Matthias Luft @uchi_mata
Infosec Enthusiast & Practiconer. Account mostly inactive. @[email protected] https://t.co/9zKRHWb1pH rational-security.io Joined February 2009-
Tweets2K
-
Followers840
-
Following451
-
Likes920
Eliminate entire classes of security flaws with these Python libraries * PyNacl for Cryptography * Pydantic for input validation * Casbin for Object/Function Level AuthZ * Passlib for Password Management
Yet another pitfall when extracting archives, this time from @NodyTweet blog.nody.cc/posts/link-wri…
We need more open audit/security testing reports like this: blog.trailofbits.com/2024/07/30/our…
With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite from writing and reading arbitrary physical memory on affected RISC-V CPUs. Deterministic, fast, and reliable - no side channels. ghostwriteattack.com
AWS wishlist: a single IAM API that returns the policies attached to a user/role. Today, it involves 4-5 calls: • listRolePolicies • listAttachedRolePolicies • getRolePolicy • getPolicy • getPolicyVersion
It's great to see Multiplier by @trailofbits being open-sourced! github.com/trailofbits/mu… I believe it exemplifies the kind of foundational, next-generation tools we need for proper software understanding, maintenance, and sustainment.
@cji You realize the real boomer thing was taking the quiz, right? 😀
@uncommonengneer Those were great memes - but apparently not appreciated 🙅♂️
@mikelikesbikes Not really, I think you're good 👍🙃
The next part of our #Kubernetes #Security fundamentals video series is out now! This time we're looking at the Kubelet API. talking about the ports it makes available and some of the potential for information leakage. youtu.be/OdkFPL7d73E?si…
Regarding the SSH bug 1) First OpenSSH vuln discovered in almost 20 years - wow 2) Bug was (re)introduced almost 4 years ago. So remote root in OpenSSH for 4 years and nobody found it? 3) Exploit takes hours/days to run. Watch your logs!
What a great read. RCE in sshd with race conditions requiring hours to days to succeed. I cannot imagine the patience required here. 👏 👏 👏 Also, exposing SSH to 0.0.0.0/0 might be a default in your cloud environment, but CSPs have better remote access patterns available.
If you launch a new FreeBSD (13.2|13.3|14.0|14.1)-RELEASE instance and don't change the default behaviour via EC2 user-data, it will download and install the patch for this before sshd is launched. I decided many years ago that installing updates on first boot was important.
I should probably provide context for people who haven't seen it yet: A pre-auth RCE in OpenSSH was announced a short time ago. Exploitable on Linux; not exploitable on OpenBSD; unclear if exploitable on FreeBSD but we have an advisory out just in case. qualys.com/2024/07/01/cve…
Today seems like a good day to mention that on my servers I use spiped to protect access to OpenSSH -- you can't even send a single byte to sshd unless you have the spiped secret key. daemonology.net/blog/2012-08-3…
All the talks from last week have been published to our Youtube channel! Here's a playlist with all of them: youtube.com/playlist?list=…
🎉 It's finally here! The CloudSec Engineer. A practical guide on how to enter, establish yourself, and thrive in the Cloud Security industry as an individual contributor. Now available: engineer.cloudsecbooks.com #thecloudsecengineer
Kinnaird McQuade @kmcquade3
7K Followers 2K Following AI security research. Chief Security Architect @btphantomlabs
TROOPERS Conference @WEareTROOPERS
10K Followers 493 Following We are TROOPERS - IT-Security Conference & Trainings https://t.co/gO1lSzFuns Also at the infosec exchange @WEareTROOPERS
Rory McCune @raesene
5K Followers 2K Following Security Geek, Containers, Kubernetes, Ruby, Hillwalking. Probably more active on Mastodon (@[email protected]) or blue sky (@mccune.org.uk) these days.
