SwiftOnSecurity

180.7K posts

SwiftOnSecurity banner
SwiftOnSecurity

SwiftOnSecurity

@SwiftOnSecurity

computer security person. former helpdesk.

Cyber, USA Katılım Nisan 2014
9.2K Takip Edilen411.3K Takipçiler
SwiftOnSecurity retweetledi
Jgmac1106
Jgmac1106@jgmac1106·
@SwiftOnSecurity See new Active Directory deploys all the time in manufacturing with onprem ERPs Most are utilizing Entra Connect
English
0
1
2
708
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
So what are we looking at these days when it comes to new companies having an Active Directory.
English
5
0
7
2.3K
SwiftOnSecurity retweetledi
Adam Reineke
Adam Reineke@AdamTReineke·
Build cool shit. But wear safety glasses. "I haven't seen this before"... "like you took sandpaper to your eye", the doc said. Got a faceful of dust when pushing a panel of mineral wool insulation into a stud bay. Washed my eye out, went to the ER anyway since it keep itching.
Adam Reineke tweet media
Redmond, WA 🇺🇸 English
2
3
25
4.8K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
@DustinFinn Honestly that's probably the better choice but the patriot link has some other tools that do something slightly different so you're aware of them
English
0
0
4
303
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
Time will do what no villain could imagine
English
4
5
50
9.2K
R136a1
R136a1@TheEnergyStory·
I just finished a 108-page whitepaper on a complex, air-gapped malware framework I found a while back. I'm calling it BeheMOF (you can check out the cover page below). I know a handful of other researchers are aware of this threat too. Getting my hands on a real, targeted APT framework like this (rather than the usual pseudo copy-and-paste stuff) is a dream for any malware researcher and it finally became a reality with this threat. The whitepaper is a complete technical analysis of this multi-stage malware framework, covering its infection chain, persistence mechanisms, lateral movement, exfiltration channels, detection opportunities and remediation procedures. Because several components were missing from the analyzed files, parts of the overall architecture remain unknown. The five-month analysis process was carried out as follows: - Phase 1 (3 Months): Pure manual reverse engineering. Extracted, decrypted, decompiled and formatted all multi-stage payloads, scripts and configurations to get a basic understanding of the malware. - Phase 2 (2 Months): AI-assisted analysis using Claude Code (Opus/Sonnet) and Gemini to map out the complex codebase relationships. My takeaways on using AI for malware analysis: When it did work, it was incredible helpful for understanding the malware's big picture, but it frequently hallucinated basic facts. The process started smoothly with Claude Opus 4.7, but requests were soon blocked by Anthropic's usage policies, even though the context was purely security research. Joining their Cyber Verification Program absolutely changed nothing, a problem that persisted when I tested Opus 4.8. Consequently, I shifted the analysis to Claude Sonnet 4.6 and later to Sonnet 5, which also triggered partial blocks. Thus, while AI is a powerful assistant for reverse engineering, almost every technical claim requires manual verification. Given how sensitive and targeted this malware is, dropping the report publicly isn't an option right now (even a hypothetical TLP:CLEAR version is completely off the table). However, I am open to sharing it with verified infosec peers (real identities only) in exchange for similar complex malware analysis. If you're interested, feel free to reach out via DM here or through the contact info on my website.
R136a1 tweet media
English
17
85
374
21.6K
LaurieWired
LaurieWired@lauriewired·
@ID_AA_Carmack spot on, very close to what SK Hynix was discussing just a few months ago! (H3)
LaurieWired tweet media
English
10
27
958
41.3K
John Carmack
John Carmack@ID_AA_Carmack·
Memory cost and capacity are significant issues for AI accelerators. Unlike game rendering, model inference can have a deterministic memory access pattern. You don’t need “random access memory” at all for model weights, and you could tolerate cold-start latencies in the multiple milliseconds, as long as continuous reads were delivered at the necessary bandwidth. NAND flash is over 100 times cheaper per GB than HBM, so there should be opportunity there, even after giving a flash controller a 1024 bit interface with HBM bandwidth. You could make a specialized pin protocol that just supported pipelined transfer of full 16KB+ pages from the flash to program-managed accelerator scratchpad memory and improve per-pin performance over HBM, but it might be more convenient to make it still look like a true random access memory with very fragile performance characteristics, where anything but sequential reads falls off a 1000x+ performance cliff. That has the advantage of automatically using existing cache hierarchies, and providing a natural path to update the flash memory with new model weights. With the stream-to-scratch interface, code has to be completely rewritten before it works at all, while the ram-emulation interface will start off just extremely slow, and you can incrementally sort out the changes for full performance. There may be cases where there isn’t enough scratchpad SRAM to hold the weights for a layer, which might force you to deploy the old optical drive optimization technique of duplicating data in multiple places on a sequential read to avoid seeking, but there would be capacity to burn. It might be possible to do something like cuda graph capture to record a memory access trace and have everything magically remapped to a linear sequence, but deploying programmer / agent elbow grease to manage transfers and access in a scratch ram ring buffer would be lower risk. A split memory system consisting of some channels of flash and some channels of HBM will probably be suboptimal compared to a uniform memory, but it could be much cheaper, and allow much larger models to be run. I think th case is strong for inference, but you have to stretch more for training. You can still linearize all the weight memory accesses, both reads and writes, but flash memory would quickly wear out from the writes, even if they were all perfectly page aligned. Replacing low-latency HBM with massively parallel cheap(er) DRAM at high latency might still be a worthwhile cost savings.
English
299
500
7.3K
1.7M
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
"Special Agents executed a search warrant at the Airbnb where the group was staying. Investigators recovered evidence of a large-scale financial fraud operation, including: • More than 150 skimming devices • 237 re-encoded gift cards" dallascounty.org/Assets/uploads…
English
6
9
154
29.8K
SwiftOnSecurity retweetledi
spencer
spencer@techspence·
For the IT admins & security folks who are unaware... In Windows Server 2025, RPC over named pipes (via SMB) for the Print Spooler is disabled by default. I believe this started with Windows Server 2022 23H2 and up. Also EFS is now similar to WebClient where it can be targeted but has to be activated first. There's a netexec module to perform this one for inquiring minds... It's also common to see DFS on Domain Controllers but of course it's not enabled by default. So tools like Coercer seem to not be too successful against Server 2025 in basic out of the box configurations.
spencer tweet mediaspencer tweet media
English
9
43
255
23.2K
💻 Sherrod
💻 Sherrod@sherrod_im·
⚠️Change of Affiliation⚠️ I have joined Palo Alto Networks Unit 42 as VP of Threat Intelligence and I couldn't be more excited to work with this incredible team! (You can read more at LinkedIn if you're into that)
English
144
26
895
87.2K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
@mrjhnsn Oh I replied to the wrong post!!! please ignore this I completely agree with you oops
English
1
0
2
77
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
This is absolutely not arguing the quality of breeds, but a type. Broad experts that soak in information will continue. But there's just something possibly unreproducible for scattershot forcible manner of information ingestion subculture forum touchpoints engendered as a kind.
English
0
1
14
4.8K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
I feel people like Doug Demuro and ilk are possibly an ephemeral breed. The comprehensive ~breadth~ and centrality of forum culture to wade through from a young age in the 90's to advent of Discord is not something exactly replicable in another manner, especially now.
English
8
2
44
11.1K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
Happy 10 year anniversary to the Microsoft bae intern email. 🥳 HELL YES TO GETTING LIT ON A MONDAY NIGHT WITH HELLA NOMS AND YAMMER BEER PONG TABLES Yes, I set a reminder for this.
SwiftOnSecurity tweet media
English
12
13
341
45.1K
TracketPacer
TracketPacer@TracketPacer·
would you pay someone who’s in their first week of their first job in cybersecurity to be your career coach?
English
29
3
195
19.9K