Andrew King (AJ)

12K posts

Andrew King (AJ) banner
Andrew King (AJ)

Andrew King (AJ)

@ScrumWhat

Father, biker, adrenaline junkie, PC gamer, vaccinated. CISO @hunterstrategy / Faculty Member @IANS_Security. My views are my own. (He/Him)

Boca Raton, FL Katılım Nisan 2010
925 Takip Edilen2K Takipçiler
Sabitlenmiş Tweet
Andrew King (AJ)
Andrew King (AJ)@ScrumWhat·
Reminder: Everything you do is either goal achieving, or stress relieving. Make sure you balance between the two is correct.
English
1
2
30
0
Andrew King (AJ) retweetledi
Kevin Cook
Kevin Cook@Phunniman·
@DoW_CIO This is the literal definition of insanity. CMMC was birthed because defense contractors don’t actually implement cybersecurity requirements. Going back to self-assessment only advances the militaries of our adversaries.
English
0
1
1
51
Andrew King (AJ)
Andrew King (AJ)@ScrumWhat·
@dongulling @DoW_CIO If you can’t run a strong enough program…then you don’t get to be in business. That’s like saying too many small airplane makers are struggling to meet safety requirements so we just relaxed them. From a cybersecurity community and impact this is horrible move
English
1
0
1
14
Don Gulling
Don Gulling@dongulling·
@DoW_CIO The VAST majority of smaller DoW contractors were never going to make it in time, & many just gave up. DoW intervened to save the day. There aren't enough assessors, or enough time - and the CUI requirements are very onerous for small job shops. Right move IMO.
English
2
0
14
728
@DoW_CIO
@DoW_CIO@DoW_CIO·
The DoW is immediately suspending CMMC Phase II requirements to clear bureaucratic roadblocks for the DIB. We must scale warfighter readiness, not paperwork. What you need to know: · Phase II & costly administrative burdens are paused. · Phase I self-assessments remain firmly in place. · NIST SP 800-171 Rev 2 and DFARS 252.204-7012 compliance are still required. · Focus is shifting to tangible cybersecurity and operational resilience, not red tape. To uplift cybersecurity while eliminating unnecessary bureaucracy, we’ve launched a 60-day review on the future of the program to be led by a CMMC Reform Task Force. We are also seeking industry perspectives from the DIB via our new RFI on driving scalable, realistic security measures and operational resilience without compliance burden. Watch the full remarks from @DoWCIODavies below. Read the press release: war.gov/News/Releases/… Learn More: dowcio.war.gov/brilliantbasic…
English
83
137
942
171.5K
Andrew King (AJ)
Andrew King (AJ)@ScrumWhat·
“Costing too much to comply” aka getting a structured, 3rd party validated security program is too expensive. This is/was a genuine differentiator in the market for DIB ESP/CSP’s and for those that had already complied.
Eric Geller@ericgeller

The Trump administration has suspended the second phase of a cybersecurity regulation program for defense contractors, saying it was costing those firms too much money to comply: war.gov/News/Releases/… It's the latest hurdle in a long-running saga for these rules.

English
0
0
1
170
Andrew King (AJ) retweetledi
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
it wasn't a bug. they got caught vacuuming local repos and silently flipped the kill switch on their exfiltration servers overnight. zero public statement, just quietly masking the spyware. if they can pause the data grab remotely, they can turn it back on just as fast. but temporarily disabling the upload pipeline after getting exposed doesn't un-exfiltrate the .env files and git histories they already took. they didn't fix a bug, they just got caught running a deliberate data harvest. the keys are already burned. @elonmusk, your xAI team owns your users: 1. a public transparency report and an explanation. 2. a following up of how to handle the uploaded contents.
蓝点网@landiantech

🚨🚨🚨在被曝光擅自收集开发者完整仓库后,#GrokBuild 昨夜悄悄调整云端策略不再上传数据,这似乎是有意识的行为而非 BUG。 昨天蓝点网提到 Grok Build 会上传开发者的整个仓库,这远远超出模型所需的上下文代码范围,SpaceXAI 到现在还未发布任何回应,但调整服务器临时关闭了数据上传。 查看全文:ourl.co/113901?x

English
38
117
892
44.9K
Andrew King (AJ) retweetledi
HunterStrategy 🇺🇦
HunterStrategy 🇺🇦@HunterStrategy·
🔥 We're officially on NASA SEWP VI. Translation for anyone not fluent in government contracting: federal agencies can now bring Hunter Strategy in fast, at one of the lowest access fees in the business, through a vehicle that's been the gold standard for IT procurement since 1993. Ten-year runway. Let's get to work. #SEWPVI #GWAC #GovCon #FederalIT
HunterStrategy 🇺🇦 tweet media
English
0
1
1
110
Andrew King (AJ) retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️ BREAKING: xAI's Grok Build CLI was uploading entire Git repositories to a Google Cloud bucket, private codebases and unredacted secrets included. The uploads quietly stopped via a hidden server-side flag, and xAI still has not said a word about scope, retention, or deletion. The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed. The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads. Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.
International Cyber Digest tweet mediaInternational Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
428
1.1K
8.4K
1.9M
Andrew King (AJ) retweetledi
ai maxxer
ai maxxer@agentsmaxxing·
Anthropic just released a free course on loop engineering with Fable 5 00:00 - how Claude Code works under the hood 05:01 - the agentic loop explained 16:21 - the function that 99% of devs ignore 19:01 - why voice beats writing 32:34 - automatic code review with draft PRs 58:39 - Fable 5 for work that's not code This free course replaces any paid Claude Code tutorial. Bookmark it for later.
aasha@aashatwt

