Justin Elze

@HackingLZ You post this every time I mention cranberry juice 🤣 And this reminds me I gotta watch this movie with my kids.

Jose Cuervo gold and cranberry juice.

@roguekode youtu.be/yicP7ZEEz1k?t=…

@NotMedic CPAN APOCALYPSE

@cisonaut @vmiss33 For example is use like $2000+ a month if I paid API rates but I pay for a prem seat so I don't

@cisonaut @vmiss33

Serious question - if I'm consuming something like Claude or Chat GPT on the enterprise level - is the experience the same as it is for us randos on the internet? Do models randomly start acting funny? Are there quota / session limits? Do I just randomly get the new thing rolling out without warning? Very curios about the enterprise experience with these platforms.

@cisonaut @vmiss33 I didn't mean you couldn't sign in with oauth/etc just the pricing model isn't the same.

@cisonaut @vmiss33 Claude code pricing in enterprise is still API rate though? Not usage windows?

We can't lose cheap subsidized tokens yet I gotta let this stuff rip across more network appliances 🤠

I don't hate this x.com/__mharrison__/…

@IceSolst That’s so good someone put a sales pitch in there 🤣🤣

I’m so sick of AI comments pitching vibecoded products. In this case they’re pitching their tool to…. TeamPCP the literal attackers Every post I make, I get a bunch of comments like this about some Claude api wrapper “make this secure” ass product

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector. Check it out at rapid7.com/blog/post/pt-m…

Random watch of the day with lolz youtu.be/KPtIx5ZFSOY?si…

@MosheTov @ramimacisabird I’m also looking!

@HackingLZ @ramimacisabird Hey! I saw the GitHub repo Is there any chance you have a copy of the ringtone.wav and hangup.wav payloads for analysis?

If anyone needs this but @ramimacisabird has a better thread here x.com/ramimacisabird… github.com/HackingLZ/teln…

Big thanks to @mrgretzky for a great stream on the latest in MFA bypass attacks with Evilginx and Phishlets 2.0! Each time web developers come up with new ways to secure things, Kuba is right there to find a workaround! You can watch the recording here: youtube.com/live/eeauoOYUw…

⚠️Security Notice — Python SDK Two malicious versions of the Telnyx Python SDK (4.87.1, 4.87.2) were published to PyPI earlier today. Both were quarantined within 6 hours. This is part of a broader supply chain campaign affecting multiple organizations. Telnyx platform and APIs were not affected — this was limited to the PyPI package. If you installed or upgraded between 03:51–10:13 UTC today: downgrade to 4.87.0 and rotate any secrets on that machine. Full details and IOCs: telnyx.com/resources/teln…

🤣

sigh

I've had a concerning trend start to pop up during Purple Team Engagements, where analysts tell us, "The AI said everything is fine." That sentence is a huge problem. Seeing Teams devolve from Hunters to Prompters won't lead to anything good.. So I wrote a quick post on how teams are trading instinct for prompts, and what it's costing them. 🔗 scythe.io/scythe-labs/bu… #cybersecurity #ThreatHunting #purpleteam

Unpopular opinion: there are no real AI agents in production today. What we have are automation scripts with an LLM in the middle. Chained API calls with a probabilistic router. Very fast, very capable macros. And someone pressed a button to start every single one of them. The entire AI governance conversation is being built on a seven-year belief gap, the distance between what AI can actually do and what people believe it can do. We're writing policy for a threat model that doesn't fully exist yet. The deterministic rails argument? Architecturally incoherent. If your rails are tight enough to actually govern the LLM, you didn't need the LLM. If they're loose enough to let the LLM breathe, your governance isn't governing the thing that matters. The real agentic problem, systems that initiate, adapt, and act without a human in the loop, is coming. Fast. But most of the governance frameworks being built today won't survive when those agents arrive. The first to build an non-transformer AI model architecture that is natively governable wins the agentic race. Nobody has done it yet. #AgenticAI #AIGovernance #EnterpriseAI #LLM #FutureOfAI chrishood.com/we-dont-have-a…

CTRL: a new piece of malware that has a ton of functionality including locking the victims computer using Windows Hello and forces the victim to provide valid credentials to maintain persistence or perhaps for subsequent lateral movement.