ExtremePaperClip

THIS is how you learn. It’s one thing to read books about hacking, and it’s quite another thing to learn by doing. This right here 👇 is how you learn by doing.

@InsiderPhD That LEGO set looks awesome! Wish I was there! Also: go to Taqueria Cancun on 19th and Mission and get a Torta with Carne Asada. That used to be my fav.

At BSidesSF today? Come say hi and grab some SWAG 😎 courtesy of myself and Semgrep

👀👽👾🛸

Hmmm… I wonder if it’s possible to replace the internal electronics in this Pip-Boy with a Flipper Zero and take this to @defcon 🤔

We have reached peak AI. Someone made an entire short film "Harry Potter by Balenciaga" Credit: demonflyingfox on YT

@SwiftOnSecurity I love your book collection. If you haven’t yet read these, I highly recommend them: Shogun (James Clavell) The Wager (David Grann) The Wright Brothers (David McCullough)

My home repairs are now largely complete, how a new bookshelf to be my new home office video background. Still waiting for rest of books from storage

@gabsmashh So sorry. I know how it feels. 😞

my grandma passed a week and a half ago and i just wanted to share why i've been scarce. she is one of the strongest people i've known and i am so lucky to have grown up getting to look up to her. i miss her a lot.

Waits adopts a guttural, drill-sergeant bark for this raw, visceral, and deeply empathetic look at the human cost of war. The video, directed by Matt Mahurin, is a haunting masterpiece of dark surrealism. youtube.com/watch?v=0Fju9o…

Typewriters and sketchpads… stored in safes… buried in concrete? Remember Gene Spafford: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards — and even then I have my doubts."

This is likely snake oil, but tons of people are boosting it. Ultrasonic mic jammers are real & a fraction of the price. What they claim is new: using AI to detect mics. There are ways to find hidden mics. The TSCM space (bug sweepers) has tons of tricks that seem like pure magic. Have you ever listened to transistors turn on & off inside of an electronic device? Seen what a non-wireless camera sensor sees from across the room because every copper trace on a PCB is still an antenna? …I have 😎. Hell, the first time I heard the “heat beat” of one of my naughty little OMG Cables, it was kinda reminiscent of hearing the heartbeat of my literal unborn kids! 😂 … anyway, you also have thermals, magnetics, etc. But most of these tricks require that you either sweep a detection device within a few cm of the bug, or you have a bulky antenna pointed directly at the bug. This “Deveillance” device is a small stationary puck that you place in the center of the space you want to protect. So what can you do with a small stationary object to detect mics? Well, anyone who’s used an ultrasonic jammer knows that most of the space is going to be filled with ultrasonic emitters, especially if you want the claimed 2 meter range. So that leaves a pretty small space for the detection electronics. You could do wireless protocol discovery. WiFi, BLE, etc. This would be easy. But it’ll only find a fraction of hidden mics. You could do wideband RF sweeps to detect any active radio emissions. Here, AI could actually help identify based on raw signal. But this already feels like a stretch for this product. Lots of legit wireless mics are going to slip through the cracks with the minimal hardware that fits in a small puck. But let’s say we make it this far. What about every mic that is not actively transmitting? Saving to local storage for later retrieval, etc. Well, you could use your ultrasonic emitters to create saturated pulses into the mics, which in turn will create electrical impulses down the copper lines between the mic & whatever catches the signal. Every bit of copper, no matter the length, is also an antenna. So you catch those emissions and look for signals that match your own ultrasonic emissions. Packing equipment sensitive enough to do this inside a little puck though…. Ehhhh And after all that, you are still blind to passive MEMS microphones. And more so: there are already ways to defeat ultrasonic jammers too. However, this device doesn’t claim to protect you against bugs and other hidden mics. It’s very tightly constrained to: “prevents smart devices and AI recorders from picking up your voice” That’s an incredibly narrow scope. Existing ultrasonic jammers cover that scope pretty easily.

A full iOS exploit toolkit, "Coruna," has been found in the wild, hacking iPhones that visited infected websites, used by Russian spies targeting Ukrainians and thieves targeting Chinese crypto holders. And it may have been created for the US government. wired.com/story/coruna-i…

@MalwareJake The HAT and the SMILE tells me that you are doing GREAT! Life is good, pal! (Moment to Moment)

I'm in full mid life crisis mode. But on the plus side, I just got this glorious hat.

@hasantoxr I know what I’m gonna do with this. If it works.

🚨BREAKING: The "Ollama for voice cloning" just dropped. It's called Voicebox and it clones any voice from just a few seconds of audio entirely on your machine. No ElevenLabs subscription. No cloud uploads. No voice data leaving your device. It's powered by Qwen3-TTS, Alibaba's breakthrough voice model. → Upload a few seconds of audio → Get a near-perfect voice clone → Generate speech in any language → Mix multi-voice conversations in a DAW-like timeline editor All running locally. Zero cloud dependency. But it's not just a TTS wrapper. It's a full voice production studio: → Multi-track timeline editor for podcasts and dialogues → System audio capture + Whisper transcription built in → Voice prompt caching for instant regeneration → Built with Tauri (Rust), not Electron 10x smaller, native performance 100% Opensource. MIT Licensed. macOS + Windows available now. Linux coming soon. This is the moment voice cloning leaves the cloud and runs on your desktop. Link in the first comment.

Just released a new tool that scans for Bluetooth devices including Bluetooth Low Energy (BLE) devices. It will scan for all, filtered by MAC, or if you have the Identity Resolving Keys (IRK), can be used to determine the Resolvable Private Address (RPA). Works on MacOS, Windows, and Linux. github.com/HackingDave/bt… #TrustedSec #BinaryDefense

@0gtweet This is awesome!! Thanks!!! 🎸

Do you care about Secure Boot certificate updates? Do you have any method to check them at scale across your environment? Now you do - enjoy! github.com/gtworek/PSBits… Values checked rely on support.microsoft.com/en-au/topic/re…

@Noahpinion FYI: I told this to my dog. She was not happy.

Two years ago you were the smartest type of thing on this planet. Now you're not, and you never will be again.

@reprise_99 Sysmon wins, tho. Really. Even if folks just enable sending Sysmon events 1, 3, 11, and 22 to their SIEM. At least do that, folks. Tune out the noise (every environment is different). If you take time to get to know your data - tuning gets easy.

Happy International Enable Process Auditing & Sysmon Day! The most exciting day on the cyber calendar is with us once more. Every year this day rolls around I am no less excited. What a time to celebrate too, with native Sysmon functionality coming to Windows this year! Why would you enable these over and above your other security tools? The below FAQ has you covered. github.com/reprise99/4688…

@IceSolst The cost of two beers at a concert? Done 🤘😂🤘

They added new content to Diablo II !!!! But it’s a $40 DLC for a 26 year old game

@jsark983 Before the pen test - run Ping Castle or Purple Knight, and then work to remediate those findings. Seriously. For additional wins: Sprinkle some honey in your AD (with alerts). Then you can tell the pen tester “come at me”

Possibly unpopular opinion but idc: Running a commercial vuln scanner during an internal pen test is no longer acceptable unless a client insists. Fight me.

@_devJNS @Jhaddix I wonder if rich people just open a new Claude Max acct.

"Claude usage limit reached. Your limit will reset at 7am"

So much good stuff packed in here for Incident Response! Thanks, BHIS!