Dave Kennedy

If your team has to “figure it out,” you’re already behind. NightBeaconAI removes the guesswork. It analyzes events, files, and emails in real time and tells you exactly what you’re looking at and what to do next. Clear answers. Backed by evidence. Humans still in control. Learn more about NightBeaconAI: binarydefense.com/resources/data…

AI is reshaping vulnerability research and exploit development, but what does that look like in practice? Tune in next week to the #SecurityNoise podcast as @Bandrel and @freefirex2 break down how #AI is changing the #CVE discovery process. Subscribe so you don't miss it!

@edskoudis @SteveSchofield 👀

@SteveSchofield @HackingDave Funny you bring that up! @HackingDave and I were _just_ talking about that topic 10 minutes ago. Is this meeting room bugged??? 😀

Happy to announce that I took a board position (thanks @edskoudis) to SANS Technology Institute (college degree programs). I'm truly excited here as it fits right in to my passion of helping the next generation of cybersecurity folks get into the industry. Amazing mission reaching our youth, and impacting the next generation of hackers. I'm also on the board of Paradigm Cyber Ventures which focuses on K-12 cybersecurity hands-on courses in the high school level and we sponsor and fund many high school cybersecurity programs. Make the world a better place. sans.edu/about/governan…

@_hacdan Oh 100% 🤣

@HackingDave Guarantee the person who invented dual zone climate control was married.

Car rides with my wife are such polar differences on temperature lol. Her side 78 with heat blaring, my side 62. Its like a wall of heat and cold battling each other in the car 😂

@HackingDave We are so excited to have you on the sans.edu Board of Directors. Your input will be invaluable, my friend. So much exciting work to do for the community and our students!

@_JohnHammond @edskoudis Thanks buddy! Happy to serve 🫡

@HackingDave @edskoudis Holy moly, congratulations!!!

I couldn't make a military simulation with my airsoft buddies (daughters volleyball tournament) so one of my friends Ryan built this so I didn't have to miss it 🤣🤣🤣🤣

🚨 100M TOKEN CONTEXT WITHOUT COLLAPSE > <9% degradation from 16K → 100M > beats RAG + rerank + SOTA pipelines > runs on just 2×A800 GPUs we could be back

This is the kind of wealth people should aim for in life.

😂😂

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

😂😂

@DeanLo66 Erin has a heated bed so I can actually survive with cool bedrooms 😂 usually at 68-70

@HackingDave And what do you have the thermostats set at. 😂🤣😂🤣😂🤣

@Timon_j_s @Binary_Defense Working on it

@Binary_Defense Real shame this isn't offered as a product separately from the MDR service

Yesterday we made NightBeacon official. This isn’t another AI announcement. It’s a new way to operate a modern SOC. Security teams today see an abundance of alerts while adversaries move faster than ever. NightBeacon was built to change that. It accelerates analysis, cuts through noise, and helps analysts move from investigation to decision faster than ever before. But the most important part? This isn’t AI replacing analysts. It’s AI amplifying them. NightBeacon learns from the people who defend our customers every day. Every investigation, every escalation, every decision makes the platform smarter. This is what happens when AI speed meets human expertise. The future of MDR just got a lot faster. binarydefense.com/nightbeacon

We would like to send out a big THANK YOU to a NEW sponsor - @Binary_Defense - #BSidesCharm 2026 Gold sponsor!

How many sign-in logging bypasses can Azure Entra ID contain? At least 4.

@Jogenfors 😂😂🥵🥵🔥

@HackingDave So you are saying you're the hot one? 😅

⚠️ CISA Urges Securing Microsoft Intune Following Stryker Breach Source: cybersecuritynews.com/secure-microso… CISA has issued an urgent alert urging organizations to harden their endpoint management system configurations following a cyberattack on Stryker Corporation, a U.S.-based medical technology firm, on March 11, 2026. The cyberattack against Stryker Corporation highlights a growing trend of threat actors targeting endpoint management platforms, particularly Microsoft Intune, to gain privileged access across enterprise environments. In response to the breach, CISA is urging all organizations to implement Microsoft’s newly released best practices for securing Microsoft Intune. #cybersecuritynews