#black-hat — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #black-hat, aggregated by home.social.
-
Kang Ali's Black Hat Arsenal tool "DursGo" is published.
DursGo - is Web App scanner written in Go and has embedded LLM inside it.
Go watch the talk!
https://www.youtube.com/watch?v=p5aAzK9WnG0
#cybersecurity #blackhat #blackhatarsenal #dursGo #indonesia
-
Howdy folks! We are excited to announce the Call For Presentations(CFP) for @bsidestc 2026!
This year’s conference theme is “Building Resilience“.We would love to hear your submissions of how you or people in your community have been “building resilience”.
Submissions will be open until July 19th 2026 23:59 CDT (UTC -5)
Key Dates:
• CFP Opens: April 20th
• CFP Closes: July 19th
• Acceptances: Week of August 3rd (rolling basis)https://bsidestc.org/call-for-proposals/
#bsides #twincities #infosec #cybersecurity #hacking #Minneapolis #stpaul #security #securityconference #defcon #blackhat
-
THREAT MODEL: CYBERSECURITY 🧑💻
for Apr. 28th, 2026
by independent journalist @violetblue- How the US government evades data laws
- #SamAltman apologizes for more #AI deaths
- @lawfare argues that AI companies should have a duty to inform/protect (like therapists)
- Claude AI deleted a whole company and said it knew what it did was wrong
- More revenge #Microsoft 0-days are in the wild now
- KitKat releases a Faraday cage
- Violet's debrief after #BlackHat Asia 2026
...and much more.
✨THREAT MODEL is free to read -- please help keep it accessible to all by becoming a patron, even $1 a month makes a difference!✨
https://www.patreon.com/posts/cybersecurity-28-156746057
#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver
-
So many Vegas visits, still so few for fun
Landing at Dulles Wednesday evening closed out my 45th work trip to Las Vegas. That number alone is not something to take pride in and probably constitutes evidence of some character defect, but what’s even more disturbing is that since my first trip to Vegas in 1998–for CES, of course–I have still only been there three times for fun.
This lifestyle long ago rendered me incapable of dealing with that city however normal people do. Instead, having the event formerly known as the Consumer Electronics Show dominate my experience of Vegas–I’m now at 28 trips there just for the Consumer Technology Association’s convention, still one of the most important events on my work calendar–keeps subjecting me to the place at its most expensive and least efficient.
Even smaller-scale conferences like Black Hat (with six trips so far, it’s become about as essential as CES but easier to monetize) and the NAB Show (where I moderated a panel this week, with the National Association of Broadcasters covering airfare and lodging) leave me happier to take off from LAS than to land there.
It’s not that I can’t enjoy a little time in the glitziest corner of Nevada. You can eat exceedingly well there, and Vegas service-industry folks are some of the best in the world. Blackjack can be fun, as long as you remember that you should at least try to lose slowly.
If you drive far enough off the Strip, you can see some striking natural scenery. It took CES to remind me of that last bit, in the form of an outing in 2025 to Lake Mead to experience an electric sport boat.
And there is some exceptional lodging in Vegas, although I’ve also stayed at some of the crummier ones. I started trying to inventory the hotels I’ve stayed at from the Strip up to the convention center (thus excluding off-strip properties like the Palms and a few places in downtown Las Vegas as well as two Airbnbs) and quickly realized they exceed the number of ballparks I’ve visited.
From south to north: Mandalay Bay, Luxor, Excalibur, New York New York, MGM Grand, Monte Carlo (today Park MGM), Cosmopolitan, Hilton Grand Vacations, Bally’s (now the Horseshoe), Aladdin (now Planet Hollywood), Palms, Flamingo, Westin, Imperial Palace (the worst among the lot, fortunately now the Linq), Harrah’s, Mirage (demolished, being replaced by a Hard Rock Hotel in the shape of a guitar), Treasure Island, Wynn, Renaissance, Westgate, Fontainebleau (I’d rank that the best).
But however nice the hotel may have been, there’s no getting around how much I dislike the auto-centric, pedestrian-hostile nature of the streets outside. Unless you can start and end a conference commute on the monorail–this week’s trip, unlike most, allowed that–you will sit in traffic.
The only improvements to Vegas transportation since 1998 have been on the margins: the monorail, Uber and Lyft liberating visitors from taxis that charge $3 extra for credit-card payment, the Vegas Loop’s tunnels, and the advent of autonomous vehicles from Zoox and, soon, Waymo.
Even walking up and down the Strip is less efficient than it should be once you enter a building, since casino floors are where readable layouts and clear signage go to die.
I grew up someplace where you had to drive everywhere; I never want to live like that again and don’t enjoy visiting places that seem intent on making that a perpetual default. I am much happier to have my travel destination be a more human-scaled city where it’s normal and enjoyable to get around by walking and transit; the contrast between CES in Vegas and MWC in Barcelona is glaring and entirely in Spain’s favor.
I think of that every time one industry-analyst friend who moved from the Bay Area to a Vegas suburb tries to sell me on the same move. My response is always some version of “there is nothing you could say to make me ever want to do that.”
And yet work keeps pulling me to Vegas anyway. This week’s trip was my third this year, with one more planned, and I already know next year will feature at least three. I should probably seek treatment for this condition at some point.
#BlackHat #ces #hotels #las #LasVegas #LasVegasConventionCenter #LasVegasMonorail #LV #lvcc #NABShow #Nevada #pedestrian #rideHail #traffic #transit #Vegas #walkable -
Donated my tickets! Go get them!
#BlackHat #Singapore -
Yay! Lock picked and won the lucky draw!
#BlackHat #Singapore -
-
Self reminder to not connect to their Wi-Fi, disable Wi-Fi, Bluetooth and AirDrop.
Wallet already has RFID protection.
😅
#BlackHat -
Looks like I’ll be heading to #BlackHat next week!
-
Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?
I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.
I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:
I feel like I'm creating more dependency than knowledge.
#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor
-
How did like #Crime101?
It's the only movie currently showing at my local AMC that I have any interest in seeing but I wasn't impressed with the trailers that I saw of it.
They reminded me a bit of #Blackhat which I saw online & figured I'd see Crime101 eventually online too.
Update: Nevermind. Just read your review of it. May go to the theater early nxt wk to see it.
-
Its ought to be super concerning that it seems the majority of the #infosec profession seems to be abrogating their duty towards #ItSecuirity
When incidents like this are increasingly more common...
https://www.theregister.com/2026/02/04/aws_cloud_breakin_ai_assist/Apparently, a large group of infosec practitioners, decided around the "Strawberry era" that #AI is useless and presents no threat, and are now sitting on their hands waiting for #AiBubble to burst, while congratulating themselves on how prescient they all are.
It is a PROFESSIONAL DUTY of Infosec practitioners to keep up with developing tools.
Coming so soon after the largest data theft of entire nations most sensitive datasets by #DOGE a cybercrime where infosec profession as a whole failed miserably. Abandoning users and literally calling to "Watch it all burn" the entire infosec profession ought to be in a head hanging, shameful crisis.
Abandoning users to a world where the #blackhat will be better, faster and smarter while the whitehats will have their principles.
-
Part 2 dropped.
tl;dr: your slides are not your talk.skip the template
skip the agenda (no spoilers)
skip the "about me" ego slide
💣 start from the LAST slide: your 280-char core message 😱then work backward.
Full framework + slides from my @blackhatevents session ->
https://trustial.org/blog/become-cybersecurity-supercommunicator/
send me talks to dissect. I'll reverse the content design & delivery (not the content itself, that's yours truly).
-
Oggi ho avuto la mia prima esperienza con il famigertato ransomware #bitlocker del gruppo #blackHat #Microsoft.
Grazie #Lenovo! -
Do I know anyone who attend #blackhat #europe? I am curious about how it was? Is it worth attending? #hacking #cybersecurity
-
Most malware traffic analysis breaks down when the answer isn’t obvious.
Our 2-day in-person training, which I teach alongside @eldraco at #BlackHat Asia, is built around a simple idea: you need a repeatable methodology for analyzing network traffic that still works in chaotic and complex conditions.
The focus is not on tools, but on how to reason about network behavior, validate conclusions, and communicate findings with confidence.
-
#Security Researcher Found Critical #Kindle #Vulnerabilities That Allowed Hijacking #Amazon Accts -Slashdot
The #BlackHat Europe hacker conf in London included a session titled "Don't Judge an #Audiobook by Its Cover" about a 2 critical (and now fixed) flaws in Amazon's Kindle. The Times reports both flaws were discovered by engineering analyst Valentino Ricotta (from the #cybersecurity research division of #Thales ), who was awarded a "bug bounty" of $20,000
#privacy -
Quand un faux livre audio permet de pirater votre compte Amazon depuis votre Kindle
https://fed.brid.gy/r/https://korben.info/kindle-faille-securite-audiobook-amazon-compte-2.html
-
Battering RAM hardware hack breaks secure CPU enclaves https://www.csoonline.com/article/4105022/battering-ram-hardware-hack-breaks-secure-cpu-enclaves.html #SecurityHardware #Cyberattacks #BlackHat #Security
-
Misc story time:
tldr: I've been collecting security conference stickers for 20+ years and just now got around to using them ¯\_(ツ)_/¯I'm not the kind of person to put stickers on my laptop. This means that for 23 years (apparently), when I got stickers from a conference, I kept them, put them in a bag, moved them from house-to-house, but never actually did anything with them. Until now.
I finally found a usage; which is decorating the otherwise-sketchy-looking metal ammo case which @VeronicaKovah & I are now using to carry phones with us to trainings. We watched some videos on youtube that make it seem like those LiPo fire-protection bags would do a whole lot of not-much in the event that a fire broke out on one of the batteries. But a simple metal box seemed to do a lot better in terms of containing the flames.
So we of course expect that airport security will always stop us when traveling with them (though at least this time our TSA pre-check status seemed to give us a pass on the way out). But the expectation is that contrary to what you might thing, adding hacking conference stickers will actually be disarming, rather than alarming, with security personnel - at least when compared to the alternative of seeing a raw ammo canister ;)
The oldest sticker seems to be from DEF CON 10 (X), circa 2002 (my first DEF CON was 8 FWIW). In general I don't seek out stickers, but I do think the BadBIOS and "I want to believe" ones are things I probably got from Joe Fitz as they were of-the-moment and relevant to my interests. (If you're not familiar with the latter, it's from a very FUDish cover article [1]). I could have completely filled them, but I left a little bit of space for the future. Check out the larger pics for a potential stroll down memory lane. (RIP Shmoocon, Hackademic.info, NoSuchCon. Memento mori conference organizers ;))
#DEFCON, #BlackHat, #ShmooCon, #BlueHat, #RingZer0, #HackLU, #HardwearIO, #DistrictCon, #HackFest, #NoSuchCon, #DeepSec, #HITB, #HackersOnTheHill
