Matt Culbert

I'm releasing an unfinished tool to use DNS as a C2 comm method github.com/matt-culbert/p… As of right now, it doesn't have the capability to execute commands, but all communication is made to look like DNS requests

Experiencing some pretty hardcore burn out in malware. However, a word of advice for the noobs, or less-er experienced people in cybersecurity, "burn out" is part of the natural progression of this ecosystem and it happens to everyone. Your brain is a muscle (not literally, but brains have this dumb stuff called neuroplasticity, some nerd stuff, whatever), and just like a muscle, you need down time to heal, and science, or something. Myself personally, I tend to go through waves of absurd productivity with little to no pacing. I get extremely excited, rip through code, ... and then lose control and crash and burn. Then it takes me anywhere between a few days, ... or few weeks, ... or worse case a few months to recompose myself and get back in the game. This is a good opportunity to switch it up a little bit. Instead of going schizo on malware, I've been exploring the internet, reading about current geopolitical stuff, and reading some psychology stuff. I personally think it's important to keep "exercising" the muscle (plus I like learning), but some of my peers decompress altogether and switch to consuming high quality brain rot. Anyway, the point being, if you've been going hard and suddenly you feel disappointed, or sad, or don't feel that "spark", or feel yourself struggling to even do a few lines of code, it is almost certainly burn out. I know some nerds are kind of hard on themselves, so don't beat yourself up if you feel this way. It happens to all of us (unless you're abusing narcotics to stay locked in). Take this as a sign and use the opportunity to do something else. One day you'll be doing something and out of seemingly nowhere you'll feel that "spark" again and be like HOLY FUCK, I WANT TO CODE (or whatever you do). Pic unrelated

“Someone decided to compress the kill chain. Someone decided that deliberation was latency. Someone decided to build a system that produces 1,000 targeting decisions an hour and call them high-quality. Calling it an “AI problem” gives those decisions and people a place to hide.”

“It is beneath my dignity to let myself be run over by any trolley, and particularly this trolley, burdened as it is by a cape and a stupid hat.” I wrote for Defector about boycotting Harry Potter, the ‘safe’, kindly face of anti-trans politics: defector.com/its-time-to-gr…

This position is so obviously and wilfully moronic at this point that even Variety is not buying it

lmaoooo remind me to never get on hannah einbinder’s bad side

It seems we just bombed some residential buildings in an attempt to kill a former diplomat who was trying to facilitate negotiations. A civilian trying to *end* hostilities, surrounded by other civilians in their homes. We are completely lost.

tmz: we tracked down all 86 politicians who were refusing to pay TSA agents and asked them why they are little bitch boys nyt: melania makes an incredible peach cobbler

the real reason why they try to eliminate the humanities

Things like this hit me especially hard after starting to read “thirty-two words for field,” which came out before AI took off, and talks about the richness in languages like Irish that we are losing

Yep. and from Google:

Antony Blinken’s State Department said they would not sanction this unit that killed a 78-year-old Palestinian-American, because they trusted Israel to fix things. 2 year later, the unit assaults a CNN crew. Blinken is now a board member at the Center for American Progress.

The IDF took what appears to be unprecedented action against the battalion involved in my team's assault & detention. In many ways, that's due to our position as US journalists. In too many cases involving Palestinian journalists & civilians, we've seen a lack of accountability.

Microsoft / GitHub injecting ads into CoPilot generated PRs: welcome to the future! notes.zachmanson.com/copilot-edited… (yes, this was a confirmed "feature" from someone on the CoPilot team; apparently they are disabling it after backlash)

The Expanse has NINE novels, nine novellas and short stories, the roleplaying game, 62 episodes of TV over six seasons to draw from… yet they needed AI slop for “vision coordination” and “inspiration”?!

This is the key point. Carlson is going viral and winning these encounters because his opponents are all stuck on scripts and talking points and have never been challenged on them, even mildly. This is part of a much bigger story of American media decline and collapse.

I have waited years for someone to challenge this nonsense phrase on mainstream media. An indictment of the liberal PEP media that it took Tucker Carlson to do it. And he undeniably did it well.

Damning evidence suggesting that compliance certificates issued by Delve (a startup founded in 2023) are fraudlent + worthless I never understood how eg Cluely could be GDPR, SOC2, HIPAA compliant in ~a week. Now we know: they probably aren't. Just wild substack.com/home/post/p-19…

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

How many sign-in logging bypasses can Azure Entra ID contain? At least 4.

trying to explain the Face Dancers to a heterosexual man: ok so imagine a scheming eunuch of the Ming dynasty had a nuclear weapon