Packets don’t have politics
TCP handshakes don’t care about borders
English
packet priest
150 posts
packet priest
@packet_priest
payload pimpin’ network theurgist red team alt account
dynamic Katılım Haziran 2025
350 Takip Edilen16 Takipçiler
Huge thanks to @Giveth for having us in the Ethereum Security QF Final Project Showcase 🛡️
Today is the LAST DAY to donate and every donation is matched!
The projects in this round are building the security layer Ethereum runs on, and W3OS is one of them, bringing free practical and accessible OpSec tooling to web3 teams that need it.
If you believe in a safer web3, now's the time to act 👇
W3OS: giveth.io/project/the-we…
Full round: qf.giveth.io/qf/ethereum-se…
English
HELLS ANGELS H1B’s?!
FBI Sacramento@FBISacramento
Founder of the Hells Angels-affiliated "Punjabi Devils," attempted to sell several illegal weapons to an undercover officer then skipped court, and booked a one-way flight to India in an attempt evade his charges. CBP notified the #FBI. Agents arrested him at SFO. Yesterday, he was sentenced to 64 months in federal prison. justice.gov/usao-edca/pr/f…
Deutsch
packet priest retweetledi
For the past 2 months, XBOW has been testing Mythos Preview under embargo as part of a select early-access group.
Today, we can finally share what we found.
The headline: Mythos Preview is a major advance. It is substantially better than prior models at finding vulnerability candidates, especially when source code is available.
But it’s not perfect. We surfaced issues with exploit validation, judgment, and efficiency.
Our full write-up covers where Mythos Preview shines, where it still needs support, and what we think this means for the future of offensive security: bit.ly/42zQl98
English
Attackers are deliberately shaping payloads to fit the huggingface naming conventions. Ai agents will get pwned, along with users.
Hide yo kids! Hide yo wives! PyPl packages pwning everything
Microsoft Threat Intelligence@MsftSecIntel
Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments. The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran. To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.
English
@DevDacian Tell that to the 32 points I’ve dumped into carpentry 🪚
English
Looking back on this post in light of recent on-chain events, instead of finding honest work like plumbing jobless auditors turned to the dark-side by actively attempting (sometimes successfully) to exploit live protocols.
Watchmen became wolves. Very sad to see.
Dacian@DevDacian
Easy money mostly gone in auditing. Many skilled auditors w/great portfolios looking for work + tons of new firms => more competitive market than ever, hence recent ambulance chasing / grave dancing. If you haven't made it already, consider pivoting to AI or learn plumbing.
English
I actually love how disturbing AI-generated svg's are
Auditware@audit_wizard
New facelift to the multisigmonitor repo! Marketing asked our CTO @forefy for a logo We were going for "trustworthy multisig monitor" He delivered a purple octopus with demonic red eyes clutching security padlocks on its tentacles that stares into your soul 🐙 Everyone warns about non-techies using AI dangerously. Nobody warns us about CTOs using it for design.
English
packet priest retweetledi
Sharing the Obsidian vault for all the ETH Security Projects / Donors in the @thedaofund QF round
Have fun!!
github.com/Auditware/ETHS…
English
packet priest retweetledi
Distillation attack on Matlab so we can finally b finished with the gui forever?
English
I’m excited to announce the inaugural CrowdStrike Day Zero 2026 Threat Research Summit, an invite-only event for researchers, defenders, and cost-imposing warriors on the front lines of cyber conflict.
Day Zero will showcase cutting-edge technical work, advanced research into adversaries and technology, and foster the kind of discussion that challenges assumptions and sharpens ideas.
CrowdStrike researchers are already submitting their ideas. The Call for Papers (CFP) is open, and these sessions will be closed-door, with strict information-sharing protocols in place.
Evening kickoff: Aug 30th | Day Zero 2026 Summit: Aug 31st
*Ahead of Fal.Con Vegas | 📍Mandalay Bay, Las Vegas
Register for updates and submit your paper.
crowdstrike.com/en-us/events/d…
English
packet priest retweetledi
packet priest retweetledi
SAM DO NOT VIBE CODE INTERNET INFRASTRUCTURE
Sam Altman@sama
feels like a good time to seriously rethink how operating systems and user interfaces are designed (also the internet; there should be a protocol that is equally usable by people and agents)
English
we're looking for a couple folks to grow a new TI capability in the sec team at A\ - if you're an intel person that leans more towards building and diving deep to understand technical threats, while still handy with the pen, could be for you! 👇👇
job-boards.greenhouse.io/anthropic/jobs…
English
@fengtality dude you should use Virustotal or some kind of sandbox for checking for/analysing malware
don't use Claude code locally, as if it interacts with the malware in unsafe way such as dynamically inspects the file by running it, you are done ☠️
English
Almost got hacked this morning - here's a replay of what happened:
1. A VC whom I've met in person reached out for a catchup
2. She sent me a Microsoft Teams link a few min ahead of the meeting
3. When I joined, it asked me to download update script
4. Got a funny feeling and ended the call immediately
5. Claude inspected the file and it was indeed malicious
Not sure if this person was just hacked or a bad actor, but I wanted to post this as a PSA. Stay safe.
English