🛡️ B i f f ³

20.6K posts

🛡️ B i f f ³

@biffbiffbiff

father, cybersecurity generalist, wearer of hats, outdoor junky, nap taker.

internet Katılım Aralık 2008

593 Takip Edilen841 Takipçiler

🛡️ B i f f ³@biffbiffbiff·1d

@SwiftOnSecurity We used to be a proper country

English

🛡️ B i f f ³@biffbiffbiff·1d

@SwiftOnSecurity Am I the only one who uses twitter in following > recents exclusively? I want the raw firehose in realtime without curation 🤠

English

SwiftOnSecurity@SwiftOnSecurity·1d

People thought I was being a needy attention hole when I said something weird was happening with my post visibility 🤷‍♀️

koumdros@koumdros

@SwiftOnSecurity For some reason I am regularly seeing again posts from you, after at least 15-20 months where I doubt I saw a single one. The algorithm gods have blessed you again

English

121

13.3K

🛡️ B i f f ³@biffbiffbiff·1d

@Proton_Pass @lamacodes There is 100% some old guy who purchased Tails on a flash drive in 2015 and hasn't used anything else since 😂

English

774

Proton Pass@Proton_Pass·1d

@lamacodes No-one is daily driving Tor browser; in fact, that's a bad idea.

English

387

11.8K

Lama@lamacodes·1d

Average internet user: Chrome Browser 🤡 Smart user: Brave Browser 🔥 Final boss: Tor Browser 💀 Brave protects your privacy. Tor protects your soul.

English

379

13K

🛡️ B i f f ³@biffbiffbiff·12 May

@DarkWebInformer Spotify looks to be up. Though they did have an outage for a little bit according to down detector 🧐

English

2.8K

Dark Web Informer@DarkWebInformer·12 May

‼️🇺🇸 313 Team is claiming to target Spotify

English

28.3K

🛡️ B i f f ³@biffbiffbiff·11 May

@IAMERICAbooted Agreed. Although Microsoft can't even get Microsoft licensing right😂

English

EZ@IAMERICAbooted·11 May

As long as context windows are a limiting factor, AI will never be able to replace people. Otherwise, its just programming with basic conditional structures. Even THE BEST MODELS cant get Microsoft licensing right or do overall architecture analysis

English

1.4K

🛡️ B i f f ³@biffbiffbiff·5 May

@UK_Daniel_Card Couldn't get into that one but dark forces 2 was 🔥 and still remember most of the cheat codes 😂

English

mRr3b00t@UK_Daniel_Card·5 May

This game was amazing

Dante retro dev 💾@dantemendes

Star Wars: Dark Forces (LucasArts/1995) was among the first FPS to introduce vertical movement, jumping and crouching as core mechanics, made possible by its custom "Jedi Engine" developed by Ray Gresko. An excellent and official SW game that was released originally for MS-DOS PC, Mac and PlayStation.

English

1.4K

🛡️ B i f f ³ retweetledi

Kostas@Kostastsale·30 Nis

RMM hunting is one of those areas where defenders get stuck because the answer is rarely “just block it.” On a day-to-day basis, from the intrusions we see, 𝗦𝗰𝗿𝗲𝗲𝗻𝗖𝗼𝗻𝗻𝗲𝗰𝘁, 𝗦𝗽𝗹𝗮𝘀𝗵𝘁𝗼𝗽, 𝗔𝗻𝘆𝗗𝗲𝘀𝗸, and 𝗥𝘂𝘀𝘁𝗗𝗲𝘀𝗸 are some of the most abused RMMs. All of these can be legitimate. All of these are also regularly abused. That makes them annoying to detect, especially if you work in an MSSP or an environment where remote admin tooling is everywhere. But there is a useful hunting angle here. ScreenConnect is still one of the most common by far. A pattern I’ve noticed recently is threat actors installing multiple ScreenConnect clients on the same host with different profile configurations, each connecting to different domains. That looks a lot like access staging or access resale. The interesting part is that this creates artifacts defenders can hunt for. 𝘐𝘯 𝘵𝘩𝘦 𝘧𝘪𝘳𝘴𝘵 𝘴𝘤𝘳𝘦𝘦𝘯𝘴𝘩𝘰𝘵, 𝘺𝘰𝘶 𝘤𝘢𝘯 𝘴𝘦𝘦 𝘩𝘰𝘸 𝘥𝘪𝘧𝘧𝘦𝘳𝘦𝘯𝘵 𝘚𝘤𝘳𝘦𝘦𝘯𝘊𝘰𝘯𝘯𝘦𝘤𝘵 𝘪𝘯𝘴𝘵𝘢𝘭𝘭𝘢𝘵𝘪𝘰𝘯 𝘱𝘳𝘰𝘧𝘪𝘭𝘦𝘴 𝘸𝘰𝘶𝘭𝘥 𝘭𝘰𝘰𝘬. 𝘐𝘯 𝘵𝘩𝘪𝘴 𝘤𝘢𝘴𝘦, 𝘵𝘩𝘦 𝘱𝘢𝘵𝘵𝘦𝘳𝘯 𝘪𝘴 𝘣𝘢𝘴𝘪𝘤𝘢𝘭𝘭𝘺 𝙎𝙘𝙧𝙚𝙚𝙣𝘾𝙤𝙣𝙣𝙚𝙘𝙩 𝘾𝙡𝙞𝙚𝙣𝙩 𝘧𝘰𝘭𝘭𝘰𝘸𝘦𝘥 𝘣𝘺 𝘢 𝘳𝘢𝘯𝘥𝘰𝘮 𝘶𝘯𝘪𝘲𝘶𝘦 16-𝘤𝘩𝘢𝘳𝘢𝘤𝘵𝘦𝘳 𝘢𝘭𝘱𝘩𝘢𝘯𝘶𝘮𝘦𝘳𝘪𝘤 𝘷𝘢𝘭𝘶𝘦. That is a very useful hunting signal. Red flags: - Multiple ScreenConnect profiles on one host - Multiple ScreenConnect installations - Installs under both 𝗖:\𝗣𝗿𝗼𝗴𝗿𝗮𝗺 𝗙𝗶𝗹𝗲𝘀*\ and 𝗔𝗽𝗽𝗗𝗮𝘁𝗮 - Different configured remote domains - Suspicious or unexpected 𝘀𝘆𝘀𝘁𝗲𝗺.𝗰𝗼𝗻𝗳𝗶𝗴 files The 𝘀𝘆𝘀𝘁𝗲𝗺.𝗰𝗼𝗻𝗳𝗶𝗴 file is especially useful. It exists inside the ScreenConnect installation directory and can expose the domain and certificate information used by the client to connect back to the remote server. This is the main point: Don’t hunt only for the presence of RMM, hunt for RMM drift. Unexpected profiles -> Unexpected paths -> Unexpected domains. Unexpected configs. That is where RMM abuse starts becoming visible.

