Josh Corman ♘

38.5K posts

Josh Corman ♘

@joshcorman

Fighting the good fight... Katılım Mayıs 2009

1.6K Takip Edilen35.2K Takipçiler

Sabitlenmiş Tweet

Josh Corman ♘@joshcorman·16 Eki

If it’s dark... if it’s cold... if it’s cruel out there... Be light. Be heat. Be good.

GIF

English

Josh Corman ♘@joshcorman·13h

@anton_chuvakin I had been sharing this … made for me by @RoRoRah

English

456

Dr. Anton Chuvakin@anton_chuvakin·15h

For some work, I had to make up a definition of "vulnpocalypse" because there is no consensus on this. Are you ready to pour (funny!) scorn on what I cooked up? (1/2)

English

1.4K

Josh Corman ♘@joshcorman·1d

@brysonbort Tomorrow. 2pm ET. Also. Thx. 🙏 🦄

English

Bryson 🦄@brysonbort·1d

@joshcorman Good luck in testimony today!

English

Josh Corman ♘@joshcorman·1d

🔁: We are over-dependent on undependable technologies… exposing us to accidents and adversaries… with escalating consequences…

English

222

Josh Corman ♘@joshcorman·1d

My Congress testimony #4 in 25h. Feeling urgency/responsibility. Water’s so prone to #VoltTyphoon / Iran ++ science.house.gov/hearings?Conte…

English

327

Josh Corman ♘ retweetledi

Chris Wysopal@WeldPond·2d

28 years ago today, 7 members of the hacking group @L0phtHeavyInd told the U.S. Senate they could "shut down the internet in 30 minutes."

English

144

850

51.1K

Josh Corman ♘ retweetledi

I am The Cavalry@iamthecavalry·2d

Go @joshcorman ! Banging the life-safety drum for ~13 yrs - 16 if you see roots in RuggedSoftware.org manifesto

Institute for Security and Technology@IST_org

🚨Hearing Alert: Congress wants to hear from UnDisruptable27! On 5/19, IST’s @joshcorman will testify before @housescience in a hearing on efforts to protect the nation's drinking water and wastewater systems from growing cyber threats. Follow our socials to watch the hearing live! Learn more: congress.gov/event/119th-co…

English

484

Josh Corman ♘@joshcorman·3d

@snlyngaas Wait…. Ya mean… With great connectivity comes great responsibility? Ya don’t say

English

Sean Lyngaas@snlyngaas·3d

Another example of critical infrastructure sitting online that shouldn't be:

Sean Lyngaas@snlyngaas

New --> Hackers have breached automatic tank gauges (ATGs) at gas stations in multiple states. US officials suspect Iran. ATGs monitor the amount of fuel in storage tanks. cnn.com/2026/05/15/pol…

English

456

Josh Corman ♘@joshcorman·3d

@brysonbort @ArmyCyberInst Can’t wait to hear - at least the parts I can hear

English

Bryson 🦄@brysonbort·3d

Supporting critical infrastructure security today at the @ArmyCyberInst Jack Voltaic exercise. 🦄🇺🇸

English

648

Josh Corman ♘@joshcorman·3d

Our #UnDisruptable27 funder @craignewmark helps to open day 2 of our programming. Get tickets while you can to hear how it’s going!

Institute for Security and Technology@IST_org

🚀 #CriticalEffectDC is excited to welcome @craignewmark, Mark Bristow, Bob Kolasky & Lauren Zabierek to this year’s speaker lineup! #CriticalEffectDC connects policymakers, think tanks, the media & more with the experts securing our lifeline critical infrastructure. ➡️ Register to attend: bit.ly/49n0jyo

English

531

Josh Corman ♘ retweetledi

ICS Village@ICS_Village·3d

Monday checklist: ✅ Reopen the 37 tabs you swore you didn’t need ✅ Remember what your calendar is trying to tell you ✅ Pretend your inbox is under control ✅ Register for Critical Effect before the week gets away from you This year’s speaker lineup includes @CISAgov Acting Director @NMAndersen as keynote, with Andrew Krapf of @LoudounWater , Joe Slowik of @Dataminr , and Virginia Wright of @INL joining Tracks 2 and 3. Critical infrastructure security, practical conversations, and people who actually know what they’re talking about. What more could you want? Early bird pricing still applies! Register now: eventbrite.com/e/critical-eff… #CriticalEffectDC #OTSecurity #UnDisruptable27

