noisyloop

You don't need a course. You just need to buy the idea of a job (just over broke).

@techspence I see basic ones just browsing these days.

Zero days are both the best and worst thing for security. The best becuse it gives awareness for serious issues within technology systems. The worst because in many cases it’s turned into marketing slop and clout chasing. The incentives to find zero days is high, but the incentives don’t always help organizations be more secure.

@syntaxish I only followed one CISA account then yours. Seems good enough.

@noisyloop My posts are just as useless as CISA's soooo pick your poison lmao

Honestly the quality/age of information might be better from a non CISA acct 🤣

@sec_hub93028 What if you build a huge one that the threat model goes up?

“Build your network before you need it” Can’t stress this enough.

Creating a new version of cPanel for learning. You can just gamify things yourself and watch every cert video ever. What do you recommend? Assume I am a noob that needs a handler. I am going to break / fix my own cPanel in a VM.

@ZackKorman No joke, yesterday I read your page and thought you had an embroidery business and maybe just sick of bad sec, but this is pretty interesting. Glad I hit the follow button.

Time to explain what Embroidery does: We monitor AI agents like Claude Code and Codex to detect and alert on dangerous behavior. Companies are giving devs access to these tools, but if something bad happens they probably wouldn't know. Details on how it works below.

@ZackKorman Vanta too?

I see a lot of stuff about Vanta today, so let me throw some cold water on that: Vanta recommends an audit firm, Advantage Partners, whose entire management team consists of former Vanta employees. The compliance automation industry is so broken.

@vxunderground If this is true then I should get 21 gov domains asap and slap Wordpress on them and go ham on the HTML. Oh, now it all makes sense.

> new cpanel cve thingie > proof of concept released > neat > check on internet degenerates > tons of united states gov thingies compromised > tax places compromised > another day of internet schizophrenia

If cyber is about purity then I have never seen a real bug clog up a machine's consciousness.

Signal over noise, or noise over signal?

@sec_hub93028 A redirect could encrypt all. Then ask for a trillion. Even if they don't want a trillion.

What is the maximum damage an attacker can cause with HTML injection?

@vxunderground You didn't miss anything. That's it. I did the math. There's 3 cats missing though.

I've been extremely busy. Haven't been able to malware as much. Here is what I saw: - Linux security nerds big angry at some dude named Eric because he has been ignoring security things, or something, I don't know. Some drama about CopyFail and some Android stuff - cPanel CVE destroying normies, botnets, compromises, spam spamming stuff - Google not wanting to bug bounty as much because of AI slop. Bug bounty nerds throwing hands everywhere - A bunch of nerds arguing about the WeezerOSINT guy, saying he's a criminal, others saying he is cool and badass - A bunch of nerds angry at the Lunduke guy - Will Dormann going ham sandwich on CopyFail - More updates on those dorks who were in ALPHV but also cybersecurity negotiation people, they're cooked - 15 year old arrested for cybercrime in France (stuff with Breached, I guess, I don't know). - Everyone yapping about Fast16 still - China tests spooky deep sea oceanic internet cable cutter thingy - More NPM malware - Apple Claude md thingie oopsie doopsie Did I miss anything?

When write ups? My machine is from the 60's. I am posting via some wire. You have encountered a time traveler.