Justin Elze

63.9K posts

Justin Elze banner
Justin Elze

Justin Elze

@HackingLZ

CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars

/tmp/.a Katılım Nisan 2008
4.8K Takip Edilen70.9K Takipçiler
Justin Elze retweetledi
Nathan McNulty
Nathan McNulty@NathanMcNulty·
Fun fact - you can just pre-create folders and deny users read access Obviously we want real app control, but folders are free and zero risk ;) Example: github.com/nathanmcnulty/…
Ayush Anand@Securityinbits

32 ransomware groups abuse AnyDesk for persistence, per the Ransomware Tool Matrix. Longest row in the RMM table. The setup is one piped command: echo Admin#123 | AnyDesk.exe --set-password 2 gifts for defenders: 1. Password lands in plaintext in the echo command line 2. --set-password survives any rename Sigma rule: AnyDesk Piped Password Via CLI Hunt the flag + echo pipe 🔎

English
5
6
50
7K
Justin Elze retweetledi
Tibo
Tibo@thsottiaux·
Morning. The last 48 hours of Codex and ChatGPT Work have been intense! Three important updates: - Temporarily removing the 5 hour usage limit restriction for all Plus, Business and Pro plans - Rolling out changes that will make GPT 5.6 Sol more efficient across the board and that will be reflected in less usage being used so that it can take you further. Exact impact to be quantified and shared - We hit 6M active users, and are landing a usage reset in the next hour Go do things
English
2.6K
1.8K
23K
3.2M
Carmen
Carmen@syntaxish·
@HackingLZ Have you looked at Bring a Trailer? 😭
English
1
0
4
68
Justin Elze
Justin Elze@HackingLZ·
I need to stay off Facebook market place.
Justin Elze tweet media
English
5
0
27
1.7K
Justin Elze
Justin Elze@HackingLZ·
@MJHallenbeck It counts as your background check for future purchases Certain areas limit carry for none LTC Travel reciprocity There is some legal stuff as well if you ever get in trouble
English
0
0
1
20
Justin Elze
Justin Elze@HackingLZ·
I got a truck and cowboy hat since I moved. I should probably sign up for an LTC class now.
English
7
0
26
2.2K
Justin Elze retweetledi
Breaking911
Breaking911@Breaking911·
A tourist was seriously injured after a bison tossed them about 8 feet into the air in Yellowstone National Park. The attack was captured on video by photographer Mike Macleod.
English
4.6K
12K
154.8K
58.1M
Justin Elze retweetledi
V4bel
V4bel@v4bel·
💥 Introducing "Januscape" (CVE-2026-53359) A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization. "16 years" latent. Successfully used as a 0-day exploit in "Google kvmCTF". To the best of public knowledge, the first KVM exploit research triggerable on both Intel and AMD. Details: januscape.io
English
8
100
428
45.7K
Justin Elze
Justin Elze@HackingLZ·
@LinkTimeMaster @andreTRwi I’m surprised because you don’t even need to go off TikTok or instagram to figure it out 😂 Plus side is I will end up with another
English
0
0
3
104
lenn
lenn@LinkTimeMaster·
@HackingLZ @andreTRwi Asking people to research a breed before they get it is like pulling teeth People buy dogs on aesthetics breed characteristics is the last thing they consider, it’s a shame We’ve installed extra cameras at my kennel because my staff kept finding dogs tied to the front fence
English
1
0
2
85
Justin Elze
Justin Elze@HackingLZ·
The rehoming group is wild. Don’t get a working line dog for no reason.
Justin Elze tweet media
English
10
1
45
4.4K
Justin Elze retweetledi
JFrog Security
JFrog Security@JFrogSecurity·
🚨SUPPLY CHAIN ALERT The official jscrambler npm package (15K weekly downloads) has been hijacked! Version 8.14.0 includes a malicious preinstall script that drops a hidden Rust binary disguised as a .js file on Windows, macOS, and Linux. The payload is a highly evasive credential and crypto-wallet stealer, featuring advanced anti-analysis tools and kernel-level eBPF instrumentation. If you installed v8.14.0, consider your system compromised. Immediately rotate all of your credentials! XRAY-1025905
English
0
16
41
143.5K
Justin Elze
Justin Elze@HackingLZ·
Another day another UniFi shipment
Justin Elze tweet media
English
14
0
93
13.2K
Justin Elze
Justin Elze@HackingLZ·
@andreTRwi Yea a good bit It’s weird people don’t take 5 minutes to research
English
2
0
5
258
AndreTR
AndreTR@andreTRwi·
@HackingLZ Do people at least beat the shit out of them in the comments?
