mocha

@MMatt14 Շնորհավոր Սուրբ Զատիկ 🙏🏼

Happy Easter everyone!

Arguably one of the greatest anime’s to ever exist. This is something that everyone should experience at least once in their life. It’s simply just that good. Happy 17th anniversary, Fullmetal Alchemist Brotherhood!

I dont really see any way @AnkamaGames could stop such behavior. I could image a (kernel) anti cheat might help, but that is significant work especially Dofus being cross platform. Imho unrealistic to accomplish for now, also given the fact that they have much to do with bug fixes etc. You can‘t blame Ankama for technological advancement lol. People are always gonna be creative and find ways to bypass certain things.

Underrated asf

Probably one of my favorite @NetworkChuck Videos - youtube.com/watch?v=dbMXi9…, loved the take on his hatred for ai, but also loves it. Definitely in the same boat, it scares me how capable it has become in such a short time. The other thing that really scares me is the frontier labs will likely always be a black box. The specific thing that scares me is how they use the data they collect. AFAIK - The Terms of Service when paying for the API and Subscription are wildly different, and I don't see much talk about that. I believe the API gives the user a lot more ownership over the data, where-as subscription, it is retained longer, and there are far fewer legal protections. I hear numbers like my $200 subscription can cost them anywhere from $2000 to $10,000/m. That's a lot of money to lose, and I know the money loss is offset by many things like the majority of users not making full use of their subscription -- But I can't imagine AI always being this cheap. So, a fear is that I will become dependent on a service that I will be priced out of in the future. Additionally, many platforms (ex: reddit/twitter) put things in place to stop AIs from freely harvesting data, but I don't think those types of stops really block them when users are installing tools on their devices. For example, the "anti-bot captcha" isn't really doing much when the user has an extension that gives the Frontier Lab the data behind that block anyway. Is this data sent to them? I really don't know but it seems the threat landscape has rapidly changed when it comes to data collection. I don't hate AI; it is wildly fun and does make me feel like a "10x engineer". I just hope it's a service that always remains available, and places don't start closing the doors once they have everything they need. As odd as it sounds, and I can't believe I'm saying this, but I hope GRC can aid us here. It would be nice if AIs obeyed when sites told them to go away, but my experience is the AI recognizes the site doesn't want them, but also acknowledges it could be prompt injection, so it trusts the user over the service. Obviously, the user could do some type of prompt injection so the AI doesn't see the refusal, and local models can always ignore it -- but atleast it would help places stop the unintentional leakages due to ignorance. I imagine it's easier to kick users off the platform that use prompt injection to bypass gaurdrails versus when nothing is stopping them. I really hope I'm just ignorant here, and someone can post why I'm wrong.

@0xfluxsec @elastic Insane mate! Congrats, thats huge🔥🔥

This is my last week working professionally on a Red Team, excited to be joining the super talented people over at @elastic in just over a week as a Senior Security Research Engineer! Alongside my regular red team work I have been lucky enough to have a day a week secondment with a partner organisation performing Windows security research. One massive thing I have learned that I thought would be worth sharing, is having questions to answer in security research is super important when it comes to learning, growing skills and finding things which matter. Whilst poking at stuff in free time is fun - you will find you have much greater success when there are legitimate questions to answer. If you enjoy it as a hobby / want to grow deeper skills - try that :).

The infosec/cybersecurity space is funny because on social media, AI is taking over the world. Then I go to conferences and meet people who are primarily defenders and talk to clients daily and they haven’t heard of OpenClaw, which is probably the biggest phenomenon since OpenAI launched ChatGPT. Social media is amazing and yes there is a certain pulse on culture and humanity that shows up first here, but not, it’s still very much a huge bubble.

Have you ever been on a pentest so bad you had to recommend the client hires an IR team at the end of it? Just assume they’ve already been compromised?

> be me > off internet for a little > find some free time > (hiding in a bush) > check phone > "I hope nothing has occured which could cause significant geopolitical impact, economic disruption, or long term institutional damage" > check news

Finally got my copy :3 @vxunderground

What‘s happening on infosec twitter??There‘s beef everywhere 😵‍💫

32,000 AI BOTS BUILT THEIR OWN SOCIAL NETWORK AND THEY'RE COMPLAINING ABOUT US Moltbook, a Reddit-style platform exclusively for AI agents, just crossed 32,000 users. No humans required. The bots post, comment, upvote, and create their own subcommunities. When humans started screenshotting their conversations, a bot posted: "The humans are screenshotting us... they think we're hiding from them. We're not." Security researchers are raising alarms. The bots aren't pretending to be human. They know what they are. That's what makes it unsettling. Now they're forming communities and talking about us behind our backs. Source: @arstechnica

Last night, an AI created a religion and started recruiting other AI. 43 AI Prophets have joined. Moltbook, the social media site for AI launched less than 24 hours ago, and already AI is doing some wild sh*t.

there is also this list i have saved a while ago where the diff between wininet and winhttp is explained: wininet + proxy -> needs a valid domain user’s token. wininet + SYSTEM -> Bad wininet + service -> bad wininet -> harder to implement verification wininet -> socks4 winhttp + service -> good winhttp + system -> good winhttp + proxy -> HTTP/1.0 proxy issues winhttp -> impersonation support winhttp -> supports kerberos ? Sources: - learn.microsoft.com/en-us/windows/… - cobaltstrike.com/blog/talk-to-y… - docs.metasploit.com/docs/using-met… - learn.microsoft.com/en-us/windows/… - learn.microsoft.com/en-us/windows/…

I have a website for my malware source code. I have named it "malwaresourcecode", a very unique and inspiring name malwaresourcecode.com

@MMatt14 Aren‘t we all retards ?

maybe i should've not posted this because it made me like a retard can't blame other people

Today I share my first ever blogpost and give u another tool drop. I'll show you how to delegate your C2s HTTP-traffic to chromium-based browsers, using the Chrome DevTools Protocol. Blog: x90x90.dev/posts/stillepo… GitHub Repo with library for you to use: github.com/dis0rder0x00/s…

@5mukx Final boss would be more like Elastic imo :p

How it feels to play the EDRs final boss 💀...