Jacob Krell

My first whitepaper was just published! I would love it if you can give it a look and let me know what you think. Agentic AI has certainly been a massive force multiplier for myself when it comes to preforming cybersec work and solving challenges. There are massive changes on the horizon in this industry, and some hard questions for CTF platforms and certification organizations in particular to grapple with. It was rewarding to back up my thesis that AI has reduced solve times with statistical analysis and datapoints. I firmly believe that we are going to see a trend of operators moving more and more into the systems architect role and shifting execution to the AI agents themselves. infograph.venngage.com/pl/MifTplDvNc?… if you are interested in the entire paper you can find it below: suzulabs.com/suzu-labs-blog…

@L0rd5ud0 issa.org i think it was like 50 a year for a membership? def paid for itself that's for sure hahaha

@hackerfren Hook me up man😂😂 Interesting review tho, will find time to read it

I recently had the opportunity to beta test SANS SEC301: Introduction to Cyber Security and sit for the paired GIAC Information Security Fundamentals (GISF) certification exam. I came away highly impressed. The course delivers a broad, well structured survey of the cybersecurity landscape across five sections and 34 modules. It covers risk management, compliance frameworks like NIST and ISO 27001, cryptography and PKI, identity and access control including SSO, MFA, and Passkeys, networking fundamentals through Zero Trust Architecture, offensive topics like social engineering, malware, wireless attacks, and MITRE ATT&CK mapping, and wraps up with web security, cloud security, IoT/OT, and AI in cybersecurity. What stood out to me was how current the material is. Dedicated coverage of AI generated malware, deepfake phishing, and Zero Trust Architecture shows this course was built for today's threat landscape, not a recycled version of yesterday's curriculum. Instructor Rich Greene was exceptional. Clear, confident, and engaging delivery that made it easy to stay focused across 30+ hours of content. I also appreciated having both a high quality physical course book and video instruction, with thoughtfully designed labs that encourage critical thinking over rote commands. The GISF exam is open book, 75 questions in two hours, and tracks closely to the course quizzes and practice tests. My advice: build a solid index in your course books and use your time to verify answers. I scored well enough to be invited to the GIAC Advisory Board after about a month of learning, though I should note I already hold the CISSP and CompTIA SecurityX. SEC301 and the GISF leans intentionally toward the academic and conceptual side of cybersecurity. It sits neatly between a CompTIA Security+ and a CISSP in terms of scope, and serves as an excellent launch point into specializations like penetration testing, incident response, or cloud security. If you are entering cybersecurity, pivoting from IT, or formalizing foundational knowledge, this is a strong place to start. I wrote up a full section by section breakdown, exam tips, and comparisons in detail on my site. Read the full review: jacobkrell.com/writeups/learn…

@L0rd5ud0 Big true. I got it through ISSA giveaway :P

@hackerfren But SANS certs can drain even money I am yet to make😂😂

@Jr0dR87 Kill it! That’s already a ton of weight lost!

Working on losing some weight. I have a goal to drop around 30 pounds before Defcon. So far I've lost 16. Today felt pretty good.

@cheddar420yolo You just made my night dude hahaha. Freaking awesome Cheers

I know Phil W's "Follow them Friday" is technically tomorrow, but it's tomorrow in New Zealand and Oz, so be sure to follow @hackerfren on here and on LinkedIn for pure motivational energy.

@L0rd5ud0 Hahaha that’s why I wrote a white paper 🤣 And I’m still rambling about it

@hackerfren I agree with you 💯 buddy.. Those sentiments are totally agreeable and I share the same. Ideally the blog would hv become a long ramble if I had all that....

Blog Update! Why chasing scoreboard positions misses the point and how AI is forcing us to confront what CTFs actually measure.. Thanks @hackerfren for allowing me to reference your whitepaper. blog.lordsudo.com/posts/ctf-vs-a…

I’m glad you brought up the crypto example in your post, that is a perfect encapsulation of the issue. It reminded me of all the quantum challanges that were launched….. let’s just say I solved pretty quick, and certainly am not going to claim I am an expert in quantum mechanics. They were excellent learning resources, and it took me from no quantum knowledge to to at least understanding the basics. But they were very poor as far as competitive “games”

