pookie

#crypto solves 0 problems for finance just like #tesla solves 0 problems for transportation and climate change. They are modern tools for the bourgeoisie to financially control the proletariat. Happy Holidays!!!

Cobalt Strike is a crutch

I can't spend a Toyota to store a few system logs, sorry.

We hit a massive milestone for the company over the holidays, we’re at a point where we can dogfood it and use it to secure the access to the repositories that we build it in.

Got around to writing up a bug from earlier this year, remote code execution in @warpdotdev. Enjoy! 0day.gg/blog/warp-term…

One of the last red team ops we ran was called floss boss and was meant to be a returning actor from a previous op, molar bear. We got branded dental hygiene kits made as propaganda to spread the lessons learned.

After 6 years our offensive security team is shutting down and today is my last day at Yahoo. It’s been a great ride and couldn’t have asked for a better team to work with.

Wow, you must be natural language processing, because you've got me at a loss for words

Sigstore is aimed to ensure privacy & scalability, integrates technologies for seamless signing, verification, & provenance checks. 🔏 Explore how Yahoo utilizes #Sigstore alongside Athenz as an internal Certificate Authority for container image security: openssf.org/case-studies/2…

🔑Pushing new container images at scale is hard. Verifying those images' authenticity is harder. Read how Yahoo uses an open-source project — Sigstore — to sign tens of thousands of images a day transparently! 🔑yahooinc.com/paranoids/scal…

@jrozner Are you asking about auth tokens or llm tokens?

Anyone have a really good success story for canary tokens? I don’t think it’s a bad approach. I buy in to the idea that it’s gonna be high fidelity and high accuracy. Its seems like a lot of work to setup and maintain where other solutions are gonna be more impactful

MFW someone is talking in slack while PTO or sick youtube.com/watch?v=WNmCm4…

Wild to see this company still cringe posting their "hip" ads when every other advertiser is pulling off the platform because of elno's support of antisemitic conspiracies. twitter.com/vicariusltd/st…

Introducing our newest game: Quizzle! 🎉 Can you guess today's word in fewer than 20 questions? Play now 👇 quizzle.game

💯 Smaller models, tuned and configured to reason, coupled with RAG and knowledge graphs, will absolutely eat a lot of white collar jobs. Maybe not in the next 6 months, but it’s inevitable. That’s why it’s so important that the open source / open LLM community start *now* on standards for data governance, provenance, and licensing. We have the biggest opportunity for democratizing and resetting the scales of economic equity, since the rise of consumer internet and seminal open source like Linux and GCC.

@caseyjohnellis Absolutely. The next step is always try a network request or something that leaves observable forensics

ok, show of hands here: how many of you have been gaslit into thinking you've shelled an LLM, when in reality it was a "confidently wrong, but *super* helpful" hallucination?

@forcesunseen twitter.com/0xpookie/statu…

What do you use ChatGPT for?

I've been a pretty vocal skeptic of AI and it's importance but recently started playing a bit with attacking LLMs after some nerd sniping from a co-worker. Did a few CTFs to learn some of the basics and decided I wanted to try it out for real. 1/n

jojo characters: "anyone in this crowd could be the enemy stand users." the enemy stand users:

You can generate the entire navy seal copypasta with this demo twitter.com/yvrjsharma/sta…

The hackings will continue until morale improves