Dylan
@InsecureNature
Followers
3K
Following
504
Media
215
Statuses
1K
Security researcher, public speaker and founder. Forbes 30 Under 30 Truffle Security @trufflesec https://t.co/vxEH7Cftbg Prev @Netflix
US
Joined July 2020
RT @InsecureNature: Agents can now do things with sensitive systems, even though we know prompt injection and context hijacking with any of….
0
1
0
Agents can now do things with sensitive systems, even though we know prompt injection and context hijacking with any of the data it ingests, is a thing. Cool cool cool cool.
0
1
2
RT @trufflesec: 🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub. 🔗A guest post by Sharon Brizinov: https://t.co….
0
18
0
Google's least viewed YouTube video is about a cybersecurity feature.
1
0
6
This is WILD. When you opt out of ad tracking this website makes you check a box saying:. "I acknowledge cookies need to be deleted from my browser to remove tracking.". Ad tracker opt-out is a GDPR requirement. Forcing the user to delete their cookies is.
2
0
14
If only they had done it back and forth fast enough, they could have doubled the money.
0
0
3
The fall of the empire did NOT depend on the rebellion. Obi-Wan used Luke to turn Vader against the Emperor. The death star didn't need to explode. Luke didn't need to meet the rebellion.
2
0
0
I asked @MayaKaczorowski (former Senior Director @github) about her thoughts about GitHub's identity system. Personally I think managing identity in GitHub is clear as mud.
1
5
13
I shared an Uber ride with @feross and I thought his new reachability analysis tool (@SocketSecurity) was neat. So I pulled out my phone and asked him to repeat say it again on camera
2
7
27
Tomorrow I'll be speaking at @BSidesSF at 11:15am. The topic? . Aligning light weight AI models to become self replicating ransomware worms. Join me on the IMAX.
1
3
13
A distro that ships with a default password deserves a CVE.
"well then, what's your solution??". There's no perfect solution for this, but the problem is how incredibly low the bar is nowadays to get a CVE. Hell, you can get a CVE by reporting *checks notes* the default password for a raspberry pi. How pathetic.
1
1
7
A couple of years ago I co-presented with @wbm312 how sensitive bug bounty hunter accounts can be, especially active hunters with years of file attachments and POC data. Today bugcrowd is mandating 2fa on all accounts: Definitely a positive change.
bugcrowd.com
As part of our ongoing commitment to protecting both our community and our customers, we’ve made an important security update: Multi-Factor Authentication (MFA) is now mandatory for all Bugcrowd...
1
7
13
Hey @JeffreyGoldberg what's your Signal username just incase I want to add you to future groups?.
American war planning usually takes place in highly secure facilities. But the Trump administration planned its strikes on the Houthis using a group chat—and accidentally included The Atlantic’s editor in chief, @JeffreyGoldberg.
4
0
1
RT @trufflesec: 🔥 You can now add TruffleHog to Burp Suite!. 🌐 Install it directly from the BApp Store. 🔍Scan web traffic for live, verifie….
0
60
0
RT @trufflesec: 🚨 🚨 A quick word the:.⚫ TruffleHog Chrome Extension.⚫ TruffleHog burp plugin.From @InsecureNature
0
9
0