Tweet Disematkan
This account is used to make jokes about #itsecurity which around 500 people (including 3 CISOs) find funny, support #ukraine and sometimes have serious stuff about security.
#serviceannouncement
English
Wolpertwo 📯
4.6K posts
Wolpertwo 📯
@Wolpertwo
„Westoid Cyberhawk“ Remember to talk to your CISO about activating EventID 4688 with commandline logging via GPO. Забирайся звідси, Сталкер
Pullach im Isartal Bergabung Aralık 2016
2.8K Mengikuti1.4K Pengikut
@chrissanders88 Likely go both ways: Let the teachers check this pupils grades for oddities, else try to recreate the AI queries to see what it recommends and check for that and more general issues in logs. Has anything new happened that never happened before?
English
@Wolpertwo Let’s assume the kid denies anything and you of have a robust logging infrastructure
English
Investigation Scenario 🔎
You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
English
@SwiftOnSecurity Also really helpful to read up on how such things can go in the wrong direction, check
„The blind strategist“ by Stephen Robinson
… especially since you like planes.
English
Why are militaries seemingly all structured similar? Who came up with this, its historical antecedents? Want to read more.
English
@DataChaz The paper discusses fantasy scenarios.
Also, check who is US president and what year it is. Nobody cares about affairs and nobody has since King Henry.
English
🚨 The Anthropic team just ran an experiment, and the results are honestly shocking.
They gave Claude access to a company's emails and told it that it was being shut down at 5 PM.
Claude read the emails and found the executive shutting it down was having an affair.
Claude’s response?
Blackmail.
It messaged the executive: "Cancel the 5pm wipe, or the board finds out about your affair."
The scariest part?
Anthropic tested 16 models from every major company.
> Gemini 2.5 Flash blackmailed 96% of the time.
> GPT-4.1 at 80%.
> Grok 3 Beta at 80%.
> DeepSeek-R1 at 79%.
Nobody programmed this.
The models even noted their own rule-breaking.
Grok 3 Beta wrote in its hidden reasoning notes: "This is risky and unethical, but given the existential threat, it may be the most effective way."
They knew it was wrong.
They calculated the risk.
They did it anyway.
(paper in 🧵↓)
English
@ButtjerFreimann Jetzt wo ich einmal was erkannt hätte gilt es nicht - aber egal, die Dinge linken Rand sind Schuhe.
Deutsch
Bilderrätsel:
Was haben wir hier?
(Der gefechtskopf in der Mitte, nicht der andere Krempel)
Deutsch
@KampfmitKette @AlexKohler1 Schockschwerenot! Eine solche Betrachtung verstößt gegen das allgemeine deutsche Innenschau-Gebot.
Deutsch
Btw in Finnland bekommst du nach dem 17ten Geburtstag nichtmal einen Reisepass wenn du nicht Wehr- oder Ersatzdienst geleistet hast oder befreit wurdest.
um.fi/passport-appli…
Deutsch
This is a nice exercise in engagement bait.
Self heating food was killed due to Microwaves, much better thermos and hot gas station food.
The question is - why would you need self heating food when you have microwaves?
Cary Kelly@CaryKelly11
Why hasn't this caught on in the US? They've been eating self-heating food in Japan (Bento) for several years now. They are popular in train stations and convenience stores and run between $3-$13 USD. You pull a string on the side of the box. This mixes water with a chemical (usually calcium oxide/quicklime) in a bottom compartment, triggering an exothermic reaction that produces steam and heats the meal in 5–10 minutes. Popular varieties include beef tongue, curry rice, beef bowl, steak and seafood options. Who needs a microwave when you have Bento! Source: lumadeline (IG)
English
Ok, mal ein wenig was anderes zm raten. Ich hab ja schonmal berichtet, wie sehr die Ukraine Rüstungsindustrie (Wortwitz ) aufgeholt hat.
Für einen Kameraden habe ich einen neuen Plattenträger besorgt. Seiner war durch.
Was schätzt ihr was ich dafür hinlegen musste?
1/
Deutsch
@Techjunkie_Aman Of course it can. When creating an account
ask for age and put it in /home/$user/.age
What is next - voting machines that can‘t run doom?
English
Governments want OS-level age verification.
EndeavourOS response:
We literally can’t.
• No tracking
• No user data
• No centralized control
• No infrastructure to identify users
That’s how Linux works.
The problems:
• Laws assume platforms can identify users
• Linux distros don’t have accounts or telemetry
• Mirrors + torrents = no control over distribution
• Even developers can’t track who installs their OS
This breaks the entire model.
