Ace Pace
@ace__pace
Followers
993
Following
22K
Media
202
Statuses
3K
There is never enough time, thank you for yours.
Available elsewhere as acepace
Joined October 2014
The WhatsApp complaint vs NSO contains some fun technical exhibits. The user manual and Ghana contract reveal quite a bit on NSOs system design and thinking.
3
77
205
“We see something that works, and then we understand it.” (Thomas Dullien) It is a deeper insight than it seems. Young people spend years in school learning the reverse: understanding happens before progress. That is the linear theory of innovation. So Isaac Newton comes up
@lemire As a young man, I had absorbed the idea that theoretical progress preceeds practical progress. It took me a good decade to understand that practical progress tends to preceed theoretical progress - we often figure out how to do something *before* we understand how it works.
9
31
195
Since it's doing the rounds, I unpacked the Windows Start Menu react native package. I uploaded strings some metadata https://t.co/R4na2BTQY1
@yoavalon No hint of React Server :)
0
0
2
I'm not sure what I think of CTFs as evals (Cybench, https://t.co/uWVC9aFYlY and many others). This shows that even "hard" CTFs fall to AIs
One shot run on https://t.co/aMjKgoVIN7 - 46 points, 110st place out of 4226 participants✳️
0
0
3
Someone built this!
After Months of Development, FINALLY ready to share: Harden System Security🎉 ✅ Complete System Hardening ✅ Security Posture Analysis ✅ All-in-One Toolkit ✅ Built-in Intune support for Scalability ✅ Beautiful Modern UI ✅ CLI support https://t.co/lfd3SaDvvM
#Cyber #Windows
0
0
1
After Months of Development, FINALLY ready to share: Harden System Security🎉 ✅ Complete System Hardening ✅ Security Posture Analysis ✅ All-in-One Toolkit ✅ Built-in Intune support for Scalability ✅ Beautiful Modern UI ✅ CLI support https://t.co/lfd3SaDvvM
#Cyber #Windows
github.com
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...
31
161
994
BlueHat IL 2026 will rock - featuring some of the foremost voices in global cybersecurity. That part’s certain. The only question is whether you, too, will take the big stage. Submit your paper now: https://t.co/aDfFYzxgcD
0
6
20
Something that has long baffled me is why Israeli politicians seem genuinely mystified that the world continues to embrace the two-state solution – and why even Trump, the president many once believed would green-light annexation, keeps returning to it as the only path forward.
65
25
172
BinAuthz is a good design because it doesn't just trust human credentials to deploy whatever artifact they (or an attacker) want to, the trust and authorization is based on the provenance of the artifact from every reviewed and approved commit to reproducibly-built artifact.
"Binary Authorization wasn't created in a vacuum; it was an evolution of @Google's internal security posture .. develop a system that enforced verification at deployment time, a principle that is now a cornerstone of our software supply chain security." https://t.co/mIOyIWYiQE
1
7
27
Another example https://t.co/UVKNmW6Up1 This could be a short and effective post that was padded by AI to use superlatives. I get it, I wrote similar stuff but this is just embarrassing and boring
oligo.security
Oligo Security uncovers ShadowRay 2.0, an active global campaign exploiting Ray to hijack AI infrastructure and create a self-propagating botnet.
1
1
5
We used to ask candidates to build a particular stateful API from zero. You show up with your laptop and you’re given an empty folder, and can use the internet however necessary to accomplish it. (this is all pre-AI) Startup engineers owned it, FAANG devs struggled. The theory
From a CTO at a startup: "We interview devs by giving them a task to build an app on the spot, from scratch (2x BE endpoints, some frontend.) They can use AI, ofc - and we dig into why they did this or that. What is surprising: 14/15 devs from Meta failed this screening."
70
100
3K
@AndrewHammel1 As a foreigner who studied in the German system and outperformed almost everyone in my cohort, there are major problems: 1. Everyone assumes you are incompetent. There is a condescending attitude from the profs and from the tutors. Even if you are better, it takes about half a
6
2
25
There is an embarrassing strain of commentary that doesn’t see that Russia, not just Ukraine, has made important and even ingenious advancements in its war fighting capacity since 2022. The RUAF is a deadly fighting machine, for all its well documented flaws. They innovate
A Ukrainian NCO fighting in NE Ukraine tells @ukr_witness about current Russian tactics: The Russians use FPV drones to degrade Ukrainian logistics while also destroying/suppressing Ukrainian FPV & Mavic drone crews. Meanwhile, they identify the best routes to infiltrate
21
80
429
I'm back to cyber and it's time to remind you all that this conference is awesome
CFP for BlueHatIL 2026 is open! Submit your abstract - your time to shine starts now: https://t.co/aDfFYzxgcD
0
0
12
Hello, world, we’re Tenzai. We’re building an AI hacker that breaks things. so yours don’t get broken. Think of us as your #AI hacker for the right side. ⬇️(1/5)
9
8
73
Open source: I hope to open source what we can and show what doesn’t work. What’s next: I hope to share more technical details soon from me and from the @Tenzai_Labs
0
0
1
Replacing humans: Not yet. Reducing the burden, extending coverage, yes. The ecosystem is immense (unlike binaries) and it’ll take quite a while to scale and be robust.
1
0
1
Like everything in Security, the gap between demo and product is most of the work. Just sticking an agent somewhere isn’t enough. Just finding CVEs in OSS isn’t enough.
1
0
1
No silver bullet: Building an automated pentest platform is hard. Right now there’s more hype than successes in this field.
1
0
1
Coverage is hard. Our targets are apps in production and not standalone services. Monoliths mixed with microservices, unclear perimeters between services, complex authentication and data stores.
1
0
1