YSEByy

12.3K posts

YSEByy

@YSEByy

Security Engineer | OSCP | I don't post serious stuff that often | Former good boy | My views, not my employer(s)

Katılım Haziran 2011

317 Takip Edilen302 Takipçiler

YSEByy@YSEByy·20h

Todays mood is that my headphones dont go loud enough

English

YSEByy@YSEByy·5d

@IceSolst Don't have a talk specific but after every con I circle back to the idea of talking about actually doing sec eng in an org vs loose single usecase tools that the market is flooded. When scale and number of people come into play, shit hits the fan and nobody talks about it really

English

122

solst/ICE of Astarte@IceSolst·6d

Conference talk rejected? Comment your abstract below, and we can record a YouTube video on it. Gets more reach than a conference talk anyway. And can be used as reference for some CFPs.

himug-lamuh@HimugLamuh

@inf0stache i've got loose plans to post rejected talks on youtube. if they get 50 views, that's a small conf talk anyway.

English

181

19.5K

YSEByy@YSEByy·6d

One of the things that people often fail applying to our team is soft skills or just not being able to say "i don't know". It's way worse trying to pretend you know everything and be hard to communicate with than being an elite h4x0r.

vx-underground@vxunderground

There is this strange phenomena where people new to cybersecurity go way overboard trying to look cool and badass to give the facade of being really technical. I'll tell you something right now. You probably won't like to hear it, but it is important. Nobody cares about: - Your certificates - The conferences you've attended - Your vendor swag - What OS you're using - How many LED's your computer has Here is what your peers admire the most: - If you're polite - If you're willing to admit if you're wrong - If you're easy to get along with If you're just a chill nerd who is nice, easy going, willing to admit when you're wrong, you will go further than the big mean nerd with the galaxy brain

English

YSEByy@YSEByy·1 Nis

@societynotreal I care friend :)

English

society@societynotreal·1 Nis

@YSEByy literally my entire life, have a whole lot of stuff that looks cool but I’m like “yeah nobody will care anyway” and I just close the app lol

English

YSEByy@YSEByy·1 Nis

Sometimes I think I should post more. With that, I have alot of stuff I can talk work wise, security wise and just general thoughts. At the same time, none of it matters so I rarely post anything here anymore

English

YSEByy@YSEByy·31 Mar

Me af. Please make it stop

vx-underground@vxunderground

Cybersecurity nerds this week after experiencing 50 supply chain attacks last week

English

YSEByy@YSEByy·29 Mar

@IceSolst whats your workflow for claude??? share prompts

English

1.4K

solst/ICE of Astarte@IceSolst·29 Mar

Claude is CRAZY here are all my hackerone payouts just from today

English

971

63.4K

YSEByy@YSEByy·28 Mar

@InsiderPhD Sbom analysis is only good for known cves that are days late. The problem here is the trust we put into packages that we import, even more with how much packageslop is going to come out.

English

Katie Paxton-Fear@InsiderPhD·27 Mar

love how we’ve spent years building out SBOM tooling and reachability analysis only for attackers to go “lol what if we just hid the payload in an audio file inside a trusted vendor SDK”

English

1.7K

YSEByy@YSEByy·28 Mar

@IceSolst Hate all of this vibecoded saas that doesnt solve any of this shit. But also glad that what i was thinking about and talking about coming to light in the forefront

English

YSEByy@YSEByy·28 Mar

@IceSolst Wish I was smarter but I even did a small talk about how current tools are already post factum and some things need to check behaviour in regards to supply chain. Not alot of mature stuff for it and even then, how do you determine when it comes to new stuff.

English

solst/ICE of Astarte@IceSolst·28 Mar

I’m so sick of AI comments pitching vibecoded products. In this case they’re pitching their tool to…. TeamPCP the literal attackers Every post I make, I get a bunch of comments like this about some Claude api wrapper “make this secure” ass product

Helixar AI@Helixar_ai

@pcpcats @IceSolst @xpl0itrs the attacker’s budget is irrelevant when your detection is signature-based. $150 or $150M the IOCs won’t match your ruleset either way. this is why we built around intent trajectories, not known indicators. state-sponsored or script kiddie, the kill-chain stages are invariant.

English

134

9.1K

YSEByy@YSEByy·27 Mar

@toshkyo Love adding more for my pile of shame :(

English

Toshino@toshkyo·27 Mar

Amazon just delivered my Blood Angels Intercessors I guess that means that I'm ready to buy more

English

308

YSEByy@YSEByy·12 Mar

@IceSolst Feel like the env has alot to do with it. If you can have a sandbox for internal tooling? Sure fuck it. If its a business critical payment system? Nothing ever.

English

solst/ICE of Astarte@IceSolst·12 Mar

What would make you comfortable auto-merging PRs? No human review. Someone mentioned reaching 100% test coverage but imo that is impossible

English

36.1K

YSEByy retweetledi

Malika 🧬@malikules·11 Mar

when a man has no real achievements like chess elo, viral tweet, niche spotify wrapped he takes pride in useless stuff like salary and career achievements

English

1.7K

15.7K

269.8K

YSEByy retweetledi

sudox@kmcnam1·9 Mar

ZXX

148

842

34.9K

YSEByy@YSEByy·4 Mar

@toshkyo Okay :D i thought you doing security freelance so wanted to learn something there

English

Toshino@toshkyo·4 Mar

@YSEByy All my freelance work is related to media/content creation/video editing and probably vtubbing rigging next year, those are all things that I learn as a hobby and end up making money from it after I get skilled enough

English

Toshino@toshkyo·4 Mar

unironically learning a second skill on my free time instead of gaming is how I started freelancing while having a full time job so I could move from broke to where I'm now, including paying for an apartment instead of renting and now I keep doing freelance because I like money

skum🧊@skumWgmi

STOP TELLING BROKE PEOPLE TO BUDGET. THERE, I SAID IT. YOU CAN'T BUDGET YOUR WAY OUT OF POVERTY. AFTER BASIC NECESSITIES I HAVE $0 LEFT OVER, HOW AM I SUPPOSED TO BUDGET?

English

791

YSEByy@YSEByy·4 Mar

@IceSolst Its very weird going to a conference thinking youre a moron and then listen to the most basic talks on the planet that have no value

English

solst/ICE of Astarte@IceSolst·4 Mar

@YSEByy You’re right, but imo that’s still above average, mostly to highlight how low the bottom tier is

English

866

solst/ICE of Astarte@IceSolst·4 Mar

There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.

English

146

1.6K

174K

YSEByy@YSEByy·3 Mar

lmao

solst/ICE of Astarte@IceSolst

@feross @AquaSecTeam Good tweet but I wish you didn’t use AI to write it, sounds goofy