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Kyle 'esSOBi' Stone @essobi
6K Followers 3K Following Hyperlexic Polymath Savant GenTech / AI Consultant CTO @ https://t.co/aRlDQqW7Y3 EX-Heroku T&S Language Model Expert. #TrillionaireTokenClub #RunLocal
Marco Lancini @lancinimarco
7K Followers 384 Following 💼 Director of Security 📬 @CloudSecList 📚 https://t.co/TrQKzxfnYg 💬 I write about security strategy, technical leadership, and cloud security.
manish varma @manishvarmad
24 Followers 314 Following AI Security @Averlon_ai | Prev Salesforce, CMU | Experimenting with model routing for security agents
Averlon @Averlon_ai
39 Followers 21 Following Agentic Remediation Operations. From findings to fixes, at scale. https://t.co/AVuJU5tuH5
AB20251 @AB20251189171
0 Followers 334 Following
Doelel @Doelel68373
58 Followers 1K Following
Awdwawcou @Awdwawcou9622
77 Followers 3K Following
Tipui @Tipui9999533
75 Followers 3K Following
Erika Paul @ErikaPaul597924
3 Followers 164 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/bG8IjaVupR
llama gamer @llamagamer
54 Followers 682 Following
lone Abraham @LoneAbraham
64 Followers 477 Following MBTI|ENFP|网络安全从业者|落魄安服仔|Web3守门员,梦想成为顶级Hacker,现实只能沦为网络保安
Mandy Kate @MistressMa75681
14 Followers 200 Following I’m available for both in calls and out call service Dm if you are interested No time to play games or drama
sankung @sankung1344281
212 Followers 7K Following I put my faith on God he is our solver without him nothing is impossible
Akash P @akash_p1989
48 Followers 2K Following
Ron Amosa @uncommonengneer
255 Followers 250 Following Pasifika technologist decoding AI systems, power, and sovereignty — 20+ years inside the machine. The Uncommon Engineer. https://t.co/i6nEen5186
Jonathan Bürger @jonathanbuerger
104 Followers 2K Following
Jupiter.exe @Jupiterdotexe
1K Followers 7K Following
Sunil @sunilgot
79 Followers 546 Following Cofounder @averlon_ai cloud security prev: Microsoft & Salesforce
Willie du Preez @w_dupreez
49 Followers 692 Following Family, IT, wannabe runner, amateur sound engineer, HAM and ☕
Joshua Jebaraj @joshva_jebaraj
1K Followers 1K Following DevOps | Cloud | Cloud security | Always open to collaborate on Interesting projects
Stoic @rhetoric_URBAN
1K Followers 6K Following | IGBO | The end is not an event, the end is a process. Bankrupt | Quiet | CyberSecurity Consultant|Interested in Security & Finance | 🪖
NORBERT WEBER♉GERMA... @NORBERT2904
251 Followers 5K Following #PERSONALTRAINING🥋🏃♂️🏊♂️🚶♂️🚴♂️🧘♂️#PRIVATLEHRER #KATATEDO #MARATHON #VIERDAAGSE #PHOTOGRAPHER ©️ #FOTODESIGN 📸 #PHOTOGRAPHY📷 #PHOTOARTWEBER📸
Patrick Jahns @patrick_jahns
70 Followers 419 Following Site Reliability Engineer 🛠 // YAML YODA 🧘♂️ // automation freak 🤖 // sarcasm as superpower 🔮
danieluec @danieluec1
23 Followers 914 Following
Pravin Jadhao @PravinJ358
0 Followers 39 Following
Tabitha Sable @TabbySable
3K Followers 305 Following K8s SIG Security co-chair and SRC. We can all lose separately, but we have to win together. Hack things, make friends, hack things with your friends.
