Posts by k3ym0@infosec.exchange
(DIR) Post #ATuhHi8jGXD3ZYDaFs by k3ym0@infosec.exchange
2023-03-23T15:43:08Z
25 likes, 14 repeats
(inhales sharply) AAAHHHHHHHAHAHAHAHAHAHAHAHAHAHA (ghasps for air)AAAHHHHHHHAHAHAHAHAHAHAHAHAHHAHA
(DIR) Post #AZTEDyDbzZOSZuf8CW by k3ym0@infosec.exchange
2023-09-05T19:35:51Z
0 likes, 0 repeats
BREAKING: Scientists discover that the Louisville Slugger, if deployed properly, can be used to cure facism.
(DIR) Post #AaGhoAWDeDYPZBXFPk by k3ym0@infosec.exchange
2023-09-29T19:04:37Z
0 likes, 0 repeats
@sullybiker Looks like this is from April and has been patched for some time?
(DIR) Post #AaGiA9kXBhsLYHiQSW by k3ym0@infosec.exchange
2023-09-29T19:08:34Z
0 likes, 0 repeats
@sullybiker uhhh when i look up that CVE it's showing as a Chrome vuln:https://nvd.nist.gov/vuln/detail/CVE-2023-1529
(DIR) Post #AaGijiWFuHctWWzepk by k3ym0@infosec.exchange
2023-09-29T19:15:01Z
0 likes, 0 repeats
@sullybiker ooooof. yeah this looks nasty. WebP is used everywhere...
(DIR) Post #AcTX1Z5730VeSdN692 by k3ym0@infosec.exchange
2023-12-04T18:35:43Z
1 likes, 1 repeats
The FortiGuard Labs team recently analyzed the new #ransomware group, #Rhysida, and found that it attacks Windows machines through VPN devices and RDP, and is targeting industries such as education and manufacturing. 📚 🦾🔎 Learn more: https://cybersecuritynews.com/rhysida-ransomware-attacking-windows/ via Cyber Security News#cti #threatintelligence #cybersecurity
(DIR) Post #AcqCHZhwrensivxw3c by k3ym0@infosec.exchange
2023-12-15T17:42:54Z
1 likes, 1 repeats
Chinese APT Volt Typhoon has been observed leveraging EoL SOHO devices as a proxy network to obfuscate their operations.Read the excellent write up by @blacklotuslabs here#cti #threatintelligence #volttyphoon #cybersecurity
(DIR) Post #Aljs8O3pcDxf83qeGm by k3ym0@infosec.exchange
2024-09-06T16:39:41Z
2 likes, 1 repeats
When you successfully secure all your endpoints, but not your core infrastructure.
(DIR) Post #AoDk9Z6Jc5B5nMf8wS by k3ym0@infosec.exchange
2024-09-20T19:19:40Z
0 likes, 0 repeats
New T-shirt just arrived 💪 #RoundEarther
(DIR) Post #AtRMvGiva7E88nD6Tw by k3ym0@infosec.exchange
2025-04-25T06:02:20Z
0 likes, 0 repeats
@ricci damn, this is so cool. Thanks so much for sharing this.
(DIR) Post #AvWif5qAh6U2HbVTii by k3ym0@infosec.exchange
2025-06-26T15:43:42Z
0 likes, 0 repeats
@PopeASDF @mdhughes that... is amazing.
