Tom🌶\(^-^)/🌶 infosec.exchange/@tomlawrence

in addition to Twitter here are all the places to connect or follow me: Sites: lawrencesystems.com forums.lawrencesystems.com Socials: bsky.app/profile/lawren… linkedin.com/in/lawrencesys… @TomLawrence" target="_blank" rel="nofollow noopener">infosec.exchange/@TomLawrence

@Cr3vs @IntCyberDigest McDonalds sells the most burgers, does not make them the best burgers. Also, I truly doubt your claim "There are more FortiGates deployed in the world than all other firewall vendors combined."

@IntCyberDigest That vulnerability is in FortiAuthenticator and was internally discovered and reported. Hate them all you want but there are more FortiGates deployed in the world than all other firewall vendors combined.

There’s a less known edge case for Fortinet devices where, rather than act merely as a remote code execution platform, they can serve as firewalls. fortiguard.fortinet.com/psirt/FG-IR-26…

Another Windows zero day released by Nightmare Eclipse (sort of) It turns out Microsoft just straight up didn't patch an old CVE from 2020 correctly. github.com/Nightmare-Ecli…

Our CEO @KyleHanslovan took Center Stage at #WebSummitVancouver with @Hiive_HQ CEO @SimDesai to share what founders think about liquidity in the age of AI. Kyle's take is simple: giving employees access to liquidity isn't a distraction from building, it's part of it.

I just reverse engineered the YellowKey BitLocker bypass Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick. This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.

One ransomware attack can shut down an entire business in minutes. No files. No access. No time to react. That’s why we built SnapShield a ransomware-activated fuse for your storage environment. ⚡🔒 Using real-time behavioral analysis, SnapShield detects ransomware activity and instantly isolates the infected client before the attack can spread. The infected system gets cut off. Everyone else keeps working. No unnecessary downtime. No full-environment shutdown. Just smarter ransomware protection built the 45Drives way. 🎥 Watch the full video to see SnapShield in action: ow.ly/n6fC50YZ8y0 #45Drives #SnapShield #Ransomware #CyberSecurity #DataProtection #Infosec #Storage #Tech

Tom Lawrence (LinkedIn):

What happens when ransomware gets past your firewall? That’s the question we answer in our latest demo of SnapShield by @45Drives a storage-layer defense built to detect ransomware behavior, instantly isolate infected machines, and stop attacks before they spread. In this video, Brett launches real ransomware, including LockBit, in a controlled environment to show how SnapShield responds in real time. Featuring a special appearance from @TomLawrenceTech , this video breaks down: • Behavioral ransomware detection • Instant client isolation • Fast snapshot recovery • Protection at the storage layer Watch the full video to see how SnapShield helps protect critical data when traditional defenses aren’t enough: ow.ly/gSvy50YVMOC #CyberSecurity #Ransomware #DataProtection #45Drives #SnapShield #InfoSec #StorageInfrastructure

We changed how bug reports and feature requests work in the NetBird GitHub repo. Short version: new reports start as Discussions, not Issues. They're validated, confirmed stuff gets promoted to Issues.

On day 6 of the intrusion, the threat actor browsed to temp.sh — a temporary file-sharing site commonly abused for data exfiltration and payload hosting. Full report 👇 thedfirreport.com/2025/12/17/cat… #DFIR #Ransomware #ThreatHunting #BlueTeam #CyberSecurity

Introducing OhMyPCAP 2.0! OhMyPCAP is a standalone web application for analyzing PCAP files. This new version has TONS of new features to give you an even better pcap experience! #pcap #infosec #cybersecurity #dfir

@BentleyAudrey I had a few of those on my "Firewall" and this one.

Excuse me 😳

We are very happy that today Apple issued a patch and a security advisory. This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted. Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release. You can read more here: support.apple.com/en-us/127002 Note that no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications. We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.

Full writeup is out for Nightmare-Eclipse extravaganzas! Root cause analysis was a popped FortiGate SSLVPN, and some yamux tunneling in the mix to boot 🙃 huntress.com/blog/nightmare… Hat tip to @RussianPanda9xx @Curity4201 @sudo_Rem @wbmmfq @LindseyOD123 @aaron_deal @Antonlovesdnb @HuntressLabs et. al. for running the ball for this one!

@HackingDave @HackingLZ @cantcomputer Nice! The next fun part is building out the infrastructure to support it, lots of watts, lots of heat, but having it all under your control makes it all worth it.

Pulling the trigger on ordering 8xh100s for TrustedSec. The inconsistencies on frontier models plus how deep we are going with research is a must. Now I’ll have my own dedicated coding system. Excited ! Maybe I’ll share with @HackingLZ and @cantcomputer ..

The X15 is here. The first product in the Unraid Signature Series, jointly engineered with 45HomeLab. i7-14700 w/ iGPU 16GB ECC RAM (up to 128GB) Direct-wired LSI 9400 HBA Dual 10GbE Lifetime Unraid license included youtube.com/watch?v=MImwb0…

Our latest research on BlueHammer & RedSun highlights a shift toward "hands-on-keyboard" attackers weaponizing exploits at record speed. "Scenarios like these cause us to race with our adversaries." -@_JohnHammond Full story by @lorenzofb at @TechCrunch techcrunch.com/2026/04/17/hac…

The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques. Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇

🚨 We’re Hiring and You’re Invited 🚨 @Protocase, ProtoSpace Mfg, and @45Drives are hosting our first Career Fair, and it’s designed to give you a real understanding of what it’s like to work in advanced manufacturing and tech. This isn’t just about dropping off a résumé it’s a chance to learn, experience, and explore: • Take part in on-site interviews and get immediate feedback • Complete hands-on skills assessments to see how your abilities apply in real roles • Walk through our facility and see how products are built from start to finish You’ll get a clearer picture of the opportunities available, the kind of work we do, and the skills that matter in this industry. We’re growing and looking for people who are curious, willing to learn, and ready to contribute whether you’re just starting out or bringing years of experience. If you want to better understand where you could fit and what a career here looks like, this is the place to start. 👉 Register here to attend: workdifferently.info/careers/fair/

I'm amazed none of these videos are picked up by YouTube's 'Likeness Detection' feature (though I guess, that's why it's in Beta?). cc @YouTubeInsider @YouTubeCreators (Yes, all of these videos contain my AI-cloned likeness and cloned voice. I submitted a 'privacy violation'.)