TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️

19.5K posts

TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️ banner
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️

TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️

@techbytom

Privacy, motorcycle, and craft beer geek. Adversarial thinker. Blue team your blue team for better red teaming.

The Interwebs Katılım Temmuz 2009
1.8K Takip Edilen1.4K Takipçiler
Shecky - Third Wheel
Shecky - Third Wheel@SiliconShecky·
AI and its hallucinations look to be the new boy who cried wolf for SOC/IR. This is why we still need boots on the ground and not automated decisions without human validation. cyberscoop.com/ai-generated-b…
English
2
0
1
71
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️ retweetledi
Nana Sei Anyemedu
Nana Sei Anyemedu@RedHatPentester·
WHEN A LAW ENFORCEMENT OFFICER ATTEMPTS TO UNLOCK YOUR MOBILE DEVICE BY BRUTE-FORCEING IT USING TOOLS LIKE GRAYKEY OR VERAKEY. I pulled a trace of gray key that was used in the iPhone while hunting for spywares and brute-force attacks. If the FBI or a law enforcement officer, like police, seizes your phone and returns it, you can know if they performed a brute-force attack on it if you know you didn't give them the password to your phone. They Often use GRAY KEY or VERA KEY Modern mobile operating systems and their underlying firmware maintain detailed security and diagnostic logs that can record authentication attempts and forensic access activity. As a result, when tools such as GrayKey or other law enforcement-grade extraction systems are used to perform password brute forcing or advanced device access, traces of these operations may be recorded within system logs, diagnostic artifacts, or security event records on the device. Attackers or suspects may also try to hide activity, but system-level artifacts can still reveal failed brute-force attempts. FUN FACT iOS devices often keep behind-the-scenes logs showing things like: a. when a brute-force attempt started b. when the device was finally unlocked c. and even when extraction tools connected and disconnected. That means a forensic examiner can sometimes tell not just that data was extracted… but how it was extracted and how long it took.
Nana Sei Anyemedu tweet mediaNana Sei Anyemedu tweet media
English
27
217
1.3K
112.9K
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️ retweetledi
Thariq
Thariq@trq212·
New in Claude Code: /ultraplan Claude builds an implementation plan for you on the web. You can read it and edit it, then run the plan on the web or back in your terminal. Available now in preview for all users with CC on the web enabled.
English
529
661
10.3K
1.3M
Zack Korman
Zack Korman@ZackKorman·
I'm extremely unconvinced that Opus wouldn't have found that 27-year-old OpenBSD bug Mythos found if they spent $20k credits on it.
Zack Korman tweet media
English
70
70
2K
490.8K
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️@techbytom·
Last November, things really changed. If you don’t want to solve every problem, you can rely (usually successfully) on an LLM to recognize and solve it for you. Extrapolated across an engineering problem, this is incredibly powerful, but also crippling for engineers long term.
bohops@bohops

I’ve been grinding hard on AI for the better part of the last 8+ months - learning, building, adapting, and pulling late nights just like so many others right now. Cutting through the FUD and hype, there is real potential here. Industry-breaking potential. The era we’ve been waiting for - to finally supercharge and develop the tools and platforms we’ve wanted to build for years - is here, and agent assistance is accelerating everything. With coding agents, I’ve built solid tools and had research breakthroughs that would have taken weeks or months before. These should feel like real wins worth celebrating. But honestly? I don’t feel victorious. In many ways, it just feels necessary to keep pace. As Dave said: adapt or be left behind - and for good reason. I’m not ready to be left behind. But damn, I’m tired. I’m tired of constantly reinventing myself. Tired of constantly re-tooling. Tired of the endless cycle of keeping up, the late nights, and the personal sacrifices that come with it. I’ve even lost the desire to share knowledge and research with the community the way I used to. From the conversations I’ve had, I’m far from alone - many others in this space feel the same but don’t necessarily vocalize it outside of smaller circles. Is it because I see AI purely as a threat? Not really. The offensive side of our industry has been heading this way for a while, and I’ve been moving with it. The truth is, the excitement Dave describes is real - but for me right now, it’s mixed with exhaustion. I’m grateful for the breakthroughs, yet I catch myself wondering how long I can sustain this level of constant reinvention without something giving. The early-2000s energy is back, sure… but so is the burnout that often came with it. Being a bit older now, with young kids at home, the pace hits differently. I don’t have the same endless energy I once did, and the late nights and constant context-switching carry a heavier weight. Finding balance is tough, but it feels more important than ever. Hopefully we can all figure out how to ride this wave more sustainably - without burning out in the process.

English
1
0
0
105
Johnny Xmas
Johnny Xmas@J0hnnyXm4s·
@techbytom No current NIST publication uses “black hat testing” as a synonym or replacement for red teaming.
English
1
0
0
147
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️ retweetledi
Iceman
Iceman@herrmann1001·
Oh this is clean. A searchable, filterable RFID attack reference. HID Prox, MIFARE, EM4100, animal tags, organized by frequency AND tool (Proxmark, Flipper, Chameleon...). This is the cheat sheet that used to live in your notes app. Bookmark it! you'll thank yourself on your next physical engagement. redteam.vip/ram-rfid-attac…
Iceman tweet media
English
8
98
442
25.5K
Guri Singh
Guri Singh@heygurisingh·
🚨 BREAKING: The cybersecurity industry is about to get completely disrupted. Someone just open-sourced a fully autonomous AI Red Team. It's called PentAGI. 8,200+ stars on GitHub. Not one AI agent. An entire simulated security firm. Researchers, developers, pentesters, and risk analysts. All AI. All coordinating with each other before launching a single attack. No Cobalt Strike. No $100K/year pentest retainers. No OSCP required. Here's what's inside this thing: → An Orchestrator agent that plans the full attack chain → A Researcher agent that gathers intel from the web, search engines, and vulnerability databases → A Developer agent that writes custom exploit code on the fly → An Executor agent that runs 20+ pro security tools (nmap, metasploit, sqlmap, and more) → A memory system that learns from every engagement and gets smarter over time Here's the wildest part: It runs everything inside sandboxed Docker containers. Full isolation. It picks the right container image for each task automatically. It has a knowledge graph powered by Neo4j that tracks relationships between targets, vulnerabilities, tools, and techniques across every single test. Cybersecurity firms charge $25K-$150K per engagement for this exact workflow. This is free. 100% Open Source. MIT License.
Guri Singh tweet media
English
231
859
4.5K
655.5K
TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️ retweetledi
Joe Carlsmith
Joe Carlsmith@jkcarlsmith·
I wrote an essay about restraining AI development for the sake of safety. I think an idealized world would put itself in a position to do this if necessary, and that it's worth serious effort in the actual world, too, despite the many challenges and downside risks. Link below.
Joe Carlsmith tweet media
English
13
21
176
10.9K

Keşfet

@SiliconShecky @Alph4betSoup @ZackKorman @jaysonstreet @thegrugq @LargeCardinal @J0hnnyXm4s @elonmusk