Raji Vanninathan @raji0204
13 Followers 203 Following Security@Apple #Apple #security | ex-Adobe #womeninleadership #tpm #mentor #womenintech #infosec #cybersecurity
Craig Sch @CraigSch1
4 Followers 150 Following
aryan @AniketK42470991
4 Followers 220 Following
Edo @edo84st
2K Followers 5K Following #Network engineer | #CCNA instructor | 👉🏻 https://t.co/rnaZU2NPjk | 👉🏻 https://t.co/6jEjXKc4EJ
ZEEKR ZERO @ZeekrZero
8 Followers 389 Following
~ @drizbit
98 Followers 505 Following It looks like you’re writing an exploit, would you like some help?
Kate G @kategiday
227 Followers 804 Following Data enthusiast, world traveller and @thabalacloud - fully managed analytical services
Ali Kermani @AliKermani_81
22 Followers 697 Following
Daniel Abeles @Daniel_Abeles
409 Followers 371 Following aka Den1al ➖ Vulnerability Research Manager @GitLab
Viraj Parekh @viraj_parekh_
457 Followers 3K Following frustrated but newly optimistic knicks fan, cofounder @ astronomer.
Nate Smith @natesmith317
68 Followers 379 Following
Aliia Anderson @aliia_anderson
894 Followers 992 Following ProdSec Engineer @Atlassian, previously @Salesforce, @NCCGroupinfosec 👩💻| @OWASP Bay Area Chapter Lead, @PADI Diver 🤿
Kinnaird McQuade @kmcquade3
7K Followers 2K Following AI security research. Chief Security Architect @btphantomlabs
Clint Gibler @clintgibler
26K Followers 573 Following 🛡️ Leading Cyber at @OpenAI 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Ange @angealbertini
25K Followers 916 Following Reverse engineer, file formats expert. Corkami, CPS2Shock, PoC||GTFO, Sha1tered, Magika... Security engineer @ Google. He/him.
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research of BigTech Advisor of Grsecurity. BYOS Commitee Member of OffensiveCon, Langsec, DistrictCon, Secdev
𝗥𝗬𝗔𝗡 𝗦... @withzombies
3K Followers 1K Following "im not distilled! im not distilled!!", i continue to insist as i slowly shrink and transform into a prompt
TROOPERS Conference @WEareTROOPERS
10K Followers 493 Following We are TROOPERS - IT-Security Conference & Trainings https://t.co/gO1lSzFuns Also at the infosec exchange @WEareTROOPERS
Binni Shah @binitamshah
141K Followers 164 Following Linux Evangelist, Malwares, Security enthusiast ,Investor,World Economy, Finance,Contrarian , Philanthropist , Reformist , Sigma female [email protected]
Rory McCune @raesene
5K Followers 2K Following Security Geek, Containers, Kubernetes, Ruby, Hillwalking. Probably more active on Mastodon (@[email protected]) or blue sky (@mccune.org.uk) these days.
Matthew Green @matthew_d_green
155K Followers 1K Following I teach cryptography at Johns Hopkins. Mostly on BlueSky these days at https://t.co/GI4QlxYTdk.
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Scott Piper @0xdabbad00
20K Followers 253 Following Cloud security historian Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament Organizer for @fwdcloudsec Researcher at @wiz_io
Silas Cutler (p1nk) @silascutler
14K Followers 2K Following You may know me from your logs Principal Security Researcher @Censysio #Threats / #CTI / #Malware / #Hacking
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
lcamtuf @lcamtuf
40K Followers 500 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Marco Lancini @lancinimarco
7K Followers 384 Following 💼 Director of Security 📬 @CloudSecList 📚 https://t.co/TrQKzxfnYg 💬 I write about security strategy, technical leadership, and cloud security.
Anders Fogh @anders_fogh
3K Followers 538 Following Don't for get the Jacobian. Opinions are mine. Interested in improving IT-Security. Intel employee. This is a personal account, opinions are mine.