English

381

Josh Corman ♘ retweetledi

craig newmark@craignewmark·3d

Threat actors infiltrated the popular edtech platform Canvas this month, disrupting operations at more than 8k schools during finals week. Canvas’s parent company has now paid a ransom to ensure the return of stolen data. @IST_org’s Michael Klein spoke to @HigherEdDive on the decision: highereddive.com/news/canvas-ow… #CyberCivilDefense #Take9

San Francisco, CA 🇺🇸 English

907

Josh Corman ♘@joshcorman·15 May

@robertgraham @lcamtuf Hi

123

Robert Graham@robertgraham·15 May

@lcamtuf I think @joshcorman has been doing this for years.

English

172

Josh Corman ♘@joshcorman·15 May

Reflecting on which time horizons people live through: -Past tense? -Present tense? -Future tense? -(Near | Mid | Long) term? Yours?

English

290

Josh Corman ♘ retweetledi

Shaun Waterman@WatermanReports·14 May

Water is one of the most relied-upon services of all, and yet one of the most poorly cyber-defended critical sectors, way behind power or telecom, which makes it a target for hackers. My story for @ISMG_News' @OTtoday_ ft @joshcorman @ElisityInc @pkupisie ot.today/russian-attack…

English

249

Josh Corman ♘@joshcorman·12 May

Interesting… as a formally trained philosopher, long time product security/safety pro, & OG force behind #SBOM

Robert Hansen@RSnake

Lib Theseus is out! It's basically a skill that removes your 3rd party code and replaces it with 3rd party code. It removes CVEs, and can actually dramatically improve security as a consequence, though it's mainly meant for compliance.

English

540

Josh Corman ♘@joshcorman·12 May

@IST_org @housescience Hear loads more about water++ Jun 17&18 at critical-effect.org DC w/ @IST_org @ICS_Village @brysonbort Grab early bird tix

English

243

Institute for Security and Technology@IST_org·12 May

English

1.1K

Josh Corman ♘@joshcorman·12 May

Excited to testify on weathering coming storms to water infra. No water, no hospitals, no kidding in 2-4hrs UnDisruptable27.org

Institute for Security and Technology@IST_org

English

483

Josh Corman ♘ retweetledi

Institute for Security and Technology@IST_org·11 May

🚀 #CriticalEffectDC is today announcing the first round of speakers for this year’s event! Presented by @ICS_Village, in partnership with IST’s #UnDisruptable27 project and AKin, Critical Effect DC ‘26 connects policymakers, think tanks, the media, and the public with the OT and ICS experts on the front lines of securing national security, public safety, and human life. ➡️ Register to attend: eventbrite.com/e/critical-eff…

Institute for Security and Technology tweet media

English

419

Josh Corman ♘@joshcorman·10 May

@Dave_Maynor @dinodaizovi And as I learned from you: Direct Meory Access… means… Direct. Memory. Access. …

English

David Maynor@Dave_Maynor·10 May

@dinodaizovi Without digging in I suspect it will use DMA as the primitive for system access?

English

177

Dino A. Dai Zovi@dinodaizovi·10 May

This is a good example of the types of vulnerabilities that occur at the boundary between independent systems (OS kernel on application processor, firmware on GPU), but can be leveraged to attacker advantage because they both have access to main memory.

1ce0ear@1ce0ear

Going to present an unconventional exploit ;) By corrupting a GPU stack pointer register as part of the TBDR pipeline and some blackbox work, GPU hardware may write vertex / pixel shader to arbitrary pages. Ultimately, the hardware can patch AP kernel back~

English

6.6K

Josh Corman ♘@joshcorman·9 May

@anton_chuvakin CVE & NVD won’t keep up… KEV won’t either. So unreliable indicators…

English

122

Dr. Anton Chuvakin@anton_chuvakin·8 May

OK, humans, I plan to vibe code an app to predict the coming of vuln apocalypse, like when do we know it is here. Growth in KEVs? Lowering of VRP numbers? More vulns in general? What else to track? and YES, I can ask AI .. and I will but I also want to ask you humans...

English

2.9K

Keşfet

@anton_chuvakin @RoRoRah @brysonbort @L0phtHeavyInd @snlyngaas @ArmyCyberInst @craignewmark @CISAgov