🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Skilled cybersecurity workers volunteering to support these institutions makes a huge difference even if some feel the work we do is already available elsewhere. The simple fact is many organizations sit below the cybersecurity poverty line and need support. 3/5

We have no “cyber 9-1-1” in this country. There is no one to call when you face a cybersecurity attack if you don’t have the money for private incident response. Volunteering to protect our fellow citizens is a national institution in this great country. 4/5

It is important that we talk about government boundaries and ensure our rights are protected. However must make sure this conversation is bi-partisan, balanced and constructive. We must also make sure we don’t tear down our national defenses in the process. 5/5

So Elon Musk you tweeted the other side of this conversation. Will you now in the interests of free speech retweet the other side? cti-league.com/statement-by-m…

Hey Elon Musk yesterday I asked if you could amplify the other side - you know free and balanced speech and all? Remember when we hacked your Model S in 2013 & 2015? Remember how you asked us not to share until patches ready & you could share your side? cti-league.com/statement-by-m…

It seems that the core investigative method here is “if two people worked on something together “anywhere” then all the organizations they belong to must be colluding.” Trust groups contain many people from many organizations. Im in several trust groups with volunteers from all

hackcon.org/he-who-control… I’m starting the 2024 conference circuit with HackCon Norway - I’m excited to meet InfoSec practitioners from one of my bucket list countries & elevate the defensive knowledge of folks who attend.

github.com/n0x08/Conferen… - Slides from my HackCon Norway talk are available on my GitHub.

eclypsium.com/blog/flatlined… - I took apart the firmware of a Pulse Secure device and their integrity checking tool and the results weren’t great.

My co-worker Nate Warfield (🇺🇦 Nate Warfield | n0x08.bsky.social🌻) analyzed an Ivanti firmware image. Some findings include old software (like an 8-year-old kernel) and ways to bypass integrity checking.

🇺🇦 Nate Warfield | n0x08.bsky.social🌻 Check out the full article here: eclypsium.com/blog/flatlined…

I've been using GreyNoise since it was literally Andrew Morris (afk) writing me query functionality to use against a JSON endpoint and I'm looking forward to hanging out with the crew he's assembled over the years tomorrow morning!

I haven’t been this stoked for a podcast appearance in a long time, see y’all tomorrow morning 🤘

m.soundcloud.com/n0x08/swolfath… You know it’s a good day when I’m on the GreyNoise podcast in the AM, hit 30k lbs on leg day & still gotta drop the boom for a workout mix after dinner. We don’t skip leg day 🤘

James is next level genius - and with Lee Holmes as a tech reviewer you know this book is on point! Buy it! It has been a joy to partner with James - and to be included in a mention with former MSRC greats such as Katie🌻Moussouris (she/her/she-ra/she-hulk) 🪷 and 🇺🇦 Nate Warfield | n0x08.bsky.social🌻 is an absolute honor. Nic Fillingham 🇦🇺🇺🇸 Security Response

There is only one early-bird seat left for the next session of Advanced Fuzzing and Crash Analysis on July 15. Price goes up to $4k after the next ticket is sold.

We got a range of PoC in my time at Security Response but the vast majority of them were “run this with WinDBG & look, see, vuln” Not many were this well done. Not a great look folks, you can & should do better. Don’t even want to know how the bounty convo went.

My #defcon32 set is up on my soundcloud now - soundcloud.com/n0x08/defcon32

This looks like a really cool read!