full moon AND full lunar eclipse tomorrow btw

doing some ground floor reporting (celebrating my uncles 80th birthday)

just accidentally spilled some water on my shorts which dried instantly. This is how I realized I've been wearing a swimsuit as shorts.

psychic.labs.greynoise.io - Offline, in-memory bitmaps of GreyNoise data. Available now.

Super proud of the folks at @thinkstcanary.canary.tools. They continue to inspire me every day. techcrunch.com/2025/05/29/a...

anyways I'm putting real ass routers on the GreyNoise grid now and they're getting popped. shoved this one in my apartment onto a sensor in Russia.

hxxps[:]//youtu[.]be/6skuCiLCjRA?si=JIbO4aZP0MlW6G04

I'm doing a little bit of research on model context protocol (MCP) servers. I ripped back a few thousand repos from github and am doing some automated analysis on their codebases. Here's the language stats on ~2,100 MCP repos. More to come.

did a silly little watercolor

in the past 24 hours traffic out of Spain down ~50%, traffic out of Portugal down 90% in terms of raw signals in @greynoise.io

Did a quick talk on edge device security and how insanely broken it is for the incredible folks at the Belgian Cybersecurity Center. Here are the slides. www.slideshare.net/slideshow/th...

TL;DR - Attackers still use these old ass vulns because they're STILL WORKING www.greynoise.io/blog/greynoi...

the answer to this is literally always yes

Yall are beyond not ready about the shit we're cooking up with @censys.bsky.social and @greynoise.io powers combined censys.com/blog/hunting...

Pope Francis was a great leader. I'm really sad he's dead. I'll never forget in his first months of being pope when a journalist asked him what he thought about an openly gay priest and he responded "Who am I to judge?". Which translated, to me, to: "none of us are anyone to judge". Rest in peace.

on the bright side we're finally going to live in a world without software vulnerabilities

shitposting on bluesky feels like farting in an elevator

the more european a website looks the more i KNOW they're damn sure not setting cookies when i slam that "reject all but essential" button

got the new server runnin

Feels silly to have to say this but Trump's "directing of investigation" & attacks on Chris Krebs (and "suspensions of cleared staff" at S1) are fucking demented

telling the AI to write some tests real quick. 100% coverage.

Nzyme v2.0.0-alpha.16 has been released, featuring several new capabilities and improvements — including drone detection. www.nzyme.org/blog/project...

beating this dead horse just a little bit more- what are some of your favorite write ups of real ass breaches? one of mine is Phineas Fisher's hackingteam writeup: web.archive.org/web/20160421... and web.archive.org/web/20160417...

idk why this cracks me up so much. "hey man is it cool if me and 32 of my close buds come over?"

One of the missing-est things in this cursed field is "A DENOMINATOR". Were doing reasonably well on tracking actor TTPs and such, but we're really missing ground truth/empirics on breaches and how they happen and products/how well they work. Alas, we're spending shitloads on sales and marketing

imagine how fast the state of information security would advance if there was no risk at all of "reputation damage/brand loss" and every single incident response report and post-mortem was detailed, public, indexed & searchable for all to see and learn from

the most boomer email giveaway there is is a custom, colored font

turkey pesto 👀

🚨 Surge in Palo Alto Networks Login Scanning Activity: Nearly 24,000 unique IPs have attempted access over the past 30 days. Full analysis ⬇️ #PANOS #PaloAltoNetworks #Vulnerability

in a bind you can use paper towels as filters in your chemex. nobody will stop you

I can't stop responding to Signal messages with "I will pray for victory 🙏🏻"

some light reading

hear me out...... GPU accelerated JQ

Me and mister Rudis (@hrbrmstr.dev) are going over the @greynoise.io 2024 Mass Exploitation Report LIVE in 13 minutes. Come hang out.

first firing squad execution in a few decades took place recently, regrettably in my home town. this is a good account of it. apnews.com/article/sout...

I'm enjoying Cursor for building APIs and navigating unfamiliar codebases. I've noticed Cursor (like a human engineer) sometimes gets tunnel-visioned if not guided properly, doing mega dumb shit like hardcoding things that make no sense just to try to get your ask to work. Also, Aider rules too.

I know people stopped bitching about this a few years ago but what was the big kerfuffle about systemd? I started using it regularly over the past ~year for various things and I like it a lot? Seems good? Is it just ..... not init.d??

pov i'm making you dinner

Dig through this timeline and you'll figure out what I'm here to do. I spoke to a commercial leader in the offensive security space last year. My words: you're fucking it up. What I didn't say: I feel compelled, even though I DON'T want the bullshit, to try and fix it. What does all of this mean?

this is crazy cuz how was I blasting so fast thru that toll they figured it out in the Philippines???

full moon tonight @lennart.0x58ed.com

GreyNoise has detected a coordinated campaign exploiting SSRF vulnerabilities across several software products. The sudden spike in attacks began on March 9 and is originated from a group of 400 IP addresses. www.greynoise.io/blog/new-ssr...

a silly little AI paradox is that a large language model is actually more likely to solve problems on older technology vs newer technology since there's a higher likelihood that it was trained on that technology's documentation

I wanted to learn how to write a little Bluesky bot that interacts with local LLMs so I banged out a quick little bot called @imagedescriber.info. You can @ it with an image or as a response to an image in a thread and it will simply describe the images to you as a text response.

test post 2 please ignore

test post please ignore