Jay Beale

Excited to teach #Kubernetes Attack & Defense @#BHUSA in Aug (@bhevents)! The class is >50% hands-on, w/ step-by-step labs. Students get computers to keep w/ CTF VMs & K8S cluster to #hack, win flags & break attacks. Come join me & the @InGuardians crew! #0-day-unnecessary-attacking-and-protecting-kubernetes-linux-and-containers-45335" target="_blank" rel="nofollow noopener">blackhat.com/us-25/training…

“I spend all day, every day, looking at folks who misuse our models and our products. I want to walk through all of you what I've been seeing on the ground and how this has changed in the past year.” - Jacob Klein, @AnthropicAI's head of threat intel at the @SANSInstitute AI Summit. And then came the heartburn line: “Almost everything I’m walking through can be used by a defender as well.” He’s right. Defenders can point AI at endpoints at scale, code at scale, vulnerabilities, and SOC signals. Every serious defender already knows the list. The hard part is the operating reality: usable data, investigations that don’t depend on manual glue work, remediation that moves fast enough, and AI you can actually trust. What makes this a tougher sell is the reliability of the tools in our hands right now and our own skill gaps. And consider: we still get to watch some of this play out in the open. That window closes as attackers move to their own private tooling and infrastructure. The only way we get ready is by starting now: working on our own skill gaps, building muscle with the tools we have, stress-testing them in real environments, forcing the workflow changes that make AI for defense operational. Work on this directly with us: Find Evil! is live. Protocol SIFT is what happens when you wire an AI agent into a forensic workstation full of trusted tools and tell it to behave. It's an early capability with real outputs, failure mode. Join our community effort to make it something defenders can deploy. 42 days to enter. An incredible 2,500+ builders and teams are in as of today. $22K in cash prizes. Sponsored by SANS Institute. findevil.devpost.com (You'll have to hear Jacob's full talk and the fireside chat with Bruce Schneier and Anne Neuberger: Are tech companies the new SOC? Check it out on the SANS Institute YouTube page.) Curious what you think. (And if you've entered in the hackathon?) #AIsecurity #cybersecurity #vulnops

The ever awesome @NielsProvos dropping knowledge. Vulnerability research with AI is an orchestration thing not a model capability thing at this point. Echoes my sentiments that winning here (defense v offense) is a question of tokens, agents, agility. provos.org/p/finding-zero…

32 years ago today I registered the @L0phtHeavyInd class C. I got the email from ARIN, sent the class C address to our ISP, then got the first packets routed over our 56K modem to our 486 linux box. When those first packets come through the whole room exploded with chants of, "We on da backbone!" Then came one of the first hacking resources on the web, shell accounts, a bbs, webcams, and lots of shenanigans. You can see an archive of the website here: gbppr.net/l0pht/l0pht.ht…

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

I finally managed to write up some memories about my recently deceased and very dear friend, Felix 'Fx' Lindner. #Halvar" target="_blank" rel="nofollow noopener">phenoelit.de/fx.html#Halvar

@HackingLZ Most definitely.

Think about the red teams you respect most. Now think about how they actually breach mature environments with strong stacks and strong defenders. It's almost never a memory corruption 0day. It's abuse of functionality.

Send me one and ill put it in my hackervan and put kubernetes on it grahamhelton.com/blog/jia-van

@thedawgyg How many were signed vs unsigned int issues?

They spent $20k finding their bugs, while I spend less than $1000 on my fuzzing setup and found alot of the same bugs (several in their announcements i found and have in my 'to report' docs since they werent exploitable beyond DoS). i havent found 'thousands' but i have found nearly 1000 since December. And the VAST majority that have been found with AI and fuzzing are Null Ptr Derefs. and as mentioned, they are almost never exploitable on modern systems since memory at 0x0000000 cant be mapped to anything anymore. (it cant with like +8/16/32/64 offsets either, i forget what the first usable spot is but its not anywhere near a null ptr deref location). Mythos might be good at finding bugs, but it is not finding things that would set the internet on fire in most instances. im sure they found some nice bugs in their thousands, but most of them would be DoS impact at absolute most.

Oh for the love of keyboard gods! I <3 my Mac MBP, but the low travel keyboard sucks ergonomically. Should I use Karabiner to shut it off when Bluetooth is connected, then design & 3D-print a carrier for an ext keyboard? Or switch to a laptop with a premium keyboard? Which one?

An Expedited Strategy Briefing on Mythos, Glasswing, and building a security program for what comes next, by 250 CISOs, and the wider community. It is still a draft, with some design incomplete, but we felt it was imperative to release. Link: labs.cloudsecurityalliance.org/mythos-ciso/

BUT MYTHOS IS GUNNA BREAK DA INTERNET... yeah but no but yeah: labs.cloudsecurityalliance.org/mythos-ciso/ been a fun weekend working on this along with so many epic people.

