I'm releasing my latest project today: https://t.co/h7fZ26HBiT Ever wonder if your custom seccomp profile is secure? Or is it actually less secure than RuntimeDefault? https://t.co/KZFn4IVeOd

What GreyNoise Learned from Deploying MCP Honeypots

A long journey but finally here. See you tomorrow @qc_con

I don't really like these things. Not to take away from Vercel, they're an amazing company. But there's just no formula to making a billion dollar business. If you really want a formula, the only one I've seen that temporarily works is to lie cheat and steal. Beyond that it's a

3 new RUNC CVE's. Path today all my friends building RCEaaS in containers/k8s: https://t.co/wFsMiBgIim

See you Saturday morning at 9am if you're into container security -- I've got some new tricks.

Does anyone have advice for tweaking a CFP for the BSidesSF reviewers? What kinds of details do they like to see? I have a deeper topic that I'm afraid it will be easy to skim through and ignore.

🧑‍💻At work: "Please modify this function to validate the input and return an XML type" 💀On the weekends: "Yo! Here's my SSH key, log in and setup a k8s server and don't stop until you get logs. I'll be back in 30 minutes"

Who's down?

😈 𝐀𝐈 𝐆𝐚𝐭𝐞𝐝 𝐋𝐨𝐚𝐝𝐞𝐫: new proof-of-concept tooling for red teams that uses AI to determine if it should run its payload. It first collects telemetry, applies a policy with an LLM, and then executes the malicious payload only when OPSEC rules are met.

I can confirm I very much enjoyed presenting at this con and meeting people through it. Oh and Iceland's not so bad either🙃

Ever wonder how the default seccomp profile is different/changed across Docker vs Podman vs containerd? I didn't think this table was right, had to check this 3 times. Join me @qc_con and you'll see it gets worse before it gets worse.

𝐒𝐒𝐇 𝐋𝐋𝐌 𝐇𝐨𝐧𝐞𝐲𝐩𝐨𝐭 𝐜𝐚𝐮𝐠𝐡𝐭 𝐚 𝐫𝐞𝐚𝐥 𝐭𝐡𝐫𝐞𝐚𝐭 𝐚𝐜𝐭𝐨𝐫 How an AI-powered honeypot can trick a threat actor into revealing their tactics and infrastructure. (+ tool GitHub link so you can try it)

Our speaker lineup for #BSidesPyongyang:

🎥 Missed the action at @cloudvillage_dc during @defcon ? We’ve got you covered! All Day 1 talks are now live on our YouTube channel 📺 Catch up on the insights, hacks, and cloud security deep dives you might’ve missed! 👉 Watch now: https://t.co/BdfgwntM8x #defcon33 #defcon

See you in Cincinnati?

$30K for a Prompt that breaks AI? 👀 Google just launched its new AI Vulnerability Reward Program - where for the first time, prompt injection is treated like a real security exploit. Fair reward or a bargain for a billion-dollar risk? 😮 They’re paying up to $30,000 for

https://t.co/5wrU0lmi8T fully agree with Kevin

Good to see folks at the @rocsecsummit for the short time I was there today. There's a good amount of work that goes into the TOOOL booth so thanks for those that donated money or time or interest.

Finally I was able to finish my script for Dark Web deanonimization!!! I let you the repo here for everyone to try it: https://t.co/tIgRKNmw5Q Thank you @zoomeye_team for your help! Those guys are amazing, and let me try a lot of different things with their services. And

One of my favorite moleskine swags that I ever snagged is finally getting put into rotation. Capsule8 is now part of $BIGCOMPANY but at the time it was doing some cool, low level, defensive stuff using straight Linux kernel primitives before eBPF was even around.