English

235

27K

🛡️ B i f f ³ retweetledi

Brian in Pittsburgh@arekfurt·28 Nis

Huh. Am I the only one who didn't know that Microsoft makes a tool called EventLogExpert that is supposed to be an improved version of event viewer for IT/helpdesk people? github.com/microsoft/Even…

English

183

892

49.3K

🛡️ B i f f ³@biffbiffbiff·27 Nis

F is for fire

NWS Storm Prediction Center@NWSSPC

11:29am CDT #SPC Day1 #FireWX Critical: portions of eastern new mexico into western texas spc.noaa.gov/products/fire_…

English

🛡️ B i f f ³@biffbiffbiff·23 Nis

@igor_os777 "I don't really like animals" 🤔. I want to leave now

English

Igor Os@igor_os777·23 Nis

ZXX

445

🛡️ B i f f ³@biffbiffbiff·21 Nis

@securityweekly In 20 years I've only had one bios update brick a mobo. Still get nervous lol

English

Paul Asadoorian @paulasadoorian@infosec.exchange

Paul Asadoorian @[email protected]@securityweekly·21 Nis

Every. Damn. Time.

Paul Asadoorian @paulasadoorian@infosec.exchange tweet media

English

571

🛡️ B i f f ³@biffbiffbiff·18 Nis

@SwiftOnSecurity I mean have you seen the guy who's currently ruling us. Idk the machines are looking pretty good these days 😅

English

SwiftOnSecurity@SwiftOnSecurity·17 Şub

The machines will rule us because we will ask them to.

English

245

1.1K

🛡️ B i f f ³@biffbiffbiff·16 Nis

This is just like a normal Wednesday now right? I'm not even surprised anymore 🤣

Yashar Ali 🐘@yashar

Robert F. Kennedy Jr. cut the penis off a dead raccoon, according to a new biography based on his journal entries. Full Story: bit.ly/4sEdYbd

English

🛡️ B i f f ³ retweetledi

John Kraus@johnkrausphotos·7 Nis

Apollo 8 had Earthrise Artemis II had Earthset… and a total solar eclipse. Unreal photograph from the A2 crew - I am blown away.

The White House@WhiteHouse

THE ARTEMIS II ECLIPSE. April 6, 2026. Totality, beyond Earth. From lunar orbit, the Moon eclipses the Sun, revealing a view few in human history have ever witnessed. Photo: NASA

English

355

4.3K

154.6K

🛡️ B i f f ³@biffbiffbiff·2 Nis

@3CX This is probably the worst vendor notice I've ever seen for something security related. What customers are impacted? Is there a vuln? Any IOCs? Any workarounds? Could you be more vague??? 3cx.com/blog/news/ip-s…

English

🛡️ B i f f ³@biffbiffbiff·1 Nis

@cheddar420yolo Moving tweetdeck to a higher level paid plan has caused frustration. We used to be a proper country.

English

118

🛡️ B i f f ³ retweetledi

Aelfred The Great@aelfred_D·26 Mar

𓅓𓂋 𓊪𓂋𓅂𓋴𓇋𓂧𓅂𓈖𓏏…

Daily Mail US@Daily_MailUS

BREAKING: A SECOND Sphinx detected in Egypt as scans hint at 'underground megastructure'

341

19K

187K

4.9M

🛡️ B i f f ³@biffbiffbiff·23 Mar

@IAMERICAbooted That's what you get for being competent 😂

English

🛡️ B i f f ³@biffbiffbiff·23 Mar

@felipelourenco Saw it at Edwards AFB. Quite green broke into a few fragments.

English

Felipe Lourenço@felipelourenco·23 Mar

Just saw a bright green meteor streak across the sky here in Palo Alto. Wild. Anyone else caught that? In just the past week, at least 2 major meteor events were reported across the U.S., including a massive explosion over Ohio and another over Texas.

English

761

🛡️ B i f f ³ retweetledi

no context memes@nocontextmemes·19 Mar

ZXX

7.3K

68.6K

597.3K

Keşfet

@SwiftOnSecurity @Proton_Pass @lamacodes @DarkWebInformer @IAMERICAbooted @UK_Daniel_Card @igor_os777 @securityweekly