Friday afternoon @gadievron says "I'm working on a CISO community document for Monday. Want to collaborate? Releasing Monday." I said "Sure." (I have a problem with that word.) @AnthropicAI had dropped Mythos on Monday. @cloudsa is running an emergency CISO Zoom on Tuesday. @SANSInstitute was already building BugBusters this Thursday with Ed Skoudis, Joshua Wright, and Chris Elgee. The entire community was asking the same question: what do we actually DO about this? Three nights later we have a 30-page strategy briefing with 60+ contributors. "Sure" turned into barely sleeping Friday, Saturday, Sunday while @gadievron and @rmogull dragged this thing into existence. (My son checked to see if I was still breathing around hour 40. I think he was mostly concerned about if Uber Eats delivered Five Guys yet.) The contributing authors list reads like someone raided a cybersecurity hall of fame: Jen Easterly, Bruce Schneier, Chris Inglis, @philvenables, Heather Adkins @argvee, @RGB_Lights, @sounilyu, @jimreavis, Katie Moussouris @k8em0, Jon Stewart, Maxim Kovalsky, David Scott Lewis, Joshua Saxe, John Yeoh, Ramy Houssaini and James Lyne. Every single one said yes within hours. Cloud Security Alliance @cloudsa, @SANSInstitute, [un]prompted, @OWASPGenAISec -- four organizations that don't usually build things together at this speed. This is the start. SANS reviewers who showed up: Chris Cochran @chrishvm, @edskoudis, Viswanath S Chirravuri @vchirrav, @bettersafetynet, Ciaran Martin Thursday @edskoudis, @joswr1ght, and @chriselgee stop talking and start showing. Live AI-assisted vulnerability discovery against real code. No slides about the future. Terminals and bugs. (The kind of demo where something breaks and that IS the point.) Full reviewer list is in the doc. If you know someone on it, send them a note. They earned it. But an even bigger thank you -- seriously -- from the entire cyber security community needs to go to @gadievron for once again bringing the avengers together -- like in Endgame (is that what Mythos is?) -- and you all know the scene -- but we need someone to create the meme with Gadi Evron with his shield and Mjölnir saying "Avengers..... assemble!" because that is exactly what he does. A lot it seems. Read it: labs.cloudsecurityalliance.org/mythos-ciso Going to sleep now. Setting my alarm for Thursday. (Not joking.) #CyberSecurity #AISecurity #SANSInstitute

@Grifter801 @BlackHatEvents @joegrand @thedarktangent @charlvdwalt @RoelofTemmingh @m8urnett @tomwparker We need a reunion dinner!

Syngress Authors Dinner, Black Hat USA 2004. - #BlackHat @BlackHatEvents #hackerthrowback (L to R)Ryan Russell, Joe Grand, Mark Burnett, Tom Parker, Jeff Moss, Paul Craig, Roelof Temmingh, Jay Beale, Andrew Williams, Neil Wyler, Charl Van der Walt, Tim Mullen. @joegrand @m8urnett @tomwparker @thedarktangent @RoelofTemmingh @jaybeale @charlvdwalt

this is actually insane > be tech guy in australia > adopt cancer riddled rescue dog, months to live > not_going_to_give_you_up.mp4 > pay $3,000 to sequence her tumor DNA > feed it to ChatGPT and AlphaFold > zero background in biology > identify mutated proteins, match them to drug targets > design a custom mRNA cancer vaccine from scratch > genomics professor is “gobsmacked” that some puppy lover did this on his own > need ethics approval to administer it > red tape takes longer than designing the vaccine > 3 months, finally approved > drive 10 hours to get rosie her first injection > tumor halves > coat gets glossy again > dog is alive and happy > professor: “if we can do this for a dog, why aren’t we rolling this out to humans?” one man with a chatbot, and $3,000 just outperformed the entire pharmaceutical discovery pipeline. we are going to cure so many diseases. I dont think people realize how good things are going to get

HOL UP

We can disagree on many things but dismissing this as a skill issue of kubernetes admins is absurd and insulting. Software that is the backbone of most major cloud infra deserves more scrutiny not less. All points were already addressed in the disclosure reddit.com/r/kubernetes/s…

@GrahamHelton3 I’m so impressed with the work you’ve been doing in this space, Graham. Keep pursuing your passion!

@jaybeale Thanks for all your help @jaybeale!!!

@GrahamHelton3 ‘s discovery is important to understand. Check this out and follow him for his future and past work!