Jowabels

3.2K posts

Jowabels

@jowabels

They said I couldn't fly. They were right. Like = bookmark.

Katılım Aralık 2016

315 Takip Edilen55 Takipçiler

Jowabels retweetledi

antirez@antirez·6d

Armin, I and many others had this anti dependencies position 10 or 15 years ago (look at Redis...) and I believe we were right given the current state of software. But imagine still not being in our side in 2026, with automatic programming, that makes this position so natural.

Armin Ronacher ⇌@mitsuhiko

Indeed. I pushed for this thinking for most of my career and somehow there was an almost 10 year window where even senior people loved to pretend that the cost of dependencies is free and that the risk of not upgrading instantly is too high. Pure insanity. I’m glad that there is some rethinking now.

English

232

36.4K

Jowabels retweetledi

Florian Roth ⚡️@cyb3rops·5d

A friend told me something in a beer garden in Germany about 12 years ago: “Florian, don’t overthink whether this specific service is exploitable. The stuff is broken. Plan accordingly.” He meant software. Most software looks stable because it runs under normal conditions. Look closer and you find memory leaks, parser bugs, unhandled input, bad defaults, forgotten modules, weird edge cases. Now we have better fuzzing, better automation, AI-assisted auditing, variant hunting, more exploit dev, more eyes on everything. So yes, patching matters. But in a world where every kind of internet-facing software keeps producing fresh RCEs, you also need the boring stuff: 1. Reduce the attack surface - expose fewer services - disable unused modules, plugins and features - don’t publish admin interfaces unless they really need to be reachable 2. Limit the blast radius - run services with least privilege - isolate internet-facing systems - avoid shared accounts and credentials 3. Build visibility and control - collect useful logs - monitor weird errors, crashes and “should never happen” events - keep enough data to investigate later - run regular compromise assessments Assume exposed software is brittle. The stuff is broken. Plan accordingly.

Charles Guillemet@P3b7_

You just patched last month’s Nginx vulnerability that was actively exploited in the wild? It’s already time for a fresh 0-day RCE. The whole world is basically “pwned-by-default”, patching vulnerabilities before they’re exploited feels like a Sisyphean task... 🫠

English

229

25.2K

Jowabels retweetledi

Johan@Adityapandeydev·20 May

your brain is always becoming better at whatever you repeatedly do. that’s why repetition changes people more than motivation ever will. if you spend every day stressing, overthinking, comparing yourself to strangers online, replaying old mistakes, and expecting the worst, your brain slowly starts treating those patterns like home. it begins scanning the world for more proof that you’re not enough, that life is against you, that things won’t work out. the scary part is your brain doesn’t care if the pattern is helping you or destroying you. it only cares about what gets repeated. but the same thing works in your favor too. when you repeatedly choose discipline, growth, gratitude, focus, and belief in yourself, your brain slowly reshapes around those things as well. at first it feels unnatural because your old patterns are louder, but over time your perspective changes. challenges stop feeling like signs to quit and start feeling like part of the process. your mind becomes whatever it practices most. so be careful what you keep giving your attention to because eventually, your thoughts become your reality.

Nicholas Fabiano, MD@NTFabiano

Repetitive negative thinking is associated with cognitive decline. Repetition rewires the brain.

English

1.8K

8.2K

282.7K

Jowabels retweetledi

spencer@techspence·6d

Cybersecurity is easy, get a job as a sysadmin, that's hard

Wes@phishfinding

Cybersecurity got over glamorized bc of social media and ppl are finding out how difficult it can be lol

English

439

54.6K

Jowabels retweetledi

Dino A. Dai Zovi@dinodaizovi·20 May

There are a lot of interesting things for defenders to study and learn from in this full end-to-end attack path. My guess: compromised developer poisons NPM module, which gets used by a VS Code extension, poisoning it. GitHub developer installs VS Code extension, runs infostealer. Stolen tokens used off-target by attacker.

GitHub@github

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

English

14.2K

Jowabels retweetledi

GitHub@github·20 May

English

584

3.6K

11.6K

7.4M

Jowabels@jowabels·20 May

🍊 is so good man, damn

TrendAI Zero Day Initiative@thezdi

That's a wrap on Pwn2Own Berlin 2026! 🏆 $1,298,250 awarded. 47 unique 0-days. 3 days of absolute chaos. And talk about main character energy - congrats to DEVCORE for claiming Master of Pwn with 50.5 points and $505,000 - they never slowed down. See you next year! #Pwn2Own #P2OBerlin

English

Jowabels retweetledi

Nick Frichette@Frichette_n·20 May

@mattjay github.com/DataDog/supply… Install this on your machine, all future install requests to NPM/PyPi will get routed through it. Malicious packages get blocked.

English

154

12.1K

Jowabels retweetledi

GitHub@github·20 May

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

English

1.7K

5.3K

25.5K

13.7M

Jowabels retweetledi

Socket@SocketSecurity·19 May

🚨 BREAKING: Socket is investigating an active npm supply chain attack compromising hundreds of packages in the @antv ecosystem. The malicious publish wave appears tied to Mini Shai-Hulud and packages connected to the npm maintainer account atool.

English

262

1.1K

599.2K

Jowabels@jowabels·19 May

🎯💀

Lisa Forte@LisaForteUK

Literally everyone knows this from like age 6

ART

Jowabels retweetledi

PROFESSOR@SIGMAPROFESSOR·18 May

the hottest and most intelligent way to exist is to take your work brutally seriously and yourself playfully unseriously.

English

24.4K

322.7K

Jowabels@jowabels·19 May

Oh noes think about the "security researchers" they can't write code how they gonna gain recognition and farm LinkedIn likes now

Lukasz Olejnik@lukOlejnik

The Linux kernel security list is drowning in duplicate AI-flagged bugs; same issues, with same tools, but different names of human submitters. Maintainers have now formalized the obvious - AI-found bugs are public by definition. New docs define 5 failure modes for AI-assisted reports: too long, Markdown-heavy, threat model-ignorant, reproducer-free, patch-free. Non-compliant reports risk being ignored. Most AI-flagged issues aren’t even real vulnerabilities anyway. Think: 500 submitters, 1 CVE, 0 patches?

English

Jowabels@jowabels·19 May

FFmpeg something something

s1r1us (mohan)@S1r1u5_

Linux is getting spammed by security vulnerabilities. it is not "slop", we are past that, its different people or organizations finding the same bugs using same models. Linus wants you to send patches and be valuable instead of sending ai outputs.

English

Jowabels@jowabels·16 May

Top of the field!

Orange Tsai 🍊@orange_8361

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

English

Jowabels@jowabels·15 May

🎯

Mason@CardinalMason

The literal #1 most suicidal belief you can have is that you’re an introvert/socially anxious/don’t like people. I was this guy until around 22. Thought I was better than everyone else and actively chose not to be social. Life completely changed when I started interacting with random people and just trying to make them laugh. Opportunities opened up, made relationships with people I never thought possible. Everything was just less dull and boring. Every day was fun for no reason. You cannot be a lone wolf. It’s a mental illness. Life is meaningless without people.

ART

Jowabels retweetledi

Ridgeline Cyber@RidgelineCyber·14 May

The incident response mistakes that turn a 4-hour containment into a 4-day investigation: 1. Resetting the password before checking for persistence. The attacker returns with their own MFA method. 2. Investigating only the compromised user. BEC operators typically compromise a second account within 30 minutes — check sign-in logs for the same attacker IP across all users. 3. Not checking OfficeActivity for the compromised account. The email rules the attacker created are still active. They're still receiving forwarded emails from the account you think you secured. 4. Closing the ticket after containment without checking whether Conditional Access should have blocked the initial sign-in. The policy gap that let them in still exists. Each of these mistakes is a recurring finding. I've dropped the resource link in the comments👇

English

121

5.8K

Jowabels retweetledi

Ridgeline Cyber@RidgelineCyber·13 May

SOC analysts: When was the last time you investigated a service principal sign-in? Most teams never do — because the logs aren’t even enabled by default. AADServicePrincipalSignInLogs is a dedicated table, completely separate from user SigninLogs. Service principals authenticate independently: • No MFA • No Conditional Access (unless you built workload policies) • Zero visibility in normal dashboards An attacker who creates or hijacks one gets silent, persistent access that: → Never shows in user logs → Bypasses all user risk detections → Survives password resets & offboarding → Runs on its own schedule with secrets/certs Critical blind spot. Enable the logs first (off by default): Entra ID → Monitoring & health → Diagnostic settings Check “ServicePrincipalSignInLogs” → send to Log Analytics Then run this KQL: let CorporateIPs = dynamic(["your-corporate-range-1", "your-corporate-range-2"]); AADServicePrincipalSignInLogs | where TimeGenerated > ago(30d) | where isnotempty(IPAddress) and IPAddress !in (CorporateIPs) | summarize TotalSignIns = count(), SuccessCount = countif(ResultType == 0), FailureCount = countif(ResultType != 0) by ServicePrincipalName, AppId, IPAddress, Location | extend FailureRate = round(toreal(FailureCount) / TotalSignIns * 100, 2) | order by TotalSignIns desc

English

143

7.2K

Jowabels@jowabels·14 May

Wtf was that ATO, Pistons??

English

138

Jowabels retweetledi

Nathan McNulty@NathanMcNulty·12 May

@techspence @laplanted24 @magicswordio @ThreatLocker Without changing a single thing, you can create an alert and automate remediation if you wanted They publish queries that pull the latest domain names lists and hunt for you ;) x.com/NathanMcNulty/…

Nathan McNulty@NathanMcNulty

ICYMI, LOLRMM (lolrmm.io) now has SIEM (or XDR) detections as well This is an absolute must have detection query, exclude your actual RMM(s) and alert on any that aren't supposed to be used

English

3.5K

Keşfet

@mattjay @antv @techspence @laplanted24 @magicswordio @ThreatLocker @elonmusk @BarackObama