English
1
0
2
243
Justin Elze retweetledi
ippsec
ippsec@ippsec·
I see many people demotivated due to AI and feels like its been a while since I ranted. Probably a mild take but here is how I stay motivated. Nothing really new just how I use what people have said to keep my motivation up. The normal 2026 disclaimer, what is in this post isn't actually 100% in line with my opinion; yes I know there are holes in my logic but some rabbit holes are best "on read". The biggest change for me is Linus Torvalds saying something along the lines of idk why people say AI makes things, people make thing. If communication was so global in the 70's I am sure people would have said similar things during the conversion from assembly to C. Humans are creating instructions for the compiler to make a program. So why didn't we think the compiler made it? Without internet I think it would take me around 2 minutes to write hello world in C (i know embarrassingly slow but man have i gotten lazy over the years). Do it in assembly? That's probably an hour. Which is a 30x difference of time. Okay now lets say we are in the year 2010 and have Python. I timed myself and it was 3 seconds. That's a 40x time difference from my C. Why did I think I made the program and not python made it? Unfortunately, the only thing I can come up with is how much we communicate and how quick ideas/sentiments can form. I'm sure C/Python got hate when they first came out. Hate can be a really goo fuel -- Most engineers I know have their best work come out of "hate coding" something to prove someone wrong. Only to later realize they social engineered themself into doing an amazing thing. Could be wrong here, but I think Pythons Flask is a good example of this as it started as an April fools joke. Quite literally "the most engineer thing ever" to have a funny joke spiral out of control and grow beyond their wildest dreams... Kind of like that guy that was vibe coding games last year when AI was "bad", or heck even the W̷a̷r̷e̷l̷a̷y̷ C̷L̷A̷W̷D̷I̷S̷ ̷C̷l̷a̷w̷d̷B̷o̷t̷ ̷M̷o̷l̷t̷B̷o̷t̷ ̷ err OpenClaw person. Really with all those name changes I'm shocked they landed at OpenAI instead of MSFT. Anyway, our hate on vibe coding created the sentiment that we aren't creating things anymore (AI makes things). I don't really view it that way, AI just makes me 20-30x faster; which is similar to the jumps between Assembly -> Compiler -> Scripting. Actually now that I think about it, I remember trying to learn C many times because scripting wasn't a "real language" and it would never run a web server or it wasn't capable of editing memory (silly times indeed). AI is enabling us to develop faster and expanding the number of people that can do things, which is not new; quite literally every time we come up with a new way to interact with machines -- it does the same thing. So yes - Anyone can make a cool demo that looks real now but they are still going to spend hours getting AI to work out all the bugs and do it better. To me they are still making something, it is other people telling them they aren't -- Funnily enough, those people trying to convince others they aren't making things, is what in return demotivates themself because it poisons their thought process when it comes to this topic. So uh. If you look for my permission to learn something? Vibe on and let the good times roll. Just make sure you do things safely, obey terms of service, and try not to end humanity. Oh wait. That disclaimer. Using AI in a way that causes humans to spend a lot more time than they are used to is bad mmkay? Seeing all the low effort CTF Work, blog posts, bug bounty, etc does get annoying... oh wait I have a diclaimer to the disclaimer. If you use AI to eat up time of scammers, like tricking call center scammers into chatting with robots for hours, I thank you for your token donation to helping fight that plague.
English
22
56
380
38.3K
Justin Elze retweetledi
Carmen
Carmen@syntaxish·
CISA published "Lessons from CISA's Cyber Incident" about the recent public repo where their AWS creds got leaked. Kudos for publishing what didn't work. But lookey here... Playbooks! Also glad they're pointing out the obvious: it's not if but when. cisa.gov/news-events/ne…
English
0
15
27
3.5K