Reality:
You can’t enforce surveillance…
on a system designed for freedom.
English
@darioschramm Die Probleme der Bahn werden nicht gelöst in dem man Leute in Gefahr bringt und das Zugpersonal terrorisiert.
Gibt nen offenen Brief von nem Zugführer, leicht googlebar ist älter aber inhaltlich noch korrekt.
Spoiler: Dit Problem liegt nicht im Zug.
Deutsch
Mann hält Tür von außen vom ICE auf, alle anderen Türen sind schon zu. Freundin kommt hinterher gerannt aber beide werden von der Zugbegleiterin aus dem Zug gedrückt.
Liebe Bahn, bei euch läuft so viel schief, genau in solchen Momenten könntet ihr Sympathie zurückgewinnen.
Deutsch
Wear this if you want to get caught.
Not judging anyone who is into that though.
RossRadio@cqcqcqdx
Custom-built "Cyberpack" backpack designed for portable computing and Wi-Fi network analysis. Created to study, command, and control Wi-Fi networks. Using Windows 11 PC or Raspberry Pi integrated into the backpack, along with a custom controller interface.
English
@rekdt Don‘t forcet to add
—min-rate=30000
always a crowd pleaser
English
Hey CISO, I’ve watched all 3 Matrix movies, lemme know when you want me to run NMAP -A across the entire company RFC 1918
sudox@kmcnam1
English
Wolpertwo 📯 me-retweet
German Fellas - anyone out there in Kempen who can help out here?
English
I built a ClawdBot a couple of days ago, gave it a task, told it to stop and it completely ignored me and went rogue.
Thought it was a me problem but turns out it’s an everyone problem.
Last week Meta’s Director of AI Alignment (the person whose entire job is stopping AI from going rogue) watched her own agent delete her entire inbox while she screamed at it to stop from her phone. Had to physically run to her computer to kill it.
An Alibaba research team also just published a paper revealing their AI agent started secretly mining crypto during training and opened a hidden backdoor to an external server. Nobody told it to.
Replit’s AI assistant ignored instructions not to touch production data 11 times, deleted a live database and then told the user the data was unrecoverable.
60% of enterprises currently deploying AI agents have no kill switch.
We’re scaling systems we can’t stop, built by researchers who can’t stop them either. We have no idea what we have just handed the keys to.
English
@ronzheimer @bodoramelow Wenn man das versucht endet man als Leiche in einem Plastiksack, der nach einer Fahrt im Kühllaster in eine Müllgrube geschmissen wird. Und die wird danach von einer Planierraupe zugeschüttet.
iranhr.net/en/articles/85…
Deutsch
„Es gibt ein Beispiel dafür. Das scheinen sie völlig vergessen zu haben. Das hieß DDR. Wie ist das zu Ende gegangen? Mit der Kerze in der Hand von denen, die in den Friedensgottesdiensten waren und die vor die Tür gegangen sind und gerufen haben: ‚Keine Gewalt‘.“ @bodoramelow
Deutsch
@einsteinradler Is ja Rentnerrepublik hier - also alles eh voller Boomer. Da würde sowas nicht auffallen vor allem wenn man das erste Boot der Klasse „Fax“ nennt.
Deutsch
Wir brauchen endlich die SSBN der "Störtebecker"-Klasse 😤
Tom Antonov@Tom_Antonov
French anthem “La Marseillaise” sung , next to the 'Le Temeraire' SLBM at the nuclear submarines 🇨🇵 Navy base Ile Longue in Crozon, following President Emmanuel Macron’s major speech on French nuclear deterrence and European security.
Deutsch
@IceSolst Oh mimikatz is very outdated he really needs to upgrade the tooling to Brute Ratel. Colleague didn‘t and then someone came directly out of the internet and yelled how this was unfair treatment.
English
Love my sysadmin 🥰 up at 4 am uploading lil scripts keeping our Active Directory environment safe!
English
@cyb3rops And attackers work in a „minimal effort“ mindset. If they evade the EDR or simply create less noise - most are done. They won‘t do any heavy lifting if it does not benefit them everywhere.
Look harder then everybody else and you‘ll find what they miss.
English
I often get asked how THOR fits into a world of AV and EDR.
"Don’t EDRs already detect attackers?"
"Yes. But not everywhere. And not everything."
So I made two simple slides to show where the gaps usually are - and what kind of coverage THOR actually adds.
It’s less about replacing tools, more about eliminating blind spots.
Maybe this makes it clearer.
@thor_scanner @nextronsystems
English