solst/ICE of Astarte

Here's a thread of every app I've built 100% with @cursor_ai using Claude. These are all fun side projects I've worked on in my free time over the last few months.

@blackroomsec Hahahahahha

Oh. Oh, wow. This is exciting.

@HackingLZ This would go so hard in 2015

Breaking news if you haven’t been paying attention the last 5+ years?

The frustration with MCP is imo an issue in itself. You don’t want to adopt a system that just pisses people off and frustrates your devs, just because a minority are pushing for it. Th sentiment around MCP is generally negative, for good reasons (see great video below).

@scheminglunatic @JeniaD x.com/himuglamuh/sta…

@JeniaD @IceSolst isnt that why its called CC

Claude based c2 when

@IceSolst Everything is a C2 if you’re claude enough

@brysonbort For me**** speaking for myself

@brysonbort Would cause an auto immune disorder

Immunize yourself against dumb. 🦄

@IceSolst this sounds like pro-logging propaganda from big log corp trying to sell me more ram

@tuckner Oh damn do you know of any alternatives?

RIP

@blackroomsec These are great, and will likely remain. Overall did it raise the bar, level of effort, required? Generally that seems to trend upwards (I think? If we spend enough effort) so I think that’s good

And, how have bad actors responded to these changes? No more mutating passwords into cleverly thought out wordlists with JtR derived from UEBA, but now going after the RMM tools directly, bypassing all the hard work, because the crown jewel creds are ripe for the taking, especially when the vendors aren't securing their accounts into the client's environment and the clients, who swear they have implemented zero trust or least privilege and aren't compliant in all these frameworks, lied, and forgot to or don't know how to audit their NHIs. Which turned into > Token theft when MFA morphed into OTP. Which turned into > MFA now phish- resistant, token theft now harder or non viable attack vector, as is password spray with conditional access, can't get in via conventional routes, let's have them send their creds to us via POST with an Infostealer which evades most AV/IDS Which turned into > Crowdstrike, when it's not doing our job for us and turning the clients environment into thousands of electric paper weights, hard to bypass if configured properly, vendors getting wiser, what else do the users do that we can leverage into an open door with minimal flex on our part? SHAI HALUD THE SLEEPER HAS AWAKENED Supply Chain Compromise!

Remember “zero trust” a decade ago. The idea was: idc if it’s coming from the office. We need to authenticate all devices. We’re seeing a continuation of that today: are you typing on your keyboard, or via Claude remote, or is it an agent in your machine? Doesn’t matter, every action should be monitored at runtime based on what it’s doing, and the access requested etc. Evolution: Trust inside the perimeter —> trust based on device/identity —> trust based on each action

@brysonbort Marc Andreessen’s internal monologue

Explain AI to me in 0 words.

@AccidentalCISO @WhenOnKStreet Optimistically maybe we can finally fix all the stuff that’s been bothering us but we just accepted as the status quo

@IceSolst @WhenOnKStreet I don’t like this timeline anymore.

@anton_chuvakin @JeffBohren By extrapolating how long it took for “zero trust” to take off? Let’s circle back in 2075

@IceSolst @JeffBohren We can definitely tell you how many years :-)

@0xMatt Hello yes I would like to allow these three million IPs to send email on my behalf, including email providers that anyone can sign up for. Also soft fail because I may be wrong and there’s prob another million IPs.

Confused that you have strong DKIM/DMARC rules & configured SPF, yet people are still spoofing your CEO's mail in fraud attempts? This may be because you included Salesforce, Mailchimp, or other SaaS in your SPF. Abusers can use free/fraudulent accounts there to spam "as" you.

@JeffBohren Yes agreed, my post is theory. How do you apply this in practice? I have no idea, it’ll probably take years

@IceSolst Great concise explanation of Zero Trust. Unfortunately almost no enterprise is ready to authorize based on each action. Right now most enterprises are struggling to identify what Shadow AI Agents are even running in their enterprise, much less bringing them into Zero Trust.

@Croczillak Devsecslops

@IceSolst You're moving into sloperations?

Within a year, we will start merging PRs with no human review, fully automated. It will slowly get normalized.

@itseieio Genuinely mind blown like a caveman looking at a Boeing

@IceSolst it is super janky ofc

terminal to terminal communication prototype

“We tabletop’d this exact scenario:)” Nothing beside remains. Round the decay Of that colossal Wreck, boundless and bare The pwnd and ransomwared sands stretch far away.