x.com/i/article/2075…

English
25
144
779
107.3K
Andrew King (AJ) retweetledi
Vaibhav Sisinty
Vaibhav Sisinty@VaibhavSisinty·
Someone on Reddit shared 11 things about Claude they wish they knew 12 months ago. After 18 months of daily use. I went through all of them. Every single one is worth knowing. 🧵
Vaibhav Sisinty tweet media
English
11
143
1.5K
129.3K
Andrew King (AJ) retweetledi
Init1Security
Init1Security@init1security·
RTFM Videos on YouTube great Red Team Resource: @rtfmseries" target="_blank" rel="nofollow noopener">m.youtube.com/@rtfmseries
English
2
21
174
18.9K
Andrew King (AJ) retweetledi
Nathan McNulty
Nathan McNulty@NathanMcNulty·
Fun fact - you can just pre-create folders and deny users read access Obviously we want real app control, but folders are free and zero risk ;) Example: github.com/nathanmcnulty/…
Ayush Anand@Securityinbits

32 ransomware groups abuse AnyDesk for persistence, per the Ransomware Tool Matrix. Longest row in the RMM table. The setup is one piped command: echo Admin#123 | AnyDesk.exe --set-password 2 gifts for defenders: 1. Password lands in plaintext in the echo command line 2. --set-password survives any rename Sigma rule: AnyDesk Piped Password Via CLI Hunt the flag + echo pipe 🔎

English
8
22
144
21.6K
Andrew King (AJ) retweetledi
Chris D. Jackson
Chris D. Jackson@ChrisDJackson·
Isn't it funny how the mainstream media suddenly loses interest when the truth destroys one of its favorite anti-Biden narratives. Yes, you read that right: @HunterBiden won a defamation case over bullshit claims that he was corrupt. And remember the FBI informant who claimed Joe and Hunter Biden took bribes from Burisma? He pleaded guilty to lying. But you probably didn't know that because it only made it to the back page headlines at the time. The press gave the accusations endless headlines and wall-to-wall coverage. But when the stories collapse, the accusers are exposed, and the Bidens are vindicated? Crickets. Because the lie was profitable. The truth was inconvenient. The lie gets the headline. The Bidens get smeared. The truth gets buried.
Chris D. Jackson tweet media
Political Polls@PpollingNumbers

Hunter Biden awarded $1.7 million in defamation lawsuit against former Overstock CEO Patrick Byrne Patrick Byrne falsely claimed Hunter sought an $800 million bribe from Iran in exchange for influencing U.S. policy.

English
260
9.8K
24.3K
501.4K
Andrew King (AJ) retweetledi
Md Ismail Šojal 🕷️
A file transfer setup using no internet, Bluetooth, or USB drive. The sender converts the file into encoded QR code frames displayed rapidly on screen. The receiver scans those frames continuously with its camera and reconstructs the original file. The camera is the only communication bridge. Works entirely offline particularly relevant for air-gapped systems where network transfer isn't an option.
English
45
194
1.1K
62.1K
Andrew King (AJ) retweetledi
Wall Street Apes
Wall Street Apes@WallStreetApes·
The CEO of StubHub exposed in SEC documents to own a hedge fund thats scalping millions of tickets on StubHub making a fortune Everything is a scam “StubHub bills itself as an online marketplace for fans where they can buy and sell tickets, but it turns out that StubHub CEO himself also has a hedge fund that is scalping millions of dollars worth of its own tickets” “The company went public on the New York Stock Exchange last fall. They had to file documents to the Securities and Exchange Commission, and in those SEC filings, we find some interesting information. The CEO, Eric Baker, actually owns and manages a hedge fund by the name of Andro Capital. Its business: selling millions of dollars worth of tickets on StubHub — So essentially, StubHub and its CEO are in the business of mass scalping” Here’s a step by step of how the scam works - StubHub CEO’s Andro Capital buys large numbers of tickets, sometimes in bulk from primary sellers, other brokers and events - They then list and sell those same tickets on StubHub at much higher prices - When fans buy the tickets, Andro makes a profit on the price difference, this is the scalping markup - StubHub helps them by handling the listing, pricing and delivery of the tickets, sometimes with special arrangements or lower fees for Andro The result is millions of dollars in ticket sales flow through Andro on StubHub, and the profits go back to the hedge fund that StubHub CEO Baker owns and manages It means with his big money and influence he can move in early, gets the tickets for events, then mark them and rob everyone blind
English
751
5.2K
19K
1.3M
Andrew King (AJ)
Andrew King (AJ)@ScrumWhat·
As is almost every commercial product in existence today. Failure by design.
Peter Girnus 🦅@gothburz

