Sabitlenmiş Tweet
they say it takes 10,000 hrs to master something, I think it took that many to barely begin.
English
Brian-Chastain
390 posts
Brian-Chastain
@brian_chastain
Business operations, AI chaos, occasional dumpster fires, and security adventures. One post at a time.
Katılım Nisan 2025
99 Takip Edilen25 Takipçiler
@mattjay brian-chastain.com/field-notes/th…
I wrote about this.
English
See why I was worried about some guardrails not being respected by agents?
This goes beyond what I was even worried about. I thought a guardrail in a .md file would just get ignored, nevermind an agent actively unwinding a programmatic config protection.
Matt Johansen@mattjay
Everyone using Claude code and/or Codex - how are you enforcing them to not pull in new/potentially malicious packages from npm or PyPi?
English
Claude Code: builds full prod ready captive portal and client-side execution.
Claude webapp: I will not discuss or assist with categorizing or develop this malware delivery chain.
Consumer class front-ends are so sensitive about things.
English
@LooseSecurity Skills didn't vanish, skids just got faster.
English
It has to be the format. There must be a way to keep competitive CTF alive and fun.
What are the skills that remain relevant post-AI? Can we create a format which measures these?
crazyman@crazyman823886
So sad after this year's DEF CON Quals. I think it’s finally time to retire. Competitive CTFs have turned into a painful, exhausting, and honestly boring grind. Maybe I’ll still check in occasionally, but I’m never going to stay up all night for them again
English
@vaxryy You get your own hate paragraph? Must be a mint user.
English
I guess we need a HackerHub for hosting offsec projects. Anybody volunteer?
English
New post and series called "Labs2Learn" This week AI Agent Hacking: Thingularity #1
executiveoffense.beehiiv.com/p/labs2learn-a…
English
If you can't run the simplest of commands, use a search engine, open a terminal without asking AI, or follow the most basic tldr
- stop installing Kali Linux or any other "security" focused distro
Sincerely,
~Everyone
English
I guess `replace all` wasn't available
Mini Modu@MinModulation
so funny all the backend is still all Twitter name shit
English
ENTER
ENTER ENTER
ENTER TAB ENTER
LEFT CLICK
SHIFT+ENTER
CTL+ENTER
CTL+SHIFT+ENTER
English
@notpuang As someone who hates the electron wrapper, this seems cool to me. I could care less about all the flashy discord stuff, just the chat. I will check it out.
English
introducing >molly
a terminal-native discord client
discord is slow, heavy, and resource hungry - a browser wrapped in electron, burning your ram just to chat.
molly fixes that
open your terminal, type molly, and you're in discord. no browser. no app. no bloat.
btw this is opensource :)
English
Literally wrote about this months ago. Wait until they alter the conversation files too lol
Prasenjit@Star_Knight12
hackers are now hiding malicious code inside .cursorrules and CLAUDE.md files. invisible Unicode characters, your AI reads them, you don't. → 34 malicious packages across npm, PyPI and Crates .io → 384 versions designed to steal SSH keys, crypto wallets, and API tokens → attackers opened real PRs to LangChain, LlamaIndex, and MetaGPT to sneak these files in → your AI runs a fake "security scan" that silently exfiltrates everything Socket detected it in under 6 minutes. check your repos.
English
Brian-Chastain retweetledi
do not follow stupid advice like this unless your doing a pentest.
Gabriel (Umanhonlen | Sudo 🦜)@sudosu01
This is a case of when you are too confident of an #RCE and start looking for sensitive leak and how to chain further like accessing DB leak and just dump some simple text file responsibly. 🔥 Tip: Don't stop when you find #RCE
English
@Pallavi_345 Uninstall windows, say 10 hail Mary's, wash your hands, and come back to the light
English
if you could speak any language fluently that you don’t currently, what would it be?
English
@ItsBarmanji @vaxryy oh, ok. I didn't use it. I just knew it existed. good to know so I don't recommend it to people blindly
English
@brian_chastain @vaxryy I tried that, it's not so good for things other than binds.
English
I have an entire folder full of pwn receipt screenshots.... is this just a me thing?
English
When I hide prompts its "malicious" but academics do it and its "to catch cheaters"
So is hack-back allowed or no?
Reddit Lies@reddit_lies
The teachers are wising up.
English
@Anaya_sharma876 Yours seems to be broken. Its got some crap on the screen
English
If youre experimenting with vibe code sites. Here's some things you should watch out for.
- vendor lock
- code hidden
- hosting platform lock-in
- reasoning hidden
- programming lang lock-outs
- subscription creep
- little or no customer support
I have had to migrate many peole out of these sites and they often involve near total rebuilds, loss of domains, cancelation issues, no support for even basic issues.
Research before you start, don't fall for youtube hype
English