The Daily Show @TheDailyShow
8.7M Followers 1K Following Jon Stewart and The Best F**king News Team. Weeknights 11/10c on @ComedyCentral. Next day on @paramountplus.
nanalan' @nanalanofficial
1K Followers 1 Following 🦋 your favourite childhood fever dream 🐞 episodes on youtube! 💌 for business inquiries: [email protected]
David Henderson @Daviderik
580 Followers 2K Following Founder at @StoryBoundPR. Known for spontaneity.. telling stories in the calamity. Award winning PR & marketing pro
Ismael Valenzuela @aboutsecurity
18K Followers 9K Following VP Labs, Threat Research & Intel @AWNetworks ▪️ SANS Author & Senior Instructor #GSE 132 ▪️ #SEC530 #ThinkRedActBlue @TheMondayBrief
Seth Art @sethsec
1K Followers 370 Following Cloud Security Research and Advocacy @Datadoghq. Previous: Cloud Penetration Testing lead @BishopFox. Also on Mastodon https://t.co/R1KYbwIdme
Vishal Agarwal @vishalagarwa6c
8 Followers 6 Following
Averlon @Averlon_ai
39 Followers 21 Following Agentic Remediation Operations. From findings to fixes, at scale. https://t.co/AVuJU5tuH5
Nick Jones @nojonesuk
1K Followers 813 Following Global Head of Research @ WithSecure, Programme Lead @ fwd:cloudsec EU. AWS/cloud security, automation, DevOps and attack detection. Opinions are my own.
Sunil @sunilgot
79 Followers 546 Following Cofounder @averlon_ai cloud security prev: Microsoft & Salesforce
Gregor @ghohpe
16K Followers 268 Following Penthouse Architect in the engine room💭Tree-hugging car nut💭Confused Sensemaker💭 Cloud immigrant. Opinions mine and plentiful.
The Cultural Tutor @culturaltutor
1.7M Followers 67 Following You can't step in the same river once. My book, travel show with Audible, and newsletter ↓
Fesshole🧻 @fesshole
1.0M Followers 478 Following Confess your sins anon - will the internet absolve you? ADD FESS https://t.co/nlr7P7crme LIVE SHOW TICKETS https://t.co/OBRqMIHFJk
Leonhard Gandhi @energy_charts_d
26K Followers 277 Following Fraunhofer-Institut für Solare Energiesysteme ISE | Impressum https://t.co/VrfJT6PmEV
Sigal Samuel @SigalSamuel
13K Followers 3K Following AI reporter at Vox. Former religion editor at The Atlantic. Author of the children's book OSNAT AND HER DOVE and the novel THE MYSTICS OF MILE END.
Tabitha Sable @TabbySable
3K Followers 305 Following K8s SIG Security co-chair and SRC. We can all lose separately, but we have to win together. Hack things, make friends, hack things with your friends.
Project Drawdown @ProjectDrawdown
45K Followers 2K Following The world's leading resource for climate solutions. Working to stop climate change—as quickly, safely, and equitably as possible.
ShaktiCon @shakticon
771 Followers 107 Following Annual global conference aiming to inspire, train and up-skill women in cybersecurity.
Michael Noga @rbl00
368 Followers 332 Following I help secure things at Salesforce, Coffee Lover, MMA Practitioner, Father & Husband. My opinions are just that, mine.
Daniel Abeles @Daniel_Abeles
409 Followers 371 Following aka Den1al ➖ Vulnerability Research Manager @GitLab
hAPI_hacker @hAPI_hacker
14K Followers 770 Following { "name": "Corey J. Ball", "author": "Hacking APIs", "creator": "https://t.co/y3EHBlzHvJ", "is_admin": true }
Viraj Parekh @viraj_parekh_
457 Followers 3K Following frustrated but newly optimistic knicks fan, cofounder @ astronomer.
Benkens @Benkens2
1K Followers 380 Following Bildung, liberal, Arbeiterkind I #noafd I Hg. Das andere Klimabuch: 25 Experten - überraschende Fakten - Rationale Alternativen zur Klima-Angst ⬇️Gal Diskin d1sk1n@inf... @gal_diskin
1K Followers 198 Following CTO & Cofounder @Authomize Formerly: CTO & VP @PaloAltoNtwks/Cyvera/First Group SW security lead @Intel Cyber/Network Science/AI&ML/QC/FinTech
Malte Kreutzfeldt @MKreutzfeldt
39K Followers 985 Following Hier ist Sendepause. Der Account bleibt als Archiv bestehen. Neuigkeiten von mir gibt es derzeit nur auf Mastodon und Bluesky (gleicher Benutzername wie hier).
Mike Busch 🌰🎅�... @mikelikesbikes
2K Followers 616 Following I’m a father, a child, a software engineer, a teacher, a believer in magic, a lover of trees, and a liker of bikes.
Julien Le Dem @J_
4K Followers 2K Following Architect, Founder, Angel, Advisor, Keynote speaker, OSS: @OpenLineage @MarquezProject, ASF: Parquet Arrow Iceberg 🐖. 🦋 https://t.co/4VQUXaZ5vu . he/him
Vlad Ionescu (he/him) @iamvlaaaaaaad
3K Followers 608 Following sugarbaby cosplaying as a tech consultant • mean eastern european with unrealistically high expectations and unreasonable quality standards 🏳️🌈he/him🏳️🌈
Lingnik @lingnik
125 Followers 514 Following
Apache Airflow @ApacheAirflow
12K Followers 0 Following Airflow is a workflow scheduler. Now on https://t.co/r5iMFW0E2h
OSINTtechnical @Osinttechnical
1.7M Followers 931 Following PAI enjoyer, OSINT guy @hntrbrkmedia, my views/freezing cold takes are my own. For full disclosures, visit https://t.co/JOtQx4pI3e.
Abhay Bhargav @abhaybhargav
7K Followers 676 Following AppSec & AI Sec Expert | Black Hat, DEF CON Trainer | Building the future of AI-Native Secure Design and AI Code Security @SecurityReviewAI
Christopher @Kharosx0
3K Followers 2K Following Founder @signal_labs : https://t.co/8grJlb5jwZ 🇦🇺 Vulnerability researcher (MORSE) @Microsoft Discord: Kharosx0
Adam Karpiak @Adam_Karpiak
46K Followers 162 Following I help people get hired with better resumes & smarter strategies from a recruiter’s POV 👉https://t.co/T3YsZzO5Q9
Astronomer @astronomerio
20K Followers 3K Following Astro by Astronomer is the leading unified orchestration platform. Powered by Apache Airflow, Astro accelerates building reliable data products for AI.
Maybe @maybe
13K Followers 384 Following Answer tough financial questions with Maybe, an AI-native financial decision making tool that connects the dots on your data, without a CFO.
Institute for the Stu... @TheStudyofWar
1.3M Followers 3K Following ISW is a policy research organization focused on U.S. national security. Email: [email protected]. https://t.co/FO1PVyOnYB
Rob Lee @RALee85
702K Followers 4K Following Senior Fellow @FPRI. Previously @USMC, @ColumbiaSIPA, @CentreAST. Focused on Russian defense policy.
Andrii Melnyk @MelnykAndrij
191K Followers 32 Following Proud Ukrainian Diplomat🇺🇦Ambassador to the UN🇺🇳Vice Foreign Minister (2022-23). Ex-Botschafter in Deutschland🇩🇪LL.M.(Lund) Ph.D.(Kyiv) Ukraine will win✌️
max seddon @maxseddon
352K Followers 5K Following moscow bureau chief @FT. in soviet russia, news reports you: [email protected]
Meduza in English @meduza_en
107K Followers 1 Following Breaking news in Russia, investigative reports, interviews, and opinions. In English. You’re welcome. Find us 🦋 https://t.co/dHG1ecEHnW
GermanForeignOffice @GermanyDiplo
351K Followers 632 Following News from the German Foreign Office - Follow us in German as well @AuswaertigesAmt - Imprint and data privacy: https://t.co/oLVvFDEyQI






