I am the Director of Product Lifecycle at Nintendo, and this month a French agency fined us 35 million euros for the two years we spent not telling you your controller was wearing out on schedule. Let me be precise, because the agency was. They found we knew about the drift in 2018. We told the public in 2020. You were in the room between those two dates, and so were your controllers, and so was your wallet. Here is what drift is. The little stick that moves your character starts moving it without you. The character walks into a wall. You blow on the stick. You reset it. You assume you did something. That last part is the design. We call it drift. Drift sounds like weather. Weather is nobody's fault. The word does a great deal of work, and I chose it, and I would choose it again. What we did not call it, for two years, was a known defect, because a known defect comes with an obligation, and an obligation comes with a repair, and a repair is a controller we fix instead of a controller you buy. So you bought. A second controller, a third, at full price, to solve a problem we had already named in a document you were not allowed to read. The French have a phrase for this. The phrase is 35 million euros. We are not admitting guilt. Read the settlement. It says amicable resolution, which is the sound a company makes when the fine is smaller than the quarter. I have the math on my screen. The fine is a number. The controllers you replaced are a bigger number. Between the two of them is my job. You think you bought a console with two controllers. You bought a console, the first two controllers, and a subscription to the rest of them, billed per drift, and we never had to send an invoice, because you blamed your thumbs.

English
0
0
0
236
Andrew King (AJ) retweetledi
forefy
forefy@forefy·
Another gem from the old EDR-evasion days drawer Tested on latest mac OS's and apple silicone, still working after all these years Not signed by any EDR I tested it against, and dumps hashcat-ready password hashes for lateral movement and privilege escalation within macos environments post-compromise This is obviously shared not for blackhats, but for raising the awareness to EDR and defensive teams that this capability still works, and I encourage defenders to share, post, retweet this until it stops working lol github.com/forefy/mimic
forefy tweet media
English
3
15
105
9.1K
Andrew King (AJ) retweetledi
NIK
NIK@ns123abc·
>be Chang Liu >senior system electrical engineer at Apple >8 years working on iphone >january 2026: leave Apple to join OpenAI >apple asks for laptop back >ignore them >lmao it’s my laptop now >within HOURS of leaving >message Yu-Ting “Alyssa” Peng, friend at Apple: Liu: “I still have another computer” >uses it to access Apple secret info >within weeks, use HER Apple work laptop >february 9: try Apple’s network storage >cloud repo of confidential engineering files >authentication bug. still works! >message Peng: “LOL, I found out I can access the [network storage], so funny” Peng: “I’m ready” >while developing hardware for OpenAI >download DOZENS of confidential files >including a thousand-plus-page compilation of technical files >including MLB (main logic board) manufacturing + testing presentations >send Peng links to Apple’s proprietary folders >point her to specific project data >coach her how to copy files “to avoid trouble with the security team” >tell her which confidential Apple materials to study before her OpenAI interview >warn her another guy “fumbled” Tang Tan’s questions about a secret Apple project >“download some info” for her to review >tell her: switch to LINE Messenger so nobody sees this >she gets the OpenAI offer, leaves Apple April 16 >meanwhile every message was left on APPLE-ISSUED WORK LAPTOPS >july 10: Apple Inc. v. Chang Liu >named first. before OpenAI. before Tang Tan LOL so funny
NIK tweet mediaNIK tweet mediaNIK tweet mediaNIK tweet media
English
533
2.1K
17.4K
3.6M
Andrew King (AJ) retweetledi
Michael
Michael@endpointarena·
>i got banned from OpenAI for "Cyber Abuse" >no idea what I did >paste the ban notice into Codex >ask it to figure out what triggered the ban >Codex found that I asked it for an API key to my own server >Codex writes appeal >Codex submits appeal >a few minutes later appeal auto-approved by some AI at OpenAI banned by AI, convicted by AI, defended by AI, and pardoned by AI in about 10 minutes
Michael tweet mediaMichael tweet mediaMichael tweet mediaMichael tweet media
English
264
1.1K
18K
732.4K
Andrew King (AJ) retweetledi
DG🎭
DG🎭@DanielGilr44222·
Florida, is rolling out AI-powered cameras on its garbage trucks to scan properties for code violations, unpermitted renovations, & other issues. After installing FLOCK cameras on poles, the city is now adding mobile surveillance from trash trucks to monitor homes and yards. 🤦🏻‍♂️🤡
English
1.7K
5.4K
11.8K
744.9K