I created a private git repository where I store my CFP responses now, including every field they asked for and it's just saved me a ton of time... Why did no one tell me this is the way... I should have been doing this years ago.

From 300 lbs of C4 to wrangling 900 hackers, my journey from the Marines to cybersecurity on the Exit Buddy podcast. Huge thanks to Kathleen & Rachel for having me, and Happy 250th Birthday to my fellow Marines! 🇺🇸🎧 https://exitbuddy.buzzsprout.com/2535619/episodes/18121064-don-t-tough-it-out-a-marine-s-va-vitamin-m-warning

If I have ever offered to help you with anything at all. This is your license to pester me as much as you humanly can to do so. I can make excuses but I promise I’ll never consider you reminding me as a bother.

I know something like this already exists somewhere, and absolutely open to learning better ways:

https://github.com/mubix/Find-WSUS

For finding what might be affected by CVE-2025-59287 or you can use an EDR / OSQuery to find systems with the WSUSService service.

#PRCCDC [Pacific Rim Collegiate Cyber Defense Competition] is looking for some volunteers for Ops, Orange Team, Scoring engine, judges, etc - Fill out the form, get the discord link join the Tuesday meetings:

https://docs.google.com/forms/d/e/1FAIpQLSf0AGzRB8IMejwVuGxRo-Z1-li-VLDsMusGtgS9LmmS18F6gA/viewform?pli=1

We are SPOILED this year for presenters, and there’s not greater example of these two:

@rayredacted and @mubix will be presenting at 3:30 in Track 3 and Track 2 respectively.

Rob Fuller will be streamed live on YouTube while Ray will be in person.

https://www.youtube.com/live/DJcSVh9sZ20?si=of2CXZQxYkSgpdaX

Please remember that you don't have to go all APA or MLA citation requirements but giving reference to those that make the tool, or invented the thing you are talking about is a form of thanks to those that have provided that thing. It doesn't take much but it means a lot.

Posted this to LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7386492126412570624/

#Leaders, let’s talk about the fear of saying “I don’t know.”

Junior employees often have no problem admitting, “I don’t know how to do that.”

But as people move up, that changes.

Many senior folks start to believe they can’t admit when they don’t know something because their credibility feels tied to always having the answer. That’s when fear creeps in. They protect their position… and ironically, create the very reality they’re afraid of.

The areas we get most comfortable in are usually the easiest to automate or replace.

As leaders, we have to break that loop.

In TV, they teach you to exaggerate emotion because when it’s received through a screen, it’s always halved.

The same applies in leadership communication. If you want your team to feel safe being curious, you have to over-communicate that safety.

So when someone says “I don’t know,” celebrate it.

That’s where learning starts. That’s where innovation begins.

Because the safest teams aren’t the ones who know everything they’re the ones who keep asking questions.

We’re pleased to have some very experienced speakers during SAINTCON 25, including Rob Fuller @mubix who has decades of experience in the industry from top to bottom. See a true “Lessons Learned” presentation on Thursday afternoon in Ballroom B!

https://saintcon2025.sessionize.com/session/959206

Been going through and getting ChatGPT Codex to document all of the functions, arguments and flags that Mimikatz has. It's amazing how many functions that I didn't even know existed in Mimikatz. You can see the results here: https://redteam.wiki/en/postexploitation/mimikatz

And https://github.com/redteamwiki/redteamwiki

I never did a proper introduction post. My name is Rob Fuller. I was lucky enough to be part of @hak5 in the early days and have been a part of that family ever since. I was on some episodes and made a few seasons of a show called "Metasploit Minute" (I never did get it in under a minute, though). I transitioned that show into one called "Practical Exploitation." I started running out of time in the day, never giving that one enough effort.

Outside of Hak5 and in the early years of my career in infosec, I dug in deep with the Metasploit team as I learned how to pentest and Red Team. I also dug in deep with Mid-Atlantic CCDC, where I had minimal restrictions on scope (respecting the intent of the game being the most important). Those two pools of individuals were my mentors and guides in offensive security. The biggest influences were @carnal0wnage, @hdm, and @egypt, all 3 of whom I now call "family." I am fortunate in that regard. If you can surround yourself with your superiors without feeling inferior, that is the real trick to success in life.

My actual career always felt like an extracurricular instead of the other way around. I'm sure many of my bosses and leaders figured that out before I did. Not much to say here outside of how much I miss some of the teams I was on. I learned so much from them. From my early days in the Marine Corps CERT, messing everything up and making every mistake, to my last position on John Strand's amazing Black Hills Infosec team. Each experience taught me so much. The people I worked with constantly teaching me made me into a well-rounded infosec practitioner. Today I stand as a Director with plans to one day be a CISO. To see if some of my crazy ideas of what is possible, along with those experiences from so many other companies, seeing what is possible, to see if they can all be combined into a single company. That sounds like I want to use a company like a lab experiment... probably should erase all of that if I ever want to be considered a CISO... ;-) Oh well, what will be, will be.

If you have made it this far, this is where I talk about my family. I lost my brother to a car accident in 2005. I lost all my grandparents to old age and my father to COVID. I have lost many people I deeply care about who have no blood relation to me. I have gone into deep and dark places. I have also been lucky enough to have a family, a wonderful wife, kids, and this big dysfunctional family called #infosec. While we have right-wing nut-job uncles and left-wing nut-job aunts, we always come together, celebrate our uniqueness, and support each other in ways I did not have growing up. I am eternally grateful to this community and hope to make a dent in what I owe it one day. I consider you all family, and if there is ever anything I can do, I'll be there. Rarely any questions asked... unless it's @jack_daniel or Chris Nickerson, then I'm questioning everything, especially if they ask me to bring the lime this time :P.

I recently finished my Master's degree. This comes after being told by my technology teacher in High School that I was his best 90% student and that I would complete things up to 90% and quit. This haunted me up until I completed my Bachelor's degree in 2019. I would manifest that statement in so many things that I did. I still have issues with it, but it has much less power over me now.

I do security for fun. I know many people think that hobbies are healthy ways to disconnect from work, but my work is what I enjoy, so I don't do a lot of disconnecting. Outside of hanging out with my family, I very much enjoy movies. I go to see as many of them as possible and enjoy the theater experience even though it costs almost more than my first car just to take my family to see a single movie these days.

My only other hobby is reading. I have a terrible problem of wanting to have books everywhere that I am, and I am constantly on the move, so that means I generally buy the physical book, the kindle version, and the audiobook before I'm done with it. I have nearly 500 books at home and roughly 300 books on Audible, and I have listened to or read 99% of them (a few I'm waiting to finish other series before I start them).

I run a blog that I only post to a little. While I don't particularly enjoy consulting, it was the fuel that made my blog posts happen much more often.

I served in the Marine Corps as a 1371 Combat Engineer, learning all about mines, explosives, and construction. Mostly mines and explosives. 4 years in Okinawa, Japan, and four years in Quantico, Virginia, where I had made a lateral move to the 0656 Tactical Data Communications Specialist, where I served at the heart of the Marine Corps cyber division called the MCNOSC at the time. I learned defense, compliance, hardware, software, networking, firewalls, and everything in between. That's when and where I knew what I wanted to do for the rest of my life.

Not sure how much more of an intro I'm supposed to make, but that's good enough. I am a pretty open book, so if you have questions about that, I'm open to it.