Profile avatar
tib3rius.bsky.social
Web App (mostly) Hacker @NetSPI | Cybersecurity Educator | Content Creator | Ex-Brit | Links: http://linktr.ee/tib3rius (he/him) πŸ‡ΊπŸ‡Έ A mostly unserious person.
867 posts 6,406 followers 172 following
Prolific Poster
Conversation Starter

I counted and I have 24 sticker designs now. I will have them all at DEF CON this year (8 are brand new for DEF CON). Be honest, how much of a problem do I have? 😬

Me: I'm gonna record a video. My Tourette's: *rubs hands gleefully* Oh I'm gonna make this so difficult for him. πŸ˜…

Looks like the Google Cloud incident report is out: status.cloud.google.com/incidents/ow... A June 12 policy update with unintentional blank fields triggered a crash loop in Service Control code that lacked proper error handling, causing binaries to fail globally.

In before it was actually a DNS issue over at Google Cloud.

Folks, next week I'll be appearing on the live call-in podcast "The Mindful Business Security Show" @focivity.com We'll be taking a few callers, so if you have a question (preferably business focused), submit it now! www.focivity.com/pod...

I found the culprit. It was Tyler Ramsbey from Hack Smarter. He even posted a video!

While many sites were dealing with a Google Cloud outage earlier, Snapchat was apparently dealing with a shark attack. πŸ€”

I've been reliably informed we actually got Googled?

Last year we got CrowdStruck. This year we got CloudFlared. Can't wait for next year.

I've further decided to limit myself to 12 interviews per year. Mostly because the videos themselves take a lot of effort to edit, but also because I think that makes the series a little more special. So, with that said...who should I interview? πŸ‘€

Chris Hadnagy is appealing the lawsuit dismissal against DEF CON. This comes about 3 weeks after he posted on LinkedIn that he would only continue the "fight" if he had the financial means to do so. 😑

Watching @tracketpacer.bsky.social give a talk at Cisco Live! www.youtube.com/watc...

I need to make an apology. At approximately 12:46 PM EDT, I sent a message to a colleague containing the phrase "JWT token". I am deeply sorry for my actions. I would never normally use this language, and I regret it. I hope people can forgive this momentary lapse of judgment. Thank you.

Everyone loves to hate CVSS, but it's still a widely used way to measure the severity of vulnerabilities. In this video I'll walk you through every metric in CVSS 3.1, even the ones nobody seems to bother with. #EnvironmentalMetricsHaveFeelingsToo Watch now! youtu.be/AlYtTB2aJPE

Me: oh no, I've made so many hacker stickers I don't have enough containers for them all 😩 Also me: nvm all good. πŸ€“

Today was an extremely cool day for me, professionally. @zigula.bsky.social and I released our latest bit of security research (hacking Fortnite's Gemini LLM) and I had an absolutely fantastic time speaking with @tib3rius.bsky.social and @swiftsecur.bsky.social on @acrosspondpod.bsky.social!

Guess how I found out today that Safari on iOS has a hard limit of 500 tabs. 🫠

I have several new stickers for DEF CON this year and I'm still designing more. Make sure you come find me if you want them. 😁

Had to order another binder for all the hacker stickers I collect at cons. Good problem to have!

The biggest disagreement in Cybersecurity is what word to use when a vulnerability is fixed. Fixed, Patched, Mitigated, Remediated, Resolved, Addressed, Hardened, Closed, Corrected, Locked Down, Eliminated, Neutralized, Nuked, Yeeted, Exorcised, Banished, Nerfed Am I missing any? πŸ€“

Episode 12: Testing Disasters! (Part 2) @tib3rius.bsky.social & @swiftsecur.bsky.social tell more war stories about times they messed up during pentests! Spotify: open.spotify.com/sho... Apple Podcasts: podcasts.apple.com/u... Amazon Music: music.amazon.com/pod... YouTube: www.youtube.com/chan...

New video! Getting Into Cybersecurity - An Interview with Rosie Anderson! In this episode, Rosie shares her tips for both newcomers and experienced practitioners, based on 20 years in recruitment! Watch now! youtu.be/pIyCN_mDmJE

Announcement: My "Getting Into Cybersecurity" interview series is changing a little. The initial purpose of the series was to highlight the different paths into Cybersecurity one can take.

PSA: ROT13 is a decent encryption cipher, but as you may be aware, prime numbers are very important in cryptography, so always do 2 passes. πŸ‘

Genuine question. What would a "government" DEF CON group look like and what purpose would it serve?

I have arrived. #THOTCON

It's not my birthday but I am balloon now.

Heading to Chicago for THOTCON. See some of you there. 🀩

Oh no the hackers got hold of Victoria's secret (key). 😩 www.usatoday.com/sto...

Got listed as a contributor in OWASP's Application Security Verification Standard (ASVS) 5.0 because I bitched about Session Storage on GitHub. Life is fun.

This was of course, @phillipwylie.bsky.social. If you don't get the reference... here it is: nitter.net/PhillipWylie...

Who's that Cybersecurity Clippy? πŸ“Ž

Putting DNS in the A Tier turned out to be the most contentious part of this. πŸ˜