Wonderful post! Glad my research was helpful. The big issue I have personally that is extremely black pilling: If the ai can do it, why am I learning it. It’s like learning how to research in a library when you have google. Operationally when money time and objective is all that matters, what value does someone have that actually knows why somthing works the way it does as opposed to someone that knows how to work the ai enough to get the task done. Imo the most important thing to learn is how to use the ai to get the task done. Economics of scaling and all that. Solve the problem once but solve it forever. Plus it’s like a calculator, I know how to do long division, but I’m not going to do it every time. I kno how to reverse, but i would be damned if I said it did not scale better giving the ai a ghidra mcp and having it make a full function map and list interesting jmp instructions and compares and stuff for me Einstein had a quote about not bothering to remember things that can be simply looked up. And the majority of operational cybersec is simply looking stuff up and applying it (at least in my exp) There are very few that are actually finding zero days and architecting platforms. Idk just some morning rambling I guess as every day I see another company getting 10s of millions in funding to automate another job title out of the industry.

@tetsuoai My fav part is fully designing somthing. Then 2/3 thru while testing realizing there is a scaling problem and redoing the entire architecture. Damn ai coding, idk what a scope even is anymore…. lol

UML diagram = 2 hours swimlane = 1 hour sequence diagrams = 1 hour vs. debugging spaghetti you wrote at 2am because you "had a vision" = your entire Q2

I had the pleasure of beta testing the GIAC Information Security Fundamentals (GISF) exam and associated SANS training over the winter and am now a part of the GIAC Advisory Board! A full review of the course and certification will be coming soon, so be on the lookout for that. Overall I would put the GISF between the Security+ and the CISSP in terms of content depth and difficulty. I was very impressed with how up to date the topics were.

@Bugzer290917 Thank you!

@hackerfren Amazing website design 🔥

This weeks retiring Hack the Box Sherlock writeup was a fun exercise in network packet analysis. Packet Puzzle: Reconstructing a complete attack chain from a single PCAP file - when port scans lead to PHP exploitation, reverse shells, and failed privilege escalation attempts. A junior security analyst at a small Japanese cryptocurrency trading company detects suspicious activity on the internal network. A PCAP file containing 115,166 packets is exported for investigation to determine whether the environment is compromised and to reconstruct the attacker's actions. The PCAP reveals a complete attack chain: port scanning from 192.168.170.128 discovers 8 open ports on the victim system (192.168.170.130). The attacker exploits CVE-2024-4577 (PHP CGI argument injection) on PHP 8.1.25 running in CGI mode, establishes a PowerShell reverse shell as user "cristo", downloads netcat and GodPotato privilege escalation tools, and attempts privilege escalation that fails due to a file path error. The attack timeline spans approximately 6 minutes from initial reconnaissance (09:45:27 UTC) through the failed escalation attempt (09:51:43 UTC). Analysis uses tshark and capinfos from the Wireshark suite to identify SYN scan patterns, follow TCP streams for HTTP exploit payloads and server responses, reconstruct the reverse shell session, and correlate timestamps across attack phases. jacobkrell.com/writeups/ctf-w…

@TIE__SUN Depends on how over written it is. If it’s literally not there anymore it can’t be recovered. Very often it will not full overwrite though, and I’m sure there are some fancy math tricks to “guess” what the rest of the data is based on what is there.

@hackerfren Suppose you delete a media file or any file from your phone, trash, cloud, Google Photos, etc., and then upload some junk data to overwrite it and protect the deleted data. Based on your experience, do you think it could still be recovered?

Its that time of the week again folks, another HTB Academy learning module down, this time the last one in the Android Application Pentesting track! "Excellent module for real-world Android forensics. Covers Autopsy and parsing backups to uncover SMS, chat logs, deleted files etc. Also teaches safe rooting to extract forensic images. Practical, hands-on training for applicable skills."

@yacineMTB They are. The tech is there. its a systems engineering problem controlling the attention of the underlying agents. not a capabilities issue. If the underlying models are trained on the cybersec courses, all defcon talks, every malware sample ever, The model can recall the info

This would mean that they are legitimate cyberweapons btw

this poast has made some clankers big big mad/sad read replies for a chuckle

@Cyberipman Very interesting. I did not know what that was. Red hat over here making some fancy stuff.

@hackerfren Or even deeper (Openshift) which is what I'm doing!

Alright guys I admit I've had my head in the sand for the past 10 years and have now officially started building shit with docker-compose

@Cyberipman You can go even deeper! ( Kubernetes scares me personally lol )

@hackerfren Thank you Jacob