Yet more companies laying off employees not because AI is replacing them, but because they need more money to fund their AI. I can't remember the last time I saw sunk cost fallacy at this scale.
Marcus Hutchins :verified:
Cybersecurity
One of my least favorite items to find is the infamous 'spicy pillow'. When lithium batteries start to fail, gasses build up inside the cells and they expand. Because the breakdown process produces both it's own fuel and oxygen, they can explode or catch fire, at which point the fire is almost impossible to extinguish. They'll even burn in an airtight container or completely underwater.
Useful threat intelligence signal: deploy honeypots to your network then filter out any traffic that matches public databases of known malicious IPs. Malicious traffic hitting your network is interesting, but what's hitting your network that isn't hitting everyone else's is much more so.
@danvolchek And it's statistically reasonable that giving all the information it has, it could easily deduce it was me
@Johns_priv less than zero care. It's not my job to personally compensate from someone else's shitty water and power infrastructure.
Had a very surprising ChatGPT experience: asked it to generate a quick summary of the WannaCry ransomware, and instead of referencing the person who stopped it by name, it simply put "(you)". When I asked it how it was able to identify that it was me, it citied its own message as something I'd said.
After pointing out I didn't say that, it did, ChatGPT replied that it was able to infer it by my account username and what it'd learned from my skillset across various chats. Not 100% sure if that's how it actually did it. Either way, pretty cool, but also a little bit scary.
It's pretty widely known that many tech companies, especially advertising ones build comprehensive profiles on their users, but it's rare that you get to talk to said profile and figure out what it knows about you.
Tesla is basically a memecoin at this point. This is from a real article in Fortune. Great news, everyone "Sales dropped ONLY 28% in May despite the overall EV market growing 27%". I can't think of any other company where people would write articles this delusional.
Cyberwar With Iran: How Bad Could It Get? | Hacker Explains
https://www.youtube.com/watch?v=7MApLKC3_Es
In response to popular demand, we've added some offensive security channel to the MalwareTech Discord. Interested in pentesting, red teaming, or implant development? Check out channels #offensive-security, #vulnerability-research, and #implant-development.
https://discord.gg/MalwareTech
The wonderful world of technology: I can't read my (physical) mail, because Cloudflare is down and the mailroom uses electronic access control.
Added a new Wiki entry: Locating Modules Via The PEB (Process Environment Block)
Should help anyone stuck on the shellcode3 reversing engineering lab.
https://malwaretech.com/wiki/locating-modules-via-the-peb-x64
Just released a new malware analysis lab! Shellcode3 tests your ability to analyze malicious shellcode and leverages a common technique used by malware to obscure API calls.
https://malwaretech.com/labs/shellcode/shellcode3
As much as I don’t like Generative AI, it’d be beneficial for schools to teach students how to properly navigate it, rather than banning it. People are going to use AI regardless. Everyone needs to understand the limitations, or risk sacrificing critical thinking to something that can’t even think.
@guamwatt I gotta work :(
#1 on my bucket list is to see a volcano erupt in person. I was in Hawaii during the May 25th Kilauea eruption, which I slept through. Now that I've left it's erupting again >_<
Microsoft really doesn't like RC4 encryption apparently 😆
In the process of re-working and re-launching my beginner reverse engineering labs. You can test them out here: https://malwaretech.com/labs
More coming soon!
@leeloo @Serenus @iagox86 @charlvdwalt "build something that works" is a wonderful specification. Have you ever considered a job as a project manager?
@leeloo @Serenus @iagox86 @charlvdwalt It's not a backdoor when the alternative is everyone's traffic being open to interception
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst