Spanky's Avatar

Spanky

@spankowitz

I like threat intel, purple team, and turtles.

84
Followers 429
Following 26
Posts 05.07.2023
Joined
Posts Following

Latest posts by Spanky @spankowitz

Post image

🧨 🚨 NEW POD UP! (presented by @thinkstcanary.canary.tools) - The Coruna iOS exploit kit, the connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use @craiu.bsky.social @jags.bsky.social

LISTEN everwhere πŸ‘‡
pod.link/1414525622

06.03.2026 20:16 πŸ‘ 5 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0

These things have always been true:
1. The ability to generate buggy code has never been greater.
2. The ability to find bugs in code has never been greater.
3. The ability to fix bugs in code has never been greater.
4. Many, many more people want to do 1 or 2 than 3.

Now scale this with AI.

03.03.2026 17:43 πŸ‘ 12 πŸ” 8 πŸ’¬ 1 πŸ“Œ 0

REKT

24.02.2026 23:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Our blog at @Censys now has a proper RSS feed https://censys.com/feed/
(cc: @Feedly #GoogleReader)

24.02.2026 16:00 πŸ‘ 8 πŸ” 3 πŸ’¬ 1 πŸ“Œ 0

Could've had a Chomps, Dave.

19.02.2026 23:31 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Why learn to code when you can use an LLM and pay a subscription fee for the rest of your life.

19.02.2026 18:32 πŸ‘ 313 πŸ” 65 πŸ’¬ 23 πŸ“Œ 10
Preview
Not Safe for Politics: Cellebrite Used on Kenyan Activist and Politician Boniface Mwangi - The Citizen Lab Following the widely-condemned arrest in July 2025 of prominent Kenyan opposition voice Boniface Mwangi, the Citizen Lab analyzed artefacts from devices seized during the arrest. We found that Cellebr...

NEW @citizenlab.ca report: Cellebrite Used on Kenyan Activist and Politician Boniface Mwangi

citizenlab.ca/research/cel...

17.02.2026 13:03 πŸ‘ 25 πŸ” 19 πŸ’¬ 2 πŸ“Œ 0
Post image

Making my GREM index like...

14.02.2026 22:05 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

These dudes are awesome! Highly recommend their training if you get the opportunity.

13.02.2026 22:18 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Preview
Penetration Tester | Microsoft Careers Penetration Testing Identify security vulnerabilities and variants across critical cloud services. Perform source code reviews, dynamic analysis, and operational security assessments. Validate softwar...

Early career pen tester wanted to break some of azures specialist clouds. #infosecJobs

13.02.2026 19:19 πŸ‘ 7 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
Non-Deterministic The most important word you need to understand about AI

Non-Deterministic: The most important word you need to understand about AI πŸ€–

teriradichel.substack.com/p/non-determ...

13.02.2026 19:57 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

My dog prefers that I listen to the podcast. She wants that 3 hour walk!

13.02.2026 20:27 πŸ‘ 2 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
From Epstein to Notepad++: Redactions, Zero-Days and Supply Chain Attacks
From Epstein to Notepad++: Redactions, Zero-Days and Supply Chain Attacks YouTube video by Three Buddy Problem

This week's show is up on YouTube (presented by Thinkst Canary @thinkstcanary.canary.tools)

WATCH www.youtube.com/watch?v=fvKM...

10.02.2026 17:04 πŸ‘ 6 πŸ” 6 πŸ’¬ 1 πŸ“Œ 1
Preview
Programming Languages and Serialization CVEs Taking a look at a recent critical Solar Winds CVE

If Pentesting, AppSec, Bug Bounties or Security Engineering is your focus the Security Bugs section of my blog may be for you. Here I explore a serialization CVE in SolarWinds and prevention methods

Programming Languages and Serialization CVEs

teriradichel.substack.com/p/programmin...

30.01.2026 22:24 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
A destructive cyberattack in Poland raises NATO 'red-line' questions - Security Conversations (Presented by Material Security: We protect your company’s most valuable materials β€” the emails, files, and accounts that live in your Google Workspace and Microsoft […]

πŸ”₯ #ThreeBuddyProblem Ep83 has been pushed to your earholes. Poland CERT on Russian wipers, Sandworm or not Sandworm, new FortIvanti nightmares + some KasperSekrets chit-chat @craiu.bsky.social @jags.bsky.social

securityconversations.com/episode/a-de...

30.01.2026 20:20 πŸ‘ 7 πŸ” 4 πŸ’¬ 1 πŸ“Œ 1

No.

20.01.2026 03:10 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
a bald eagle surrounded by stars and stripes and the text "oh my god, what the fuck"

a bald eagle surrounded by stars and stripes and the text "oh my god, what the fuck"

07.01.2026 18:43 πŸ‘ 2181 πŸ” 634 πŸ’¬ 15 πŸ“Œ 39
Post image

Today’s Daily Cartoon, by Teresa Burns Parkhurst. #NewYorkerCartoons

07.01.2026 23:00 πŸ‘ 280 πŸ” 62 πŸ’¬ 2 πŸ“Œ 5
Preview
Jan. 6, 2021: A visual archive of the Capitol attack NPR’s Jan. 6 archive brings together reporting, video, documents and testimony to show what really happened during the Capitol riot. Explore the timeline, cases and evidence behind the attack.

NPR built a visual archive of the Jan. 6, 2021, attack on the Capitol, showing exactly what happened through the lenses of the people who were there. In "Chapter 2: Stop the Steal," we look at how false claims of a stolen election mobilized Trump supporters.

06.01.2026 13:27 πŸ‘ 1151 πŸ” 554 πŸ’¬ 20 πŸ“Œ 76
Preview
Don't get angry, but the 2025 Oxford Word of the Year is 'rage bait' The 2025 selection follows its predecessors, "brain rot" from 2024, "rizz" from 2023 and "goblin mode" from 2022.

The 2025 selection follows its predecessors, "brain rot" from 2024, "rizz" from 2023 and "goblin mode" from 2022.

28.12.2025 13:32 πŸ‘ 188 πŸ” 35 πŸ’¬ 9 πŸ“Œ 8
Preview
What's behind US gov push to 'privatize' cyber operations?

A fresh problem has been pushed to your podcast platforms! @craiu.bsky.social @jags.bsky.social

- Spotify open.spotify.com/episode/68US...

- Apple podcasts.apple.com/us/podcast/w...

Presented by our friends at ThreatLocker 😍

20.12.2025 18:31 πŸ‘ 4 πŸ” 2 πŸ’¬ 0 πŸ“Œ 1
LLMs & Ransomware | An Operational Accelerator, Not a Revolution LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.

AI isn’t reinventing ransomware β€” it’s industrializing it.

That’s the core finding from new @sentinellabs.bsky.social research on how threat actors are actually using LLMs today. s1.ai/llm-rw

17.12.2025 20:07 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Preview
Outgoing GAO chief warns of β€˜taking our foot off the gas’ at CISA Gene Dodaro, who is set to retire from the watchdog at the end of this month, shared final concerns with senators Tuesday about how the government is prioritizing cybersecurity.

Outgoing 15-year head of GAO says he's worried the government is "taking our foot off the gas at CISA" and would "live to regret it." He also said CISA's one-third workforce cut was "obviously untenable" and "they may not be postured" to support the midterm elections. fedscoop.com/cisa-workfor...

17.12.2025 20:30 πŸ‘ 20 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Post image

The BloodHound Query Library, launched by @martinsohn.dk & @joeydreijer.bsky.social, democratizes tradecraft with a shared, searchable ecosystem. With 180+ Cypher queries & counting, the library is an increasingly valuable tool for the BloodHound community!

Browse ➑️ ghst.ly/bql_eoybsky

11.12.2025 23:07 πŸ‘ 2 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Post image

Today’s Daily Cartoon, by Brendan Loper. #NewYorkerCartoons

10.12.2025 00:00 πŸ‘ 78 πŸ” 14 πŸ’¬ 2 πŸ“Œ 0
Preview
An Evening with Claude (Code) - SpecterOps This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.

AI tooling and MCP servers are entering enterprises fast, often faster than security teams can assess the risks.

During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.

πŸ‘€ Read the details: ghst.ly/49ybl4W

21.11.2025 16:33 πŸ‘ 10 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
White Knight Labs: Part 2 - Phillip Wylie About the Guests: Greg Hatcher and John Stigerwalt are co-founders of White Knight Labs, a boutique cybersecurity company specializing in offensive security services and advanced training programs. Greg’s background includes a remarkable career as a Green Beret in the U.S. Army, transitioning into cybersecurity with a focus on penetration testing and red teaming. John’s journey…

White Knight Labs: Part 2

02.12.2025 22:47 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Caffeine raises my heart rate and makes me sweat. Team decaf rise up!!!

01.12.2025 23:53 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
A woodcut of a bird beside the text "OH MY GOD SHUT THE FUCK UP"

A woodcut of a bird beside the text "OH MY GOD SHUT THE FUCK UP"

27.11.2025 22:27 πŸ‘ 561 πŸ” 74 πŸ’¬ 1 πŸ“Œ 10
Post image

A U.S. District Judge has ruled that interim U.S. Attorney Lindsey Halligan (who had no prosecutorial experience before this role) was improperly appointed by the Trump administration, agreeing with Comey’s defense team.

The ruling means that both federal indictments are dismissed. trib.al/WZbNPi9

24.11.2025 22:43 πŸ‘ 101 πŸ” 25 πŸ’¬ 3 πŸ“Œ 0