(DIR) Post #Avb4pKjb9HfIzmYlzk by k3ym0@infosec.exchange
2025-06-28T18:02:35Z
2 likes, 2 repeats
🚨 Just In: For the 5th year in a row, Cloudflare has been rated highest in Completeness of Vision and Ability to Execute in the Gartner Magic Quadrant for Malware Delivery Infrastructure.Unmatched scalability. Global reach. Seamless deployment.The preferred platform for payload delivery—at any scale.Read full Press Release here: https://paste.lol/k3ym0/cloudflare-recognized-for-fifth-consecutive-year-in-gartner-magic-quadrant-for-malware-delivery-infrastructure#Cloudflare #GartnerMQ #CyberInfrastructure #ThreatOps #Crimeflare
(DIR) Post #AxMfS30DjryNZo0Tjc by k3ym0@infosec.exchange
2025-08-19T22:12:16Z
0 likes, 1 repeats
It is so hilarious to me that we have FOSS maintainers begging for money to try to keep the development of NTP ongoing. NTP - you know, that protocol that the entirety of humanity relies on for access to the internet (or anything on a network for that matter).Meanwhile the o̶l̶i̶g̶a̶r̶c̶h̶y̶ broligarchy makes billions of the backs of these people.Anyways, they're currently at $495 of $1000 for their 2025 goal. Go throw them some $ if you feel so inclined.https://www.nwtime.org/mills-spring/#NTP
(DIR) Post #AyO2g0wkrOsBOHLLAO by k3ym0@infosec.exchange
2025-09-20T04:51:51Z
0 likes, 0 repeats
@ricci @badsamurai would like a word with you.
(DIR) Post #B0QBzKeIdCIs2SHbvc by k3ym0@infosec.exchange
2025-11-19T19:49:07Z
1 likes, 0 repeats
this checks out lmao
(DIR) Post #B1TIxBpvZu6GJUrDKS by k3ym0@infosec.exchange
2025-11-20T00:12:27Z
0 likes, 1 repeats
When the AI model is instructed to make a new coke commercial for the holidays and just kind of runs with it.
(DIR) Post #B3rRSYyRHCcUBSn4ls by k3ym0@infosec.exchange
2026-03-02T21:11:28Z
2 likes, 7 repeats
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.Claude: Six parallel telemetry pipelines. A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block. Intercom running a persistent WebSocket whether you use it or not. Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.ChatGPT: proxies telemetry through their own backend to hide the Datadog destination URL from blockers. uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough. Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up. Also runs a proof-of-work challenge before you're allowed to type anything.Gemini: play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.KETCHUP_DISCOVERY_CARD.MUSTARD_DISCOVERY_CARD.MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.All three of these products cost money.One of them is also running ad infrastructure.Touch grass. Install @ublockorigin #infosec #privacy #selfhosted #foss #surveillance
(DIR) Post #B3tcNJjZztgvHbSev2 by k3ym0@infosec.exchange
2026-03-03T03:33:39Z
0 likes, 0 repeats
@QuercusMacrocarpa @ublockorigin uMatrix is unfortunately abandoned — development ended in 2021, same developer as uBlock Origin, he just stopped. there's also an unpatched vulnerability in it so I'd avoid it at this point.uBlock Origin in medium mode covers most of what uMatrix used to do for this specific threat — it blocks third party scripts and XHR requests by default which is exactly what catches the telemetry pipelines I documented.one important caveat though: if you're on Chrome, uBlock Origin was gutted by Google in late 2024 as part of their Manifest V3 changes. the full version no longer works on Chrome. for real protection you need Firefox or Brave with uBlock Origin installed. which, honestly, is probably worth a separate post.
(DIR) Post #B3zEukR2Vqf9hPxOIi by k3ym0@infosec.exchange
2026-03-06T03:08:53Z
0 likes, 1 repeats
RE: https://hachyderm.io/@evacide/116178700239265110hot take: @protonprivacy didn’t fail you. YOUR OPSEC failed you.encryption ≠ anonymity. these are not the same thing and never have been.Proton did exactly what they said they’d do - encrypted your emails and complied with lawful Swiss legal orders. that’s the whole deal. that’s what you signed up for.the credit card you used to pay for your “anonymous” account was never part of the encryption. that was always traceable. that was always a liability.and here’s the kicker - Proton literally accepts Monero and cash. they gave you the tools. you chose the Visa.#infosec #opsec #privacy #ProtonMail #threatmodeling #monero
(DIR) Post #B4g3Nv5UEBNPCfRIyu by k3ym0@infosec.exchange
2026-03-26T20:02:13Z
9 likes, 10 repeats
In today's episode of "Can It Run Doom": DNS fucking TXT records.Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.blog: https://blog.rice.is/post/doom-over-dns/repo: https://github.com/resumex/doom-over-dnsAlso lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.It was always DNS.#infosec #dns #doom #itisalwaysdns