongo but it seems impossible to leak anything really meaningful. People compare it to heartbleed. I don’t see it . Heartbleed leaked secrets on first invocation…

Polished the MongoBleed PoC a bit to make it more useful. "--auto --decode" is always a good start, if you're not sure. github.com/Hamid-K/mongob…

Whenever I start making something, I always feel uncertain-- right up until the moment that I encounter real difficulty. It's only once I discover that there is something difficult involved that I start to feel comfortable. Before that moment, it's hard to know that the thing I'm making is worth making. After all, why doesn't it already exist? If anyone can do it, shouldn't someone else have done it already? Is this just a bad idea that has already quietly failed many times before? But when I encounter something really difficult, that's when I know why it doesn't already exist, and overcoming that difficulty with my obsessiveness and anything else I can bring to bear becomes exciting. It feels like an opportunity; a reason that something is worth doing. When I say that I consider these to be "the last days of software development," it's because -- for a lot of my life -- knowing how computers work has been significant and valuable, because for most of my life, it has been possible to sit down at a computer, start making something, and encounter that difficulty everywhere. I don't think eliminating software development as it has been is a negative development in the slightest. I think making software easy/free to build will have all kinds of positive effects for all of us. And sure, maybe there will continue to be humans in the loop etc etc.. but I do think that this is the end of something that I invested a lot of time thinking about, in large part so I could sit down at a computer and start typing into an editor with some trepidation, until the moment that I encounter something which makes me stop and think "oh." And then smile.

@TheAppleDesign I use this but the trigger is Airpods disconnect 😉

Most people still have no idea how insanely powerful the Shortcuts app actually is For example here’s an “anti theft shortcut” that turns on low power mode.. takes a front camera photo and sends that photo along with live location to your chosen number.. ALL JUST BY SENDING A MESSAGE FROM ANY OTHER PHONE

@me_jd_solanki @_larbish One note, nuxt content still does not support private collections or pages. Pull request here but unlikely to land: github.com/nuxt/content/p…

@_larbish i already have nuxt app which has betterAuth. can I deploy it under my nuxt app along with docs layer but protected using betterAuth instead of others?

Nuxt Studio beta is out with new features ✨ - Form editor for YAML/JSON & Front-matter (based on Nuxt Content schema) - Editor improvements (video, emojis...) - Translated in 16 languages 💚 Pushing toward stable and need community feedback 🙏 👉 github.com/nuxt-content/s…

@T3chFalcon Hence mentioning phishing and avoiding the need to decrypt anything.

@bockcay Valid vectors, but different scope. Poisoning LLMNR/Netbios might grab my NTLM hash (if I'm on a Windows domain), but it doesn't decrypt my HTTPS bank session. You're confusing 'internal network compromise' with 'sniffing internet traffic'🤌🏾

VPN companies spent millions convincing you that a hacker on Public Wi-Fi is reading your bank details. ​Meanwhile, HTTPS killed that threat 10 years ago. ​You are paying a monthly subscription to fix a 2010 problem. 💀

I was reading an older report from CrowdStrike the other day: "CrowdStrike was able to reconstruct the PowerShell script from the PowerShell Operational event log as the script’s execution was logged automatically due to the use of specific keywords." [1] Which reminded me of the post of @nas_bench : "PowerShell has a list of suspicious keywords. If found in a script block an automatic 4104 event will be generated regardless of logging policy :)" [2] You can look up the relevant code here (it's inside the SuspiciousContentChecker class.) [3] Nasreddine published the list here in a gist [4] [1] crowdstrike.com/en-us/blog/obs… [2] x.com/nas_bench/stat… [3] github.com/PowerShell/Pow… [4] gist.github.com/nasbench/50cd0…

You can generate SSH keys on the secure enclave of your Mac, and use that to connect to your servers. Since the OS can’t read any data on the secure enclave, it’s much harder for the keys to get stolen. When you need to use the key, the system will perform biometric authentication and then sign the request using your private key on the secure enclave without your CPU ever seeing the private key. Recommend using this if you have SSH private keys currently stored on disk gist.github.com/arianvp/5f59f1…

@Cyb3rMonk In what sense?

Another One Bites the Dust: DLL Side-Loading

🚨 Heads up, LinkedIn users! On November 3rd, Microsoft will share your LinkedIn data to train AI models — and you’re opted in by default. Here’s how to opt out: Account > Settings & Privacy > Data Privacy > Data for Generative AI Improvement > Toggle OFF ✅

@nuxt_js This is great, thanks for the quality work!

Nuxt UI v4 it out ✨ It unifies Nuxt UI and Nuxt UI Pro into a fully open-source library with: - 100+ components - 10+ free templates - Figma Kit for everyone nuxt.com/blog/nuxt-ui-v4

@IAMERICAbooted Great stuff, thanks!

Here's a quick companion blog post I threw together if anyone is interested. These are not perfect solutions but there's some mitigations you can consider in this blog post to common M365 initial access vectors we discussed in Entra Chat: ericazelic.medium.com/common-initial…

Tips for creating slides with Slidev kermanx.com/notes/slidev-t…

@MorkSamuel @MattStopa @nuxt_js Don’t feed the troll

@MattStopa @nuxt_js And now you want to whine about “insults” and “negativity”? If you can’t handle shit talking then maybe don’t lead with cheap shots yourself. Grow the fuck up.

Nuxt 4.0 is here at last … and it's all about DX ✨ 🗂️ app/ directory for better organisation 🔄 smarter data fetching ⚡️ a faster CLI with socket communication 🔧 improved TypeScript integration ... and a smooth upgrade experience. 💚 nuxt.com/blog/v4