Steve Campbell

I wish I could get more people to realize that every time you consume information from the news and ANY online source, and feel negative feelings like fear, anger, disgust, etc. and immediately think that people on the other side of politics are (insert nasty names here), you’re being manipulated! The media and social media influencers profit only when they can drive engagement by shock and emotional manipulation. Both sides of the political spectrum are being influenced by half truths and outright lies. It’s only going to get worse as AI makes it easier to manufacture “truth”, or uses skewed information and quotes it as fact. X’s Grok is a great example. After the Texas flood it incorrectly stated that government funding being cut was responsible for the loss of life, before people had to inform Grok of updated information that proved that the weather service was actually overmanned and sent out alerts and warnings of the flooding in advance. It’s amazing to me how many highly intelligent people are easily emotionally manipulated because they don’t question the information they consume. And you’re reading this right now thinking that it’s the other side, not you, that’s been manipulated. Yes, it’s you too! You have zero ability to resist being manipulated when it’s delivered via the dopamine drip in your hand. Open your eyes. Get in the habit of being suspicious any time you feel an emotional reaction to news and social media. The truth is really hard to find and you’ll have to stop using only sources that agree with your world view.

@cyph88 @MicahPW20 @GarandThumb1 They’re using fiber optic cables in Ukraine to avoid jammers.

@MicahPW20 @GarandThumb1 Tech man. These drones are effectively access points flying around at high speeds. Head to alibaba or a more obscure retailer for a jammer, buy a few that cover wider bands. If you are feeling industrious, learn to make one yourself. hackaday, any diy hobbyist site.

After having done training against FPV drones I can say this is a hard no.

After reading far too many comments on Reddit, I’ve come to the conclusion that at least half of all users have some form of mental illness or defect. Example: report says jury found no scheme to defraud yet the thread is filled with calls to prosecute because it’s Elon.

Are your AI agents choking on massive HTTP responses when analyzing Burp Suite data via MCP? 🛑 BurpQL fixes this by providing compact, metadata-first search results and built-in recon commands to save your context window. Check out how to make Burp data actually usable for AI: cylentsec.com/blog/2026/03/1…

@hetmehtaa People

What’s the HARDEST part of a Cybersecurity job? I WANT ANSWERS!!!

@moneyjumpscare @SecVetAffairs You’re full of shit. I’m a 70 percent disabled veteran with real physical limitations from the damage. Vets are not getting 100 percent for stress fractures alone. Maybe in combination with other injuries.

How about people who didn’t even graduate from BASIC TRAINING getting VA benefits…? 100% for “stress fractures” but now working on bodybuilding… Fix the system. Focus on that first. Maybe people who didn’t graduate from basic training should not be entitled to VA benefits because they aren’t veterans. Create another “fund” for them. It’s a slap in the face to those who actually dealt with stuff (that they didn’t even claim, because it was frowned upon), and then you see someone who didn’t even serve get a 100%!

Effective immediately, VA is halting enforcement of the interim final rule, Evaluative Rating: Impact of Medication. VA issued the rule to clarify existing policy and protect Veterans’ benefits in the wake of an ongoing court action. But many interpreted the rule as something that could result in adverse consequences. While VA does not agree with the way this rule has been characterized, the department always takes Veterans’ concerns seriously. To alleviate these concerns, VA will continue to collect public comments regarding the rule, but it will not be enforced at any time in the future. Under my leadership, VA is ensuring that everyone applying for benefits receives everything they have earned as quickly and conveniently as possible. This includes reducing the backlog of Veterans waiting for benefits by more than 60 percent. We will continue these improvements on behalf of America’s Veterans, families, caregivers and survivors.

@Justino_Manzana @braxton_mccoy That’s bullshit or at least a gross exaggeration. I’m 70 percent disabled and have real physical limitations from the damage and I don’t make that much in disability.

@braxton_mccoy I agree, but you can do two things at once, the VA massively overcorrected after rightfully getting heat for not taking care of Vets, and now anyone that separates with shin splints gets 30k a year

If you start stripping VA benefits before deporting every Somali in this country it is not going to play well politically. Don't know who proposed that but you should fire them.

@HackingDave Have you tried warp.dev? A terminal with AI agents built in. You can “warpify” ssh sessions to run agents in remote systems. Also has a cloud agent, “oz”. It’s the best agent I’ve found at running terminal programs, and you can take and give back control at will.

One thing that Claude was historically bad at was remote troubleshooting - I would also navigate to Cursor for that. The latest release, it's hands down awesome - probably cancelling my Cursor subscription now.

@hackerfren 🔥

After A long battle today, I completed all the active Hack the Box Sherlock Challenges. Stay tuned, writeups will be going up on my personal website as the challenges retire and I will continue to make more for new sherlocks. Novitas is an Insane Malware Analysis Sherlock from bquanman with a perfect 5.0 rating. The scenario has you investigating a compromise where a user named Binz received a request to create a 3D model for a client. After downloading and opening the provided files, the system started behaving strangely. Binz deleted the files, but a memory dump was captured to investigate. Your job is to extract IOCs for EDR integration, with the hint that a "novel and sophisticated infection vector" was used. The challenge lives up to that hint. You are dealing with a multi-stage attack that uses legitimate Windows components in unexpected ways. The questions guide you through the full chain from identifying the initial payload and finding processes that should not be running what they are running to locating hidden components that evade standard enumeration, decrypting obfuscated configuration data, and ultimately understanding how the final payload gets assembled and delivered. The difficulty comes from needing to understand not just what happened, but exactly how each stage works internally. Standard tooling gets you part of the way, but several questions require going deeper. Some artifacts do not extract cleanly with default options. Some components hide from normal queries. The final question in particular requires you to think like the malware author and understand the exact data flow rather than just looking for obvious patterns. This is a challenge where surface-level analysis will leave you stuck, and precision matters down to the byte. Strong preparation for real-world incidents involving sophisticated loaders and multi-stage delivery. If you are comfortable with basic memory forensics and want to push into understanding runtime internals, this is an excellent next step.

@SNAFU_Sara Sometimes. But they can also worsen sleep if the mask doesn’t fit well or facial hair interferes with the seal. I don’t use one anymore but I used to wake up with air hissing last my ear or with my throat as dry as cotton and gagging.

Do CPAP machines really make a difference in feeling rested the next day?

My book "Bash Shell Scripting for Pentesters" is currently on sale for $9.99 until January 20th: packtpub.com/en-us/product/…

@eh_pavan @CaidoIO You already can. It’s been that way for a very long time. Read the documentation.

@CaidoIO Hey there i am currently using Caido as my main proxy, but caido lacks more plugin like the plugins are very limited i appreciate if you can add custom plugin feature where a user can add their own plugins and import open-source plugins.

The most common feedback of 2025: "I'll switch when there are more plugins." We spent the year solving that. Along with 29 new plugins (thanks to our community), we shipped: - 10 major releases - Hands-on Labs - AI Integration Read the full 2025 review: caido.io/blog/2025-year…

@Behi_Sec HTTP Request Smuggling. While I understand the basic concepts, applying them is a different story.

Which vulnerability took you the longest to fully understand when you started? It took me a long time to fully understand SSRF 😅

@0xTriboulet I'm moving to my new account at @cylentsec, BTW. This account will go dark after a while. I wanted to stop mixing the personal and professional here to be better able to filter out all the politics and other BS.

@lpha3ch0 I started just aggressively muting people. Highly recommend that strategy Sometimes I wish I had a global “mute” option that worked IRL tbh, but that’s a whole different conversation

I'm starting to remember why I disliked sharing tools and methodology, and recording videos to share. There's always someone ready to shit on whatever you have to say.

I'm starting fresh with a new X handle and website. Please follow me at @cylentsec My new website already has a lot of content posted on AppSec and reverse engineering with much more to come related to RE this year.

If your new-year's goal is to learn reverse engineering and exploit development and publish CVE, check out pwn.college. It's an excellent learning resource. It has it all: video lessons, interactive lab exercises, CTF, and it's free!

@HackingLZ @coffinxp7 That’s exactly what I thought certstream does!

@coffinxp7 Wouldn’t you just use cert stream?

We’re building a tool that monitors crt.sh logs for any domain in real time, 24/7. It helps you spot new subdomains as soon as they appear so you can hunt faster with Discord and Telegram webhook integration. Public release coming soon..

How to configure Binary Ninja for remote debugging of an iOS App Library (The documentation didn't work for this use case): cylentsec.com/blog/2025/12/1…

Solving the 8ksec FridaInTheMiddle iOS reverse engineering CTF: cylentsec.com/blog/2025/12/1…

I recently discovered the Yazi file manager and it’s freakin awesome. As amazing as it is on first discovery, dig a little deeper into the hotkeys and what they can do and you’ll be amazed. yazi-rs.github.io/features