Matthias's Avatar

Matthias

@grambulf

InfoSec & shitposting English & german Also https://infosec.exchange/@grambulf

58
Followers 172
Following 2
Posts 17.11.2024
Joined
Posts Following

Latest posts by Matthias @grambulf

Preview
Survey about legal and criminal threats experienced by journalists and security researchers Researchers who try to responsibly disclose leaks, vulnerabilities, and other security breaches or mishaps may face legal threats or lawsuits. Similarly, journalists may find themselves threatened wit...

Are you a security researcher or journalist? We want to hear from you! Please take this survey!

DataBreaches.net and myself (at this.weekinsecurity.com) are running this survey to better understand the state of legal demands and criminal threats experienced in cybersecurity.

Please share!

31.12.2025 14:33 πŸ‘ 19 πŸ” 25 πŸ’¬ 2 πŸ“Œ 0
Preview
Ashley Willis The other day I texted my group chat with other leaders outside my organization. The ones I go to when the leadership stuff gets messy and I need perspective fr...

TL;DR

Middle management is hard. Caring is required, but the kind of care you provide matters.

02.12.2025 22:00 πŸ‘ 89 πŸ” 26 πŸ’¬ 8 πŸ“Œ 10
Preview
Comparing CSP-Managed Machine Identities Comparing AWS, Google Cloud, and Microsoft CSP-managed machine identities, risks, and security responsibilities.

πŸŽ‰πŸ₯³My latest whitepaper has been nearly a year in the making and it’s finally out! πŸŽ‰πŸ₯³

A huge thanks to the many friends and colleagues that participated in the review process.

www.vectra.ai/resources/co...

#gcp #aws #msft #NHI #cloudsecurity #multicloud

11.09.2025 20:03 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
10.08.2025 13:14 πŸ‘ 159 πŸ” 17 πŸ’¬ 3 πŸ“Œ 2
The names tiles Static CT API extension Certificate Transparency Policy

Certificate Transparency is meant for browsers and website owners.

However, I estimate a majority of clients is only interested in discovering domain names. I am proposing an optional, less secure, 20x more efficient API for those clients.

With this, a CT log can probably operate with < 1 Gbps.

04.08.2025 11:29 πŸ‘ 35 πŸ” 5 πŸ’¬ 1 πŸ“Œ 0
Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats to Critical Infrastructure. – Committee on Homeland Security

I'll be testifying tomorrow at 10am before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection about Stuxnet and critical infrastructure security. Also on panel will be Rob Lee (Dragos), Tatyana Bolton, and Nate Gleason

21.07.2025 17:27 πŸ‘ 55 πŸ” 8 πŸ’¬ 3 πŸ“Œ 0

When I was little, the U.S. military came to our home at gunpoint and took me and my family away. We were imprisoned for years in barbed wire camps simply because we were Japanese American. I have spent my life telling that story, hoping it would never be repeated.

21.07.2025 17:20 πŸ‘ 68820 πŸ” 21014 πŸ’¬ 1578 πŸ“Œ 750
A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.

A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.

An out-of-schedule update to my quantum landscape chart: sam-jaques.appspot.com/quantum_land..., prompted by
@craiggidney.bsky.social 's new paper: arxiv.org/abs/2505.15917.

A startling jump (20x) in how easy quantum factoring can be!

Also: much improved web design!

19.06.2025 18:52 πŸ‘ 61 πŸ” 26 πŸ’¬ 3 πŸ“Œ 0

It’s a good thing Congress isn’t alive to see this

22.06.2025 00:47 πŸ‘ 63724 πŸ” 14372 πŸ’¬ 813 πŸ“Œ 584
The skywatch account lists

The skywatch account lists

The maga list

The maga list

The block accounts button

The block accounts button

Bluesky is not twitter because we block losers before we even see their sad attention seeking. Think of it as vaccinating your account. Here’s an example:

1. Go to @skywatch.blue
2. Tap Lists and scroll down to MAGA
3. Tap subscribe & then block accounts.
4. All the magas now rot on the vine

19.06.2025 01:47 πŸ‘ 325 πŸ” 132 πŸ’¬ 37 πŸ“Œ 18
Preview
Ashley Willis TL;DR This one’s a bit of a ramble because I care a lot about this topic. So here’s the TL;DR for anyone who doesn’t have the energy (or executive function) to ...

New blog: I’ll admit, this one’s a bit of a ramble, mostly because I care a lot about how we give feedback, how we receive it, and why it so often feels like an attack (even when it isn’t).

TL;DR: Feedback is care, when it’s done with intention.

ashley.dev/posts/feedba...

17.06.2025 00:54 πŸ‘ 116 πŸ” 22 πŸ’¬ 8 πŸ“Œ 4

Whoever this β€œJenkins” bastard is, they have access to everything! Begin the incident response immediately.

17.06.2025 14:49 πŸ‘ 58 πŸ” 1 πŸ’¬ 3 πŸ“Œ 0

CUT MY LIST IN TWO PIECES

THAT’S HOW YOU START QUICKSORT

31.05.2025 02:21 πŸ‘ 1268 πŸ” 250 πŸ’¬ 14 πŸ“Œ 7
Post image

My talk, 'Security Champion Worst Practices', from @ndc_conferences, is now available on YouTube!

https://twp.ai/9PRKFn

25.05.2025 20:48 πŸ‘ 20 πŸ” 3 πŸ’¬ 2 πŸ“Œ 0

The event went smoothly despite the storms; there was a minor power outage. The youth had a great time and the free photo booth was a hit. I see why my friend does this and I hope to join him again.

We're still fundraising for the organizers (not ourselves; so far only we have donated) here:

17.05.2025 13:47 πŸ‘ 30 πŸ” 6 πŸ’¬ 3 πŸ“Œ 0
Kubernetes v1.33: Octarine Editors: Agustina Barbetta, Aakanksha Bhende, Udi Hofesh, Ryota Sawada, Sneha Yadav Similar to previous releases, the release of Kubernetes v1.33 introduces new stable, beta, and alpha features. The c...

Another one in the books! Kubernetes v1.33: Octarine is live. Congratulations to the release team!

kubernetes.io/blog/2025/04...

23.04.2025 18:51 πŸ‘ 36 πŸ” 9 πŸ’¬ 0 πŸ“Œ 1

I’m launching SVE next week: Sean’s Vulnerability Emotes. SVEs will be rated on a scale of πŸ€¨πŸ˜•β˜ΉοΈπŸ˜°πŸ˜±πŸ’€β˜ οΈ

15.04.2025 21:57 πŸ‘ 17 πŸ” 3 πŸ’¬ 2 πŸ“Œ 1

Nginx doesn't actually load balance; it simply convinces backend servers they're handling less traffic through subtle psychological manipulation.

02.04.2025 11:55 πŸ‘ 93 πŸ” 11 πŸ’¬ 7 πŸ“Œ 0
Post image

Truest meme I've seen in a long time

29.03.2025 19:14 πŸ‘ 1580 πŸ” 212 πŸ’¬ 18 πŸ“Œ 6

Use Signal; use Tor.

Wait, not like that.

24.03.2025 18:14 πŸ‘ 65 πŸ” 10 πŸ’¬ 4 πŸ“Œ 0

Did you know Mortal Kombat is based off of Scandinavian Folkore?

It's a Finnish Hymn.

11.03.2025 18:19 πŸ‘ 66 πŸ” 9 πŸ’¬ 3 πŸ“Œ 0

No matter what the US does, the rest of the world is going to spend the next twenty years dismantling US power and influence because we are too dangerous and unreliable to maintain it.

09.03.2025 06:24 πŸ‘ 961 πŸ” 186 πŸ’¬ 14 πŸ“Œ 19
Preview
Camille Fournier: books, biography, latest update Follow Camille Fournier and explore their bibliography from Amazon's Camille Fournier Author Page.

It's international women's day and that means it's the day I self-promote! I've written a few good books including my most recent on Platform Engineering, check them out here!
amzn.to/3QYGaoB

08.03.2025 19:04 πŸ‘ 125 πŸ” 37 πŸ’¬ 6 πŸ“Œ 2

If you've been following #BlackBasta (and the recent leak), this thread might be of interest.

Last December, out of the blue, a source reached out to me (and, as I was to find out, to @valerymarchive.bsky.social as well) offering to doxx the leader of that ransomware-operation, known as "tramp".

01.03.2025 11:47 πŸ‘ 34 πŸ” 15 πŸ’¬ 1 πŸ“Œ 1
The German debt brake is stupid! Welcome to one of my political posts. This blog post should rightfully be titled "the German debt brake is stupid, and if you support it, so...

The German debt brake is stupid.

Blog post.

addxorrol.blogspot.com/2025/03/the-...

02.03.2025 14:38 πŸ‘ 16 πŸ” 5 πŸ’¬ 3 πŸ“Œ 0

Good thread on the German election today.

23.02.2025 18:36 πŸ‘ 2 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0