SwiftOnSecurity

180.7K posts

SwiftOnSecurity banner
SwiftOnSecurity

SwiftOnSecurity

@SwiftOnSecurity

computer security person. former helpdesk.

Cyber, USA Katılım Nisan 2014
9.2K Takip Edilen411.3K Takipçiler
Andrew Pla
Andrew Pla@AndrewPlaTech·
What if you could put Active Directory into source control? Join Fred Weinmann and me today at 2 PM ET for a live ADMF demo. Come see this PowerShell-backed tool in action and bring your questions! youtube.com/watch?v=3lokn0… #PowerShell
YouTube video
YouTube
English
3
4
29
7.6K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
Oh my God the Facebook media tab I just stumbled into is entirely AI slop. It's forever. Oh my God it's all fake. Holy shit it's so bad.
English
2
2
32
3.8K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
The longer prose is, in fact perhaps less precise it has become,and I don't actually know what you're saying anymore. This is happening to me increasingly. Just make your point. I know we're still setting the norms here. But I actually have to read what you say.
English
2
2
23
3K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
Even when I completely agree with what I'm reading about AI, the elaborative prose in an argument people are using makes me quickly doubt how much of your input was actually in it. Come on man no human wrote this. Why didn't you just give me your prompt wouldn't that be faster.
English
5
2
41
5.3K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
LCD Soundsystems? You ignorant zoomer they were called laser disks
English
3
0
31
4.3K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
So what are we looking at these days when it comes to new companies having an Active Directory.
English
21
2
81
23.2K
SwiftOnSecurity retweetledi
Jgmac1106
Jgmac1106@jgmac1106·
@SwiftOnSecurity See new Active Directory deploys all the time in manufacturing with onprem ERPs Most are utilizing Entra Connect
English
0
2
16
4K
SwiftOnSecurity retweetledi
Adam Reineke
Adam Reineke@AdamTReineke·
Build cool shit. But wear safety glasses. "I haven't seen this before"... "like you took sandpaper to your eye", the doc said. Got a faceful of dust when pushing a panel of mineral wool insulation into a stud bay. Washed my eye out, went to the ER anyway since it keep itching.
Adam Reineke tweet media
Redmond, WA 🇺🇸 English
5
6
125
16K
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
@DustinFinn Honestly that's probably the better choice but the patriot link has some other tools that do something slightly different so you're aware of them
English
0
0
4
560
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
Time will do what no villain could imagine
English
4
5
50
9.2K
R136a1
R136a1@TheEnergyStory·
I just finished a 108-page whitepaper on a complex, air-gapped malware framework I found a while back. I'm calling it BeheMOF (you can check out the cover page below). I know a handful of other researchers are aware of this threat too. Getting my hands on a real, targeted APT framework like this (rather than the usual pseudo copy-and-paste stuff) is a dream for any malware researcher and it finally became a reality with this threat. The whitepaper is a complete technical analysis of this multi-stage malware framework, covering its infection chain, persistence mechanisms, lateral movement, exfiltration channels, detection opportunities and remediation procedures. Because several components were missing from the analyzed files, parts of the overall architecture remain unknown. The five-month analysis process was carried out as follows: - Phase 1 (3 Months): Pure manual reverse engineering. Extracted, decrypted, decompiled and formatted all multi-stage payloads, scripts and configurations to get a basic understanding of the malware. - Phase 2 (2 Months): AI-assisted analysis using Claude Code (Opus/Sonnet) and Gemini to map out the complex codebase relationships. My takeaways on using AI for malware analysis: When it did work, it was incredible helpful for understanding the malware's big picture, but it frequently hallucinated basic facts. The process started smoothly with Claude Opus 4.7, but requests were soon blocked by Anthropic's usage policies, even though the context was purely security research. Joining their Cyber Verification Program absolutely changed nothing, a problem that persisted when I tested Opus 4.8. Consequently, I shifted the analysis to Claude Sonnet 4.6 and later to Sonnet 5, which also triggered partial blocks. Thus, while AI is a powerful assistant for reverse engineering, almost every technical claim requires manual verification. Given how sensitive and targeted this malware is, dropping the report publicly isn't an option right now (even a hypothetical TLP:CLEAR version is completely off the table). However, I am open to sharing it with verified infosec peers (real identities only) in exchange for similar complex malware analysis. If you're interested, feel free to reach out via DM here or through the contact info on my website.
R136a1 tweet media
English
17
85
374
21.6K
LaurieWired
LaurieWired@lauriewired·
@ID_AA_Carmack spot on, very close to what SK Hynix was discussing just a few months ago! (H3)
LaurieWired tweet media
English
10
27
958
41.3K
John Carmack
John Carmack@ID_AA_Carmack·
Memory cost and capacity are significant issues for AI accelerators. Unlike game rendering, model inference can have a deterministic memory access pattern. You don’t need “random access memory” at all for model weights, and you could tolerate cold-start latencies in the multiple milliseconds, as long as continuous reads were delivered at the necessary bandwidth. NAND flash is over 100 times cheaper per GB than HBM, so there should be opportunity there, even after giving a flash controller a 1024 bit interface with HBM bandwidth. You could make a specialized pin protocol that just supported pipelined transfer of full 16KB+ pages from the flash to program-managed accelerator scratchpad memory and improve per-pin performance over HBM, but it might be more convenient to make it still look like a true random access memory with very fragile performance characteristics, where anything but sequential reads falls off a 1000x+ performance cliff. That has the advantage of automatically using existing cache hierarchies, and providing a natural path to update the flash memory with new model weights. With the stream-to-scratch interface, code has to be completely rewritten before it works at all, while the ram-emulation interface will start off just extremely slow, and you can incrementally sort out the changes for full performance. There may be cases where there isn’t enough scratchpad SRAM to hold the weights for a layer, which might force you to deploy the old optical drive optimization technique of duplicating data in multiple places on a sequential read to avoid seeking, but there would be capacity to burn. It might be possible to do something like cuda graph capture to record a memory access trace and have everything magically remapped to a linear sequence, but deploying programmer / agent elbow grease to manage transfers and access in a scratch ram ring buffer would be lower risk. A split memory system consisting of some channels of flash and some channels of HBM will probably be suboptimal compared to a uniform memory, but it could be much cheaper, and allow much larger models to be run. I think th case is strong for inference, but you have to stretch more for training. You can still linearize all the weight memory accesses, both reads and writes, but flash memory would quickly wear out from the writes, even if they were all perfectly page aligned. Replacing low-latency HBM with massively parallel cheap(er) DRAM at high latency might still be a worthwhile cost savings.
English
299
500
7.3K
1.7M
SwiftOnSecurity
SwiftOnSecurity@SwiftOnSecurity·
"Special Agents executed a search warrant at the Airbnb where the group was staying. Investigators recovered evidence of a large-scale financial fraud operation, including: • More than 150 skimming devices • 237 re-encoded gift cards" dallascounty.org/Assets/uploads…
English
6
9
153
29.8K
SwiftOnSecurity retweetledi
spencer
spencer@techspence·
For the IT admins & security folks who are unaware... In Windows Server 2025, RPC over named pipes (via SMB) for the Print Spooler is disabled by default. I believe this started with Windows Server 2022 23H2 and up. Also EFS is now similar to WebClient where it can be targeted but has to be activated first. There's a netexec module to perform this one for inquiring minds... It's also common to see DFS on Domain Controllers but of course it's not enabled by default. So tools like Coercer seem to not be too successful against Server 2025 in basic out of the box configurations.
spencer tweet mediaspencer tweet media
English
9
43
255
23.2K