Craig Ingram

Check out my Space Selfie! space.crunchlabs.com/selfie/JEWNCL

Thank you for the care package @attritionorg and congrats on 25 years! The top sticker is very fitting given my current relationship with the neighborhood squirrels and my bird feeder.

Today our Cloud Vulnerability Research (CVR) team shared this research into LLM security, which is broadly applicable to AI domain security practitioners working in this rapidly evolving space. Learn more: bit.ly/3TWYrF3

@cji You realize the real boomer thing was taking the quiz, right? 😀

I had apparently missed the memo that GIFs are now considered "cringe" and "for boomers". vice.com/en/article/z3n…

Met a new doggo yesterday. Kids wanted to take it home but settled on trying to build their own some day.

@moyix Ah yeah I think the original public instance was taken down but looks like xsshunter.trufflesecurity.com may work

@cji Yes though preferably a public instance so I don't have to go through all this

For testing web challenges, I need some kind of public URL where I can point XSS or other payloads and then retrieve (from a script) the accesses made to that URL. I am *certain* CTF players have such a service – what is it?

Not today @justinbieber #BostonStrong

"We'll just get it running for now, and see how it goes later" - famous last words 😂 First session of the day for me - watching @cji compromise k8s on GKE #googlecloudnext

I’m very excited to be speaking at Google Cloud Next ‘24 about Google Kubernetes Engine Threat Detection with @danlhommedieu on April 9, 2024. Join the discussion with @GoogleCloud → g.co/cloudnext

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

@IanColdwater @Docker Congrats Ian! 🎉

This Sneakers computer press kit floppy from @JonnySchnittger is such a cool piece of memorabilia from one of my favorite movies. These came out great - thank you Jonny!

Our Linux Kernel 0-day / 1-day "CI/CD" for kernelCTF on Github is up and running. See exploit builds and repros publicly there. ✅️ / ❌️ github.com/google/securit…

@__apf__ Fish CPR: Catch, Photo, Release

good news is my son enjoyed his summer camp. bad news is that I'm apparently mother to a tiny fisherman now so I have to spend my lunch break googling "what to do if you actually catch a fish"

Google Cloud is hiring security engineers in the Product Security Assurance team (not my team but we work with them closely). Find and fix vulns, help products build in security by default. Seattle and Bay Area. #infosecjobs careers.google.com/jobs/results/1…

Hi friends! I had the privilege of enjoying a bit of funemployment. I'm starting to look for the next adventure and would be excited to have a chat about (EMEA-remote) leadership positions in the product/cloud security space. RTs would be greatly appreciated 🙏

A fun discussion about why cloud shared responsibility need to evolve towards SHARED FATE buff.